Get documents about "Free Employment Confidentiality Application Form
Description
Free Employment Confidentiality Application Form document sample
Document Sample
Confidentiality, Privacy, and
Security
William A. Yasnoff, MD, PhD
Oregon Health Division
1
Overview
Definitions
Fair Information Practices
Policies and Procedures
Legislation
Authentication
Encryption
Firewalls
WWW security
2
Definitions
PRIVACY: The right of individuals to
hold information about themselves in
secret, free from the knowledge of others.
3
Definitions (continued)
CONFIDENTIALITY: The assurance
that information about identifiable
persons, the release of which would
constitute an invasion of privacy for any
individual, will not be disclosed without
consent except as allowed by law.
4
Definitions (continued)
SECURITY: The mechanisms by which
confidentiality policies are implemented
in computer systems, including
provisions for:
– Access control
– Integrity
– Availability
5
Definitions (continued)
IDENTIFIABLE INFORMATION: Any
information, including but not limited to
demographic information, which will
identify or may reasonably lead to the
identification of one or more specific
individuals.
6
Definitions (continued)
CONFIDENTIAL DATABASE: Any
collection or grouping of information
about individuals maintained by the
Division in electronic form which is not
comprised solely of public records
subject to release on request, and the
release of which could represent a breach
of confidentiality. ...
7
Definitions (continued)
. . . Such information includes, but is not
limited to demographic information,
medical or testing histories, clinical
information, employment or financial
status, the results of special studies,
participation in or exclusion from
specific programs, sources of . . .
8
Definitions (continued)
.. . information, or new collections of
information derived from the linkage of
one or more previously existing
confidential databases.
9
Fair Information Practices
Relevance
Integrity
Written Purpose
Need-to-Know Access
Correction
Consent
10
1. Relevance
Allinformation collected should be
necessary and relevant to public health
or required by law.
– individuals entitled to privacy
– benefits of information should outweigh
privacy concerns
– collection not overly burdensome, intrusive,
or coercive
11
2. Integrity
The integrity of information should be
protected.
– prevent loss, interception, misuse
– maintain accurate, complete, timely data
– no unauthorized alteration or destruction
12
3. Written Purpose
information collected should be
All
consistent with written public health
purposes and/or required by law.
– databases must have written purpose(s)
– usage restricted to stated purpose(s)
– linkage of databases considered a new
database
13
4. Need-to-Know Access
confidential information should be
All
accessible only on a need-to-know basis,
both internally and externally.
– confidentiality agreements for all personnel
– access terminated when duties change
– no redisclosure
– external release for research requires IRB
approval
14
5. Correction
Individuals should have access to
information about themselves and the
ability to correct this information to the
extent allowed by law.
– maintain public list of all databases
» name of database
» description of information included
» information sources (non-confidential)
– disputed data must be marked
15
6. Consent
Information must be collected with the
consent of the individual except as
required by law.
– informed consent
» purpose of information collection
» data protections in place
» consequences of withholding information
– no consent if waived by law
16
Confidentiality Policies
FairInformation Practices
Data Release Restrictions
Personnel Agreements
17
Data Release Restrictions
Release without review is restricted
Denominator > 50 [population data]
Denominator > 10 [cohort data]
18
Personnel Issues
Allpersonnel to sign confidentiality
agreements periodically
Special provisions for data system
administrators
19
Confidentiality Provisions
Definition of confidential information
Need-to-know access only
No redisclosure
If questions, ask supervisor
Breach will result in disciplinary action
Confidentiality must be maintained
indefinitely
20
Data System Administrators
Information used only as needed for
administration of computer system
Access granted to others only in
accordance with established policies and
procedures
Disciplinary action for violations may be
termination on first offense
21
Legislation
Insurance Portability and
Health
Accountability Act (HIPAA) [1996]
– privacy standards by August 1997
– security standards by February 1998
– universal health identifier
FairHealth Information Practices (bill
introduced in 105th Congress)
22
Security
Authentication
Encryption
Firewalls
WWW
23
Authentication
Who are you talking to?
Methods
– what the user knows (password)
– what the user has (smartcard)
– what the user is (biometrics)
24
Passwords
Longer is better
Never use dictionary words
word1;word2 is good working model
Never write or store passwords
On network, passwords often travel in the
clear
25
End-to-End Authentication
Cryptography based
Challenge-response
– response generated with encryption
– challenge varies to defeat interception
Time synchronized
– password depends on time of day
– user-carried device generates password
– good for system administrators
26
Kerberos
User asks “key server” for access to
target system
Key server creates message, encrypts
with user key, sends
User decrypts message, then encrypts
with “access key” of target system
Key server sends “session key” to user
and target system (both encrypted)
27
Kerberos
Key server must be secure
Allows mediation by third party of access
among multiple systems
Potential model for electronic medical
record exchange
Developed at MIT
28
Cryptography
Convert plaintext into message readable
only with “key”
DES = data encryption standard
– 64 bit message
– 56 bit key
– uses repeated substitution, transposition
– breakable in reasonable time with large
computer system (31 hrs @ $100K, 20
minutes @ $10 MM)
29
Cryptography
Triple-DES
– apply DES three times
– three different keys (168 bits total)
– now used for automated teller transactions
30
Public Key Cryptography
Public Key
– in phone directory
Private Key
– known only to recipient
Message encrypted with either key can
be decrypted with the other
– sender encrypts with one key, receiver
decrypts with the other key
31
RSA Cryptography
Public key is product p x q
Private key is factors p, q
Security derived from difficulty in
computing factors p, q if pq is large
Larger key size provides more security
32
Firewalls
Separate, dedicated computer system
Filters packets based on source and/or
destination
Mount disks read only
Eliminate all unnecessary commands and
services
Minimum number of user accounts
33
Firewalls as Proxy Servers
Firewall connects to outside system, not
your system
By acting as your “proxy”, your system
is protected from the outside system
Can be used for
– telnet (session)
– ftp (file transfer)
34
Intrusion Detection
Look for unusual access patterns or
activity
Types of evaluation
– statistical
– rule-based
Example: lock account after 3 failed
login attempts
Assume all systems are subject to
attempted unauthorized use
35
WWW Security
serverscripts (Java) can execute
programs on your machine!
Types of WWW security
– SSL = secure sockets layer
» secure “pipe” between two machines
» transparent to application
– S-HTTP = secure HTTP
» secure “envelopes” for messages
» built into browsers
36
Security Pearls
Back up key files
Use encryption on sensitive data
Use good passwords
Network security requires expertise
– authentication
– encryption
– firewalls
37
Related docs
Other docs by tvm12625
