information security is for everyone by jill burrington-brown, ms, rhia

Information Security Is for Everyone

By Jill Burrington-Brown, MS, RHIA

Setting the Standard for Security

• Electronic health information must be confidential, have integrity, and be available.

• Each provider must protect against threats or hazards to the security of the information.

Practical Security Safeguards

• For our system• At our workstation• When using e-mail

and the Internet

Safeguarding Our System

What Are the Potential Risks to Our System?

• Theft

• Vandalism

• Snooping

• Environment

How Can We Minimize the Risks?

Protect Physical Access• Control location• Lock equipment• Use screen filters• Label laptops• Lock or shut down

Protecting System Access

• Identifying

Who are you?

• Authenticating

Something you know

Something you have

Something you are

Protecting System Access…

• Authorizing

Rights and permissions

• Accounting

Audit trails and logs

Protecting System Access

Manage your Password!

• Choose a strong password!

• Don’t share it with anyone!

• Don’t write it down on a Post-It!

• Don’t “Save This Password!”

Protecting System Access…

• Remove default passwords

• Control software loaded on system

• Remove unused software

• Consider automatic log-off

• Consider encryption for sending sensitive information

Minimizing the Risks….

Education of the WorkforceWho are the• Data owners• Data users• Data custodians• And what can they do?

Minimizing the Risks….

Anticipate Environmental Hazards• Power outages/spikes• Fire• Flood

How About the Internet?

• Downloading information

• E-mail

Downloading Information

• Freeware• Shareware

Be careful: some of these programs create vulnerability to viruses, unexpected software interactions, and subversion of security controls, and may violate your licensure agreements if you don’t purchase the software.

E-mail

• Don’t open attachments from someone you don’t know

• Don’t open attachments from someone you do know if the message seems strange

Your PC

The only safe PC is a powered-off PCTwo thirds of all hacking is INTERNALMost hacking activity takes place off-hours

There is no such thing as a 100 percent secure system or network, but we can work toward better security practices.

Your HIM Professionals Are a Valuable Resource!

Working together wecan manage theprivacy and securityof health information.

Sponsored by

© 2003 AHIMA