INFORMATION TECHNOLOGY for the Health Professions CHAPTER Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Fourth Edition Security and Privacy ( قرصنة ) in an Electronic Age 12

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Privacy and Security Many companies and some government departments have lost, misplaced, or sold confidential information—some of it medical. With 2014 as a target year for computerizing medical records, effective security for the privacy of computerized information is a necessity.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Information Technology Crime such as spreading viruses Natural disasters such as flood or fire Human error

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Computer Technology and Crime Computer technology has led to new forms of crime. Crimes using computers and crimes against computers:  Most are both—using computers to harm computers

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Computer Crime Spreading viruses  Programs that reproduce themselves and harm computers

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Computer Crime Theft of information  Breaking into private databases, such as hospital databases, and misusing information Theft of services  Theft of cable TV

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Computer Crime Fraud  Using a computer program to illegally transfer money from one account to another Software piracy  Illegally copying copyrighted software

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Identity Theft An identity thief needs only a few pieces of information (such as Social Security number, mother's maiden name) to steal your identity. Among those who find out who stole their identity, half are members of the family or household of the victim. Many states have passed laws against identity theft.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Identity Theft Identity theft is now at a low point. In 2010, the average amount that fraud victims had to pay had increased from $ to $ due to new account fraud. 2009–2010—Data breaches, which put your identity at risk, have increased 33%.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Current Threats to Computer Systems Spyware  Software that can be installed without user's knowledge to track their actions on a computer Adware  May display unwanted popup advertisements on your monitor  May be related to the sites you search on the Web or even the content of your

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Current Threats to Computer Systems A fraudulent dialer can:  Connect the user with numbers without the user's knowledge  Connect the user's computer to an expensive 900 number Phishing involves sending fraudulent messages via or instant message that purport to be from a legitimate source.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Current Threats to Computer Systems A Trojan horse appears to be a normal program, such as a computer game, but conceals malicious functions. An bomb or denial-of-service attack sends so much to one address that the server stops working. Botnets can remove software or send spam.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Current Threats to Computer Systems Keylogging can be used by anyone to track anyone else's keystrokes. Malware includes many forms of malicious hardware, software, and firmware. Spybot Search and Destroy software can remove malware, adware, spyware, fraudulent dialers, and keyloggers from your computer.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security Security systems try to protect computer hardware, software, and data from harm by restricting access, training employees, and passing laws. Attempts at restricting access:  PINs (personal identification numbers) or passwords  Locking computer rooms and requiring employees to carry ID cards and keys

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security Biometric methods  Fingerprints  Hand prints  Retina or iris scans  Lip prints  Facial thermography

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security Biometrics also include:  Body odor sensors  Facial structure scans  Iris and retina scans  Keyboards that can identify a person by behavior, fingerprint, voice, or gait None of these methods is foolproof.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security On April 12, 2011, assistant director of the FBI's cyberdivision, Gordon Snow, told the Senate Judiciary Crime and Terrorism Subcommittee that criminals can “penetrate any system that is accessible from the Internet.”

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security This means, he continued, that “government networks and the nation's critical infrastructure could be degraded, disrupted, or destroyed.” Even when a crime is detected, it is very difficult to know where it originated or who did it.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Backup Systems No security system is foolproof. A backup system is necessary:  Copies of data  Copies of software  Off-site

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Figure 12.3 Federal laws intended to protect computer systems and privacy of individuals.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Figure 12.3 (continued) Federal laws intended to protect computer systems and privacy of individuals.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Figure 12.3 (continued) Federal laws intended to protect computer systems and privacy of individuals.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Privacy Privacy refers to the right to control your personal information.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Privacy Government databases maintained at the local, state, and federal level include:  Tax information  Welfare information  Property ownership  Driving records  Criminal records

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Privacy RFID (radio frequency identification) tags:  The FDA has approved the tags for medical use.  These chips are very easily counterfeited.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Privacy There are legal restrictions on the federal government and what it does with information it collects. There are few restrictions on state and local jurisdictions:  Some local jurisdictions sell information.  Some put the information on the Internet.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Privacy Private databases maintained by corporations interested in buying habits to personalize advertising. These databases hold information on:  Buying habits  Credit rating  Health information  Reading habits

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Privacy Databases online with information available for a fee Information from government databases can be linked to private databases by using Social Security numbers.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Privacy Real ID Act of 2005:  Directly imposes prescriptive federal driver's license standards by the federal government on the states  Requires every American to have an electronic identification card

