 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
|
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
||
 |
Michael F. Chiang, M.D., and Justin Starren, M.D., Ph.D.
Security
Data security involves ensuring that only the intended users as data are able to access it. This is especially challenging for the delivery of information in the home telemedicine setting. First, the uses are typically spread over a geographically diverse area. Second, the users often lack experience with the computer technology. Third, they may have physical limitations that further complicate their effective use of the telemedicine equipment. Notwithstanding, patients have the right to expect the same level of data security from a home telemedicine system that they would if they were in the hospital. This is simply good practice