Electronic Security, Privacy, and Confidentiality by

Electronic Security, Privacy, and Confidentiality by https://padlet.com/tammyrader60/mo5jugolimu5 NUR 353- Team 3: Tamara Rader, Gilberto Mendoza, Sandra Vinson, Yaritza Roman en-us 2019-09-25 19:10:27 UTC 2025-12-28 03:39:43 UTC hello@padlet.com Securing Network Information tammyrader60 https://padlet.com/tammyrader60/mo5jugolimu5/wish/388891653 Physical, technical and administrative safeguards are in place to protect the privacy, security and integrity of recorded patient information, while at the same time allowing appropriate access to health providers for the care and management of patients. Physical safeguards include device isolation, allowing direct physical access only to authorized personnel; data backup and maintaining copies, emergency contingency protocols, and proper device disposal. Technical safeguards include firewalls and secure transmission modes for communication such as virtual private networks (VPN) or secure sockets layer (SSL), and encryption techniques. ]]> 2019-09-24 14:55:58 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/388891653 Keeping Your Electronic Health Information Secure tammyrader60 https://padlet.com/tammyrader60/mo5jugolimu5/wish/388893786 Most of us feel that our health information is private and should be protected. The federal government put in place the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to ensure you have rights over your own health information, no matter what form it is in. The government also created the HIPAA Security Rule to require specific protections to safeguard your electronic health information. A few possible measures that can be built in to EHR systems may include: “Access control” tools like passwords and PIN numbers, to help limit access to your information to authorized individuals. “Encrypting” your stored information. That means your health information cannot be read or understood except by those using a system that can “decrypt” it with a “key.” An “audit trail” feature, which records who accessed your information, what changes were made and when. •••Finally, federal law requires doctors, hospitals, and other health care providers to notify you of a “breach.” The law also requires the health care provider to notify the Secretary of Health and Human Services. If a breach affects more than 500 residents of a state or jurisdiction, the health care provider must also notify prominent media outlets serving the state or jurisdiction. This requirement helps patients know if something has gone wrong with the protection of their information and helps keep providers accountable for EHR protection. ]]> 2019-09-24 14:58:21 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/388893786 Security Tools tammyrader60 https://padlet.com/tammyrader60/mo5jugolimu5/wish/388896525

]]> 2019-09-24 15:01:43 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/388896525 Identity Authentication: Guidance and Risk Analysis gmendoz https://padlet.com/tammyrader60/mo5jugolimu5/wish/389195934 Summary of Identity Authentication the document covers identity authentication primarily in the section on tokens but other sections are also relevant. There are three factors as the cornerstone of identity authentication: Something you know (for example, a password) Something you have (for example, an ID badge or a cryptographic key) Something you are (for example, a fingerprint or other bio-metric data) Multi-factor authentication refers to the use of more than one of the factors listed above, which requires to reach a high level of confidence in authentication. At least one of the factors must contain a secret that is securely presented to the electronic process that is verifying the user’s identity. A second factor can be used to protect or activate the first, so that a bio-metric such as a fingerprint can be incorporated in this way.]]> 2019-09-25 01:27:19 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/389195934 What is an Appropriate Level of Authentication for Online Patient Access to Health Information? gmendoz https://padlet.com/tammyrader60/mo5jugolimu5/wish/389196807 When a patient first gets set up with a login for a healthcare application, like a patient portal or healthcare mobile app, there is a belief among some that this initial access setup needs to happen in person. While this is an option, it’s not a requirement. A simpler, alternative option is for a patient to provide an email address either in person or by phone for where the registration invitation will be sent. This is a step up from most setup authentications on the web, where the email address is entered into a registration form. Patients could also register autonomously, also referred to as self-registration, by asking the patient challenge questions produced by a 3rd party such as IDology.