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Threats to Privacy Real ID Act of 2005:  State DMVs must share all of the information in their databases with all other states' DMV databases; this creates a huge database.  However, by 2011, according to some sources, the Real ID Act had been put in limbo after 25 states adopted legislation opposing it.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Privacy, Security, and Health Care: HIPAA and HITECH Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the first federal legislation to put a national floor under the privacy of medical information. HITECH extends the privacy protections of HIPAA.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill HIPAA and HITECH HIPAA and HITECH encourage the use of the electronic medical record (EMR) and encryption to protect its privacy. HIPAA requires health care facilities (protected entities) to conduct a risk analysis and to address the risks.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill HIPAA and HITECH Until recently, the Department of Health and Human Services preferred to work for voluntary compliance and settle complaints through corrective action plans.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill HIPAA and HITECH However, in July 2008, for the first time, a covered entity was required to pay a fine. After receiving 31 complaints about one company, the OCR and CMS investigated and required it to pay $100,000. There has also been an increase in criminal prosecutions by the Department of Justice.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill MIB Group, Inc. Comprised of 470 insurance companies Contains health information on 15 million people:  According to Business Week, “two-thirds of all insurance companies are using consumers' medical histories and personal information to deny coverage, charge higher premiums, and exclude certain medical conditions from policies.”

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill MIB Group, Inc. Contains health information on 15 million people:  However, the MIB Group, Inc. denies this, stating that “MIB Members... are strictly forbidden from using MIB information about you as the basis for determining your eligibility for insurance."

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill MIB Group, Inc. Contains health information on 15 million people:  "MIB Members only use MIB's information as an 'alert' or 'red flag,' which prompts them to obtain additional information through traditional underwriting tools and methods.”

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Data Warehouses Some private data warehouses exist for the sole purpose of collecting and selling personal information. They sell information to credit bureaus and to employers for background checks. Electronic databases are now being linked into larger and more comprehensive super databases.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Privacy and Security The USA Patriot Act weakens privacy protections and requires institutions to give government agents information without informing the person. The future of privacy of medical information under HIPAA and the USA Patriot Act (which works against privacy) is not yet known.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Other Privacy Issues: Telemedicine Telemedicine raises issues of the privacy of:  Medical information on networks  Information that routinely crosses state lines

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Other Privacy Issues: is not legally private. in a health care setting can be read by many people, including clerks, secretaries, and health care providers. Offices that use need to inform the patient of who will read it, what issues may be mentioned in s, and the turnaround time.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Other Privacy Issues: Genetic Information As research focuses on genetics and an individual's genetic probability of developing certain diseases, privacy issues arise.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Other Privacy Issues: Genetic Information GINA, the Genetic Information Nondiscrimination Act, became law on May 21,  Basic purpose is to protect people from discrimination by health insurers and employers based on genetic information.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Other Privacy Issues: Genetic Information The latest updates on GINA, effective in 2011, clarify who the law covers in regard to employment: applicants, trainees, apprentices, and current and former employees.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Other Privacy Issues: the EMR The electronic medical record (EMR), like other information in electronic form, is not secure. HIPAA and HITECH encourage its use. HIPAA and HITECH require security measures for all personally identifiable medical information.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security Breaches Events that potentially put a person's name, Social Security number, driver's license number, medical record, or financial record (credit or debit card) potentially at risk, either in electronic or paper form.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security Breaches As of March 17, 2011, OCR had posted on its Web site 249 breaches. The breaches affected 8,289,236 individuals. The dates of these breaches ranged from September 22, 2009, to January 12, 2011.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Security Breaches Most of the breaches were by covered entities, but some involved business associates. HITECH extended HIPAA's privacy protections to business associates of covered entities.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Conclusion If medical and health records are digitized and put online, HITECH requires encryption. A national database of health records could improve health care by making all your medical information (including allergies, medications, and most recent test results) available in any hospital, doctor's office, and emergency room.

Information Technology for the Health Professions, Fourth Edition Lillian Burke Barbara Weill Conclusion Currently, data is not secure. As a result:  Marketers can tailor advertising to people with a particular disease.  Lenders can disqualify people on the basis of an estimate of how long they would live.  Employers can deny employment or promotion (although this is not legal).