Use of the Internet has resulted in recognition that information technology security is of major importance to our society. This concern seems relatively new in healthcare, but information technology security is a well established domain. A large body of knowledge exists that can be applied to protect healthcare information. A general understanding of security can be obtained by understanding:
1. Security Components
2. Security Principles
3. Threats, Vulnerabilities, Control Measures and Information Assurance 4. Achieving Information Security: Administrative, Physical, Technical Safeguards
Security is achieved by addressing its components: confidentiality, integrity, availability and accountability.
1. Confidentiality is the property that data or information is not made available or disclosed to unauthorized persons or processes. 2. Integrity is the property that data or information have not been altered or destroyed in an unauthorized manner.
3. Availability is the property that data or information is accessible and useable upon demand by an authorized person.
4. Accountability is the ability to audit the actions of all parties and processes which interact with the information and to determine if the actions are appropriate.
Numerous threats exist to computer systems and the information they contain originating from within and outside organizations. Some common threats include malicious code such as viruses, Trojan horses, or worms. Malicious code often takes advantage of vulnerabilities in operating system software but depends, too, upon organizational weaknesses such as the failure to deploy, update or train workers in the use of antivirus software. Malicious code may enable denial of service attacks, impersonation, information theft and other intrusions. Attacks by famous malicious code such as the Melissa or Lovebug viruses highlight the threat of “hackers”, outsiders with intent to harm specific organizations or network operations in general. Insiders with privileged access to network operations and a grudge against their employer actually wreak the most harm to say nothing ill of trained workers not intentionalyy making mistakes
Two kinds of privacy issues for computer science research have been identified: those inherent in applications of developing technology and those related to information practices needed in the development of technology. New efforts in “privacy technology” attempt to protect individual privacy while permitting the collection, sharing and uses of person-specific information. This research addresses two major concerns: disclosure of individually identifiable sensitive information by the linkage of information with other publicly available databases, and the use of information obtained for one purpose for another purpose. Threats to Homeland Security have made considerable funding available to investigate this topic in order to support bio-terrorism surveillance and protect individual privacy. For example, Sweeney and colleagues at Carnegie-Mellon University have built “CertBox” to provide privacy protection in biosurveillance. “Emergency room visits and other healthcare encounters will be reported daily to the state’s public health department under the authority of public health law. Collected health information will be filtered in real-time by a self-contained machine called a CertBox, which automatically edits combinations of fields (often demographics) so that released information relates to many people ambiguously. Settings are preset for a specific population and set of data fields and then sealed to prohibit tampering. CertBox technology de-identifies health information in accordance to the scientific standard of de-identification allowed under HIPAA. The resulting de-identified data is then shared with bio-terrorism surveillance systems. CertBox technology (more generally termed a “privacy appliance” by DARPA) allows...
Please join StudyMode to read the full document