While these two options are less secure than in-person authentication, these options may be preferred for convenience purposes. By simplifying the process for gaining access to the patient portal, a provider can boost portal use to gain benefits such as improved patient engagement, more efficient appointment scheduling and cancellations, and enhanced treatment plan adherence. The main takeaway is to set up procedures that verify that the person requesting access to ePHI is who he or she claims to be.

At Bridge Patient Portal, one of the most common complaints made by healthcare organizations using other patient portals, typically bundled with their EHR vendor, is the cumbersome process patients must go through to register.

]]> 2019-09-25 01:30:09 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/389196807 gmendoz https://padlet.com/tammyrader60/mo5jugolimu5/wish/389199625 2019-09-25 01:39:54 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/389199625 Nurses are key tools in protecting patients' healthcare security. tammyrader60 https://padlet.com/tammyrader60/mo5jugolimu5/wish/389727863 -What is your role as a nurse in protecting patient healthcare information?

-Do you think patient confidentiality is compromised with the Electronic Health Record?

- In your opinion, are patient portals or electronic health records (EHR) secure?

]]> 2019-09-25 20:14:20 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/389727863 tammyrader60 https://padlet.com/tammyrader60/mo5jugolimu5/wish/389732636 2019-09-25 20:26:56 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/389732636 Medical Device Cyber Security tammyrader60 https://padlet.com/tammyrader60/mo5jugolimu5/wish/391067280 Managing threats and cost]]> 2019-09-29 19:36:44 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/391067280 sandyrn03 https://padlet.com/tammyrader60/mo5jugolimu5/wish/391090743 Portable devices in healthcare can include IPAD’s, smart phones and laptops. These devices allow quick access to a patient’s health information (PHI). With the use of portable devices Physicians and other healthcare providers can manage and expedite decisions in treatment for their patients. This convenient accessibility comes with great risk. Data Breaches have become one of healthcare’s largest liabilities.

Major risk with portable devices include lost or stolen device, downloading viruses, unsecured internet/malware and allowing others to use your device. The State Attorney General and HIPPA are monitoring and prosecuting for HIPPA violations. These breaches can cost a healthcare entity into the millions depending on the severity of the breach. Now that hospitals are adopting the Bring your Own Device (BYOB) policy it is imperative for them to protect every patient’s EHR.

]]> 2019-09-29 22:21:10 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/391090743 sandyrn03 https://padlet.com/tammyrader60/mo5jugolimu5/wish/391091166 2019-09-29 22:24:33 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/391091166 sandyrn03 https://padlet.com/tammyrader60/mo5jugolimu5/wish/391091277 2019-09-29 22:25:35 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/391091277 sandyrn03 https://padlet.com/tammyrader60/mo5jugolimu5/wish/391093113 2019-09-29 22:42:00 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/391093113 sandyrn03 https://padlet.com/tammyrader60/mo5jugolimu5/wish/391093874 2019-09-29 22:48:09 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/391093874 yaritzarn https://padlet.com/tammyrader60/mo5jugolimu5/wish/391139130 Threats to data security in healthcare organizations are becoming a widespread problem. According to a nationwide survey by the Computing Technology Industry Association (CompTIA) human error is responsible for more than half of the security breaches. Examples are carelessness and lack of website experience. The negligent insider is the most common source of a security breach, this includes lost or stolen devices or simply walking away from a work computer without logging off.
Proper workspace security discipline is crucial in maintaining security. Employees need to be trained to be aware of computer monitor visibility, shoulder surfing and policies regarding the removal of computer hardware.
The most common security threats in corporations are hackers, malicious code and malicious insiders.
A new threat to healthcare organizations is ransomware, malicious code that blocks the organization from using their computer systems until a ransom is paid to the hacker. Another huge threat to corporate security is social engineering, for example, someone attempting to access a network might pretend to be an employee from IT office and asks for your ID and password. The outsider can then gain access to the corporate network. ]]> 2019-09-30 03:43:39 UTC https://padlet.com/tammyrader60/mo5jugolimu5/wish/391139130