From Toys to Mobile Tools EDUCAUSE 2002 PDAs in Medical School - Tackling Confidentiality
From Toys to Mobile Tools Presenters Sharon Collins Computer Consultant Information Technology & Computing Services East Carolina University collinss@mail. ecu. edu Julius Q. Mallette MD FACOG Senior Associate Dean Brody School of Medicine East Carolina University malletteju@mail. ecu. edu Susan Thornton Computer Consultant Information Technology & Computer Services Brody School of Medicine East Carolina University thorntons@mail. ecu. edu EDUCAUSE 2002
From Toys to Mobile Tools Copyright Statement • Copyright Sharon Collins, Julius Q. Mallette and Susan Thornton, 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for noncommercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. EDUCAUSE 2002
From Toys to Mobile Tools Introduction East Carolina University has introduced PDAs for medical students, yet answers to questions surrounding patient confidentiality are unclear. How do we enforce students and faculty to keep information on their devices secure and confidential? HIPAA may impose new standards and we must be prepared. This session outlines steps taken to get policies/technology in place. EDUCAUSE 2002
From Toys to Mobile Tools EDUCAUSE 2002
From Toys to Mobile Tools Introduction to the “Toy” • Number of students • What PDA/OS we require • What software is available • New Toys – New Tricks EDUCAUSE 2002
From Toys to Mobile Tools 2002 -2003 1 st Year Medical Students Wireless Use 40% PDA Use 35% Internet Access 100% 52% Female 48% Male 0 20 40 60 Percent EDUCAUSE 2002 80 100 120
From Toys to Mobile Tools Challenges • Different types of devices/OS • Battery Life • By 2003, an estimated 86% of physicians are expected to use PDAs over traditional paper Rx pads • Training • How to protect patient information that is stored on device • How to protect patient information transmitted during synchronization or through wireless EDUCAUSE 2002
From Toys to Mobile Tools Gearing Up for Confidentiality • Institutions must analyze their electronic communication and exchange of health information that occurs over networks and ensure that it includes strong authentication, adequate encryption, and administration of keys and passwords for encryption. • During transmission of data, maintain an audit trail • Also automatic logoff/lockout after a specified period of inactivity of interaction with that application or device EDUCAUSE 2002
From Toys to Mobile Tools EDUCAUSE 2002
From Toys to Mobile Tools HIPAA National standards Deploy national standards for electronic data interchange (EDI) across the industry EDUCAUSE 2002
HIP- ha -AA? HIPAA’s role in health care and medical education
From Toys to Mobile Tools Protected Health Information Encompasses all individually identifiable health information transmitted or maintained by a covered entity, regardless of form • • Name Address Birth Date Social Security Number Medical Record Number Telephone Numbers Email Addresses • Names of Relatives • • • URL Address Account Number Certificate/License Number IP Address Finger or Voice Prints Photographic Images Name of Employer Health Plan Beneficiary Number Any Other Unique Identifier EDUCAUSE 2002
From Toys to Mobile Tools Security • Secure electronic individual health information • Security is the means to control access to your information EDUCAUSE 2002
From Toys to Mobile Tools Privacy • Ensure uniform privacy related to access and disclosure of patient information Definition of Privacy • Privacy is freedom from intrusion into your affairs and the right to maintain control over your information • Confidentiality is the organization’s responsibility to limit disclosure of your private matters EDUCAUSE 2002
From Toys to Mobile Tools Compliance • Require documentation of organization-wide compliance with security and privacy regulations • When? EDUCAUSE 2002
From Toys to Mobile Tools HIPAA Component Effective Date Compliance Date EDI August, 2000 October, 2002 Privacy December, 2000 April, 2003 Security Pending Open EDUCAUSE 2002
From Toys to Mobile Tools Penalties • HIPAA penalties • Unintentional violations could result in fines ranging from $100 - $25, 000 for each violation • Intentional violations could result in — Up to 10 years imprisonment — Up to $250, 000 per offense EDUCAUSE 2002
From Toys to Mobile Tools EDUCAUSE 2002
From Toys to Mobile Tools Day to Day Operations with HIPAA • HIPAA affects the way we work with PDAs • Patient scheduling — Office visits — Operating room schedules — Delivery room schedules • Education — Conferences — Presentations — Credentialing — Accreditation (LCME) EDUCAUSE 2002
From Toys to Mobile Tools Education • Education of our students, faculty and staff on HIPAA requirements • Orientation requirements for students and faculty confidentiality statement and oath • Instruction on the use of security mechanism “…. . All that may come to my knowledge in the exercise of my profession or outside of my profession or in daily commerce with men … EDUCAUSE 2002
From Toys to Mobile Tools May I enjoy my life and practice my art, respected by all men and in all times; but if I swerve from it or violate it, may the reverse be my lot. ” “Which ought not to be spread abroad, I will keep secret and will never reveal. If I keep this oath faithfully… Taken from the Oath of Hippocrates circa 400 B. C. EDUCAUSE 2002
From Toys to Mobile Tools Regulations Information on PDAs related to the following are subject to HIPAA regulations Lab Results § § § Patient demographics Charge coding Prescription writing Patient tracking programs Databases EDUCAUSE 2002
From Toys to Mobile Tools FAQ’s and Future Anticipated Questions (the other FAQ’s) Is it possible that the loss or theft of a PDA could implicate national security? EDUCAUSE 2002
From Toys to Mobile Tools EDUCAUSE 2002
From Toys to Mobile Tools Don’t Compromise Your PDA! • Ownership – who is responsible — IT Managers — Owners • What information on the device can be compromised • Everything! – Contacts/clients; meetings; patient data; legal and financial information EDUCAUSE 2002
From Toys to Mobile Tools Guidelines • Patient identifiable data on device? — Data should be encrypted and access should be password protected. • Patient identifiable data transmitted during synchronization? — Ensure proper user/device authentication before transmitting data and maintain an audit trail. • Patient identifiable data transmitted wirelessly? — Ensure proper user/device authentication before transmission, encrypt data during the transmission and maintain an audit trail. EDUCAUSE 2002
From Toys to Mobile Tools Confidentiality Solutions • Passwords – good first line defense • User ID/Power – passwords — Alphanumeric — 4 Character — Problems – data not encrypted • Security specific software • Biometrics EDUCAUSE 2002
From Toys to Mobile Tools Some Common Sense The lonely PDA…not for long • Left on a desk • Left on an airplane • Dropped from a pocket or bag • Stolen! • The PDA and all its contents immediately are released to another individual unless protected • SECURITY IS PARAMOUNT! EDUCAUSE 2002
From Toys to Mobile Tools Defense • Pocket. PC: 4 -digit userid password • Card Backup: backup the databases on a Palm. OS device and store them on an expansion card • Backup Buddy: performs a complete backup of your entire Palm Computing organizer each and every time you Hot. Sync • Secure. Card: encrypting a single or multiple files, or the entire card EDUCAUSE 2002
From Toys to Mobile Tools Beam me – Lose me. . • Transmitted Information (Infrared) — Need user and device validation to ensure proper user authentication with the matching device — Maintenance of an audit trail of synchronization EDUCAUSE 2002
From Toys to Mobile Tools Software Protection Easy. Lock Teal. Lock EDUCAUSE 2002
From Toys to Mobile Tools Biometrics • Types – signature, fingerprint, voice, face or iris • Fingerprint sensor would probably be the most effective • Biometrics are natural technologies to use on all handheld devices from cellphones to PDAs to tablets • Biometrics solutions: — Indentix — Sign-On — Smart. Card EDUCAUSE 2002
From Toys to Mobile Tools Comparisons Software Price Palm Cloak $19. 95 Pocket. PC X Standard Enterprise Features Password X Encrypt database PDA Secure $29 -$49 X X Encrypt files/card PDA Standard Protects data stored on expansion memory cards PDA Premium Blocks synchronization/download to a desktop PC PDA Enterprise Control wireless access Six different encryption standards Secure password and data encryption PDA Defense Stand. $19. 95$29. 95 X X 128 -bit encryption Decryption on-demand PDA Defense Prof. Hardware button password entry PDA Defense Enter. Auto-lock setting Stealth mode Auto-encryption of new databases Jot. Loc $11. 95 Picture based security X Lock delay Lock only between certain days Simple to use, low memory footprint EDUCAUSE 2002
From Toys to Mobile Tools Comparison, cont. Software Price Movian. Crypt $39. 95 Palm Pocket. PC Standard Enterprise X X Features Advanced password security Enterprise IPSec-based software Client Pocket. Lock $19. 95 X X Seven different encryption standards. Lets you password protect individual files Lets you password entire folders Optional numeric PINS for quick entry Safe. Guard Easy $480. 00 Symbol PIN or password x Choice of different Symbol PIN sets Authenticated Active. Sync connection Emergency mechanisms in case of forgotten passwords Timed delay, alarm or even complete reset wiping all data of the PDA in case of repeated false logon Protection against unauthorized de-installation Encrypted data storage Self extracting encrypted files for secure data exchange with other users Data compression "secure wipe" of files Biometric signature recognition EDUCAUSE 2002
From Toys to Mobile Tools Are You Protected? • Policies • Infrastructure/Network • Encryption software EDUCAUSE 2002
From Toys to Mobile Tools PDA Resources • American Medical Student Association PDA Resources http: //www. amsa. org/resource/pda. cfm • Brody School of Medicine at East Carolina University PDA resource page: www. ecu. edu/bsomacaddev/pda/index. html • East Carolina University PDA Resource Page http: //www. ecu. edu/itcs/pocket/ecupdas. cfm Thanks to Laurie Godwin and David Jones from East Carolina University’s University Multimedia Center for assistance in this presentation. EDUCAUSE 2002
Скачать презентацию From Toys to Mobile Tools EDUCAUSE 2002 PDAs
e8a9994ae99a90450f3bcbcf0dfc5efa.ppt