Week 2: Health Information Systems, Privacy, Security, and Ethical Considerations Flashcards
What are the 3 key systems?
- networks
- internet
- web services and interfaces
What are networks?
- computers must network or connect with each other to transmit data from one computer to another
- many different types of network connections are possible, with the potential for an unlimited number of computers linked together
- most medical data are segregated into small networks that are not shared widely
What are the 4 main types of networks?
- personal area networks (PANs)
- local area networks (LANs)
- wide or global area networks (WANs, GANs)
- virtual private networks (VPNs)
What are personal area networks (PANs)?
- close proximity networks usually to connect accessories
- low power requirements
- fast connectivity
- security issues with wireless networks
What are some examples of personal area networks (PANs)?
- computer accessories (keyboards)
- wireless headsets
- printers
- phones
- wrist-band fitness devices
What are some examples of wireless personal area networks (PANs)?
- bluetooth
- infrared devices
What are local area networks (LANs)?
- typically seen in offices or hospitals to share data, accessories, and other resources
- larger networks require hubs or routers to process and send data to the correct devices
- can be expensive to create large LANs but useful for small projects
What are some examples of local area networks (LANs)?
- pharmacy with 6 computers, 3 printers, 2 scanners, and 1 fax machine can be on one LAN
- internet cafe with 10 computers connected together
What are wireless (WiFi) networks (WLANs)?
- slower and more expensive than LAN, but easier to install
- does not require any hubs (can just connect), but needs a router
- can be one part of a larger LAN, or can connect multiple LANs together
What are some examples of wireless (WiFi) networks (WLANs)?
- hospital with 50 computers connected to a LAN, with 20 tablets/phones connected via WLAN
What are wide area networks (WANs)?
networks that extend beyond cities or countries
- connects multiple LANs together
What are some examples of wide area networks (WANs)?
- Health Authority network connecting all of the records across multiple hospitals
What are global area networks (GANs)?
networks connected with other networks with ‘unlimited’ geographic area
- bigger than WANs
What are some examples of global area networks (GANs)?
- internet
What are virtual private networks (VPNs)?
- shares a private LAN or WLAN with other users
- requires multiple levels of authentication
- data is encrypted by sender and decrypted at receiver
What are some examples of virtual private networks (VPNs)?
- accessing patient charts from your work computer via home computer
What is bandwidth?
capacity to transmit packets of data
What is packet loss?
packets of data that do not make it to the destination
- different data standards mean sometimes lost packets are not resent
- ie. live streaming video
What is latency or delay?
delay in receiving a packet, or lag
What is the internet?
largest and most important global network of networks
Why is the internet the preferred network for accessing and transmitting data?
- large scale use and availability
- bandwidth capability
- ability to layer other technologies and standards
What is the Advanced Research Projects Agency Network (ARPANET)?
program to connect universities and research organizations together (1960s)
What is the world wide web?
- operates on top of the internet via web browsers
- browsers are able to connect and translate content on a screen for users to view
What is service-oriented architecture?
aims to configure software systems to maximize efficiency, reduce redundancy, and minimize errors and costs
- requires splitting up activities in the system, then re-integrating them using a shared/standardized way
What are the 3 benefits that a service-oriented architecture will enable?
- reduction in paperwork and data-entry activities
- consistent information across the entire system
- faster responses to any future system changes and implementation of new capabilities
What are some examples of how service-oriented architecture could be used in healthcare?
- downloading patient info from PharmaNet saves us from typing in all the information again
- you have one central printer that you want everybody in the building to use
- you have multiple different screens to do your tasks (pharmacy system, drug ordering website from the wholesaler, browser with your clinical resources)
- you want to create a pharmacy-patient system to increase refill compliance: refill reminders are sent to the patient via mobile app, refills can then be ordered via same mobile app, Rx is automatically queued for filling at the pharmacy, counting machine dispenses the product, patient is notified when the refill is ready for pickup
What is the best way to combat patient concerns?
by providing good tech-enabled care and perceived high-quality care
What ultimately prevents adoption and interoperability in health?
permissions and liability become a significant issue
What are the 3 pillars of security?
- confidentiality
- availability
- integrity
Pillars of Security
What is confidentiality most easily identifiable with?
healthcare
Pillars of Security
What is the goal of confidentiality?
prevent data loss
Pillars of Security
What are the methods of confidentiality?
usernames, passwords, encryption, etc.
Pillars of Security
What can confidentiality be caused by?
- carelessness of the user (exposing passwords, using insecure passwords, opting out of enhanced security protocols, etc.)
- malicious attacks
- etc.
Pillars of Security
What is the goal of availability?
system and network availability during unexpected outages
Pillars of Security
What are the methods of availability?
- backup generators or power supplies
- backup files
Pillars of Security
What can availability be attributed to?
malicious attacks or viruses intended to cause outages or other natural or accidental issues (ie. fire)
Pillars of Security
What is the goal of integrity?
maintain trustworthiness and permanence of data
Pillars of Security
What are the methods of integrity?
data backup and archival tools
Pillars of Security
What can integrity be caused by?
- data corruption
- malicious data manipulation
- data loss by natural or other causes
What are security tools that can help maintain the 3 pillars of security?
tools designed to deter and prevent access
- firewall
- access control lists
- authentication
- monitoring and auditing systems
What are some of the many different and innovative ways for authentication?
- smart card technologies, tokens, username and password
- biometrics and physical user identifiers – fingerprint, retinal scan, voice imprint, facial recognition, etc.
What are 3 reasons why a system may have varying levels/degrees of authentication?
- sensitivity of data
- system capabilities
- resources available pay for the upkeep
What are 3 ways to ensure authentication?
- biometrics
- single sign on
- smart card systems
How do biometrics ensure authentication?
- fingerprint
- retinal scan
- voice imprint
- facial recognition
- etc.
What is simple sign on?
one set of credentials to access many of the logins one uses everyday securely
- ie. Gmail, Facebook, Apple ID, etc.
- third-party password managers have a similar concept
What are smart card systems?
vital information with a self-contained processor and memory
- low cost, ease of use, portability and durability, and ability to support multiple applications
- encrypted patient information, biometric signatures and personal identification (PIN)
- but lack of standardization and ability to positively identify or confirm identity (ie. if you lost your card and someone used it)
What is a digital signature?
digital certificate – different keys are used to create and verify digital signature
- sender’s private key
- sender’s public key
computer receives message by using key to unencrypt the message
What is a wet signature?
using a pen to sign (ink)
What are 3 reasons why hackers target health organizations?
- health organizations likely can afford to pay ransom – one physician office can expect $3-5000 per ransomware
- risk of media coverage and system downtime pressures victims to pay quickly
- health organizations have a history of underinvesting in IT
Who is responsible for the regulation of privacy?
province
- each province uses a different system
- ie. PharmaNet in BC vs. Pharmaceutical Information Network or Netcare in AB
Describe privacy acts in Canada.
- goal is for unified Canadian standards
- ie. PIPA or FIPPA
How can security breaches and attacks be more than just ‘hackers’?
physical or logical access
- insider employees and staff
- pharmacy robbery
accidental or negligent disclosure
- inadequate control of paper records
- inadvertent release of sensitive information to unauthorized parties
- overheard conversations
What are 5 ways to protect data?
- encryption programs
- password protection on hardware and software
- anti-virus, anti-spyware, and malware software
- ‘clean’ computers before discarding or remove identifying material from electronic files/databases
- be cautious of, or avoid, social media
What are some examples of ethical issues with eHealth?
- should organizations be able to keep data for reasons beyond my health
- do I expect an organization to inform me anytime my data is used
- I want care providers to share my health data, but when would it be too much
- many family physicians and pharmacies are for-profit organizations, shouldn’t I get a cut of the profits they make from my data
