Component 9; Unit 9: Privacy, Confidentiality, and Security Issues and Standards
Description:
This unit explores issues related to creating an environment in which to transport data in a secure manner that ensures privacy and confidentiality.
Objectives:
- Explain the concepts of privacy and confidentiality requirements and policies and learn how to implement the requirements
- Describe how to secure data storage and transmission using data encryption, signatures, validation, non-repudiation, and integrity (PKI, certificates, and security protocols)
- Define access control methods
- Analyze access restrictions to data storage and retrieval (physical and software)
Component 9; Unit 9; Lecture 9a comp9_unit9a_lecture_slides
Security Concepts
Component 9; Unit 9; Lecture 9b comp9_unit9b_lecture_slides
Access Control
Suggested Readings
Microsoft – The Latest in Computer Security. This site contains information about security products, updates, tools and news. http://www.microsoft.com/security/default.aspx
Orange Book Certification. This site contains the criteria for obtaining Orange Book certification. They also explain the different levels of Orange Book certification. ftp://ftp.all.kernel.org/pub/linux/libs/security/Orange-Linux/refs/Orange/OrangeI-II.html#toc5
Encryption. This article contains information about encryption, symmetric and asymmetric. http://www.encryptionanddecryption.com/encryption/
Tutorial: An introduction to Public Key Infrastructure (PKI).
This video is a tutorial about PKI. It explains the different pieces of the infrastructure including certificates and keys. 9 minutes and 34 seconds long. http://www.youtube.com/watch?v=EizeExsarH8
How
to Choose a Good Password (And Why You
Should). This
article contains information about what you should do and what you shouldn’t do
with passwords. It also includes
information about why you should do these things.
http://www.mit.edu/afs/sipb/project/doc/passwords/passwords.html
Guidelines for Strong Passwords. This article discusses how to create strong passwords along with examples of weak passwords. http://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords
Security Policies. These sites discuss the use of security policies in an organization. The SANS site includes policy templates. http://www.sans.org/security-resources/policies/ http://www.symantec.com/connect/articles/introduction-security-policies-part-one-overview-policies
HIPPA. Information about HIPPA including who must follow the law, what information is protected, what rights does the law provide to consumers and who can look at your health information. http://www.hhs.gov/ocr/privacy/
Assuring the Privacy and Security of Transmitting Sensitive Electronic Health Information. This article discusses concerns about the security of transferring health information. Includes case studies. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2815468/?tool=pubmed
Social Networking and the Medical Practice: Guidelines for Physicians, Office Staff and Patients. These guidelines were produced by the Ohio State Medical Association.http://www.osma.org/files/documents/tools-and-resources/running-a-practice/social-media-policy.pdf
2009 Global Life Sciences & Health Care Security Study. Findings from a 2009 study on cyber security, privacy and data protection. http://it.ouhsc.edu/services/infosecurity/documents/WP_ERS_SP_GSS_LSHC_final_low.pdf
Proposed HIPPA Rule Change. On July 8, 2010 HISS announced a proposed change to HIPPA that would affect the privacy, security and enforcement rules. This pdf is the proposed change. “http://www.himss.org/handouts/20100714_ProposedRegsHHS.pdf” MACROBUTTON HtmlResAnchor http://www.himss.org/handouts/20100714_ProposedRegsHHS.pdf