A Framework for Health Information Technology and Network Security

62 %
38 %
Information about A Framework for Health Information Technology and Network Security
Health & Medicine

Published on February 18, 2014

Author: jhorsager

Source: slideshare.net


Health information systems and network security infrastructure: a framework for securing HIT systems, networks, and HINs (internetworks).

Health Information Systems and Network Security A Framework for Securing HIT Infrastructure

Security Goals 1. Protect PHI by empowering individuals to control access to their own healthcare information. 2. Allow only fully authenticated and authorized individuals access to data. 3. Preserve integrity of network data. 4. Hold users and organizations accountable for network actions. 5. Hold each node in a network accountable for the security of the data in its custody. 6. Enable the formation of larger scale networks by securely linking together health information networks (HINs). (NHIN Project/HIPAA/Markle Common Framework for Private and Secure HIE)

Security Framework (Kailar, Rajashekar 2007)

Environmental Assumptions ID Assumption Justification A1 Intermediary Legally binding agreements A2 Providers Legally binding agreements, and doctor/patient relationships A3 Data Repositories Legally binding agreements

Security Requirements ID Security Requirements R1 Only authorized and authenticated systems shall be targets of network queries R2 Only authorized and authenticated users shall request data over the network R3 Data integrity shall be preserved within all nodes and over the network R4 Data confidentiality shall be protected over the network R5 All access to healthcare data shall be traceable to an individual or organization R6 Where applicable patient shall specify access to PHI (rules enforced on all nodes) R7 Requests originating in another trust domain shall be authenticated and authorized R8 Data and system integrity shall be preserved at each node in the network

Security Mechanisms ID Security Mechanism Mapping M1 User identity management R2, R4 M2 User authentication R2, R4, R6 M3 User authorization R5 M4 Auditing R5 M5 Anonymization R4 M6 Secure messaging R1, R2, R3, R4 M7 Consent management R6 M8 Inter-domain security R7 M9 System availability and integrity protection R8

Security Threats and Countermeasures ID Security Mechanism Countermeasure Mapping T1 Unauthorized user/system produces data Identification/authentication M1, M2 T2 Unauthorized user/system consumes data Identification/authentication/access control M1, M2, M5, M6, M7, M8 T3 Data integrity compromised at Network, OS, application, and database controls at each node M1, M2, M9 T4 Data integrity compromised over network Integrity protection (MD5, hash, checksum) M6, A1 T5 Data confidentiality compromised over network Encryption over network (SSL) M6, M7, A1 T6 Information compromised by valid user Audit, organization binding, responsibility M4, A1, A2, A3 T7 Virus, spyware Anti-virus, firewall, intrusion detection system (IDS) M6, M9 T8 Denial of service IDS, firewall, application M6 T9 Identity spoofing Client certificate based auth. (two-way SSL) M1, M6 consumer/producer/intermediary level (consumer/producer/intermediary)

Add a comment

Related presentations

Related pages

The Security Framework for Information Technology

The Security Framework for Information Technology. Most of the damage to Information Technology (IT) security ... security framework and/or IT security ...
Read more

Nationwide Health Information Network | Policy Researchers ...

National Privacy & Security Framework; ... Coordinator for Health Information Technology ... of the Nationwide Health Information Network ...
Read more

Nationwide Privacy and Security Framework for Electronic ...

... of health information technology ... health information through a network. ... Health Information (Privacy and Security Framework ...
Read more

Connected Health Framework

Connected Health Framework ... you optimize information and communication technology ... solutions for health information networks ranging ...
Read more

IT security frameworks and standards: Choosing the right one

... on how to choose an IT security framework. ... Network Security; Government IT security; ... in health care information technology.
Read more

Organization develops health care security framework

An effort to create a common security framework for the health care ... and an information security ... From new technology projects to ...
Read more

A Health Information Technology Framework For The ...

A Health Information Technology Framework For The ... The Certification Commission for Health Information Technology ... strong privacy and security ...
Read more

Health Information Technology | HHS.gov

Health information technology ... The Privacy and Security Toolkit implements the principles in The Nationwide Privacy and Security Framework for ...
Read more

Health information technology - Wikipedia, the free ...

Concepts and Definitions. Health information technology (HIT) is “the application of information processing involving both computer hardware and software ...
Read more

Comprehensive Privacy and Security: Critical for Health ...

Health information technology (health ... security.12 These network ... security framework for the e‑health
Read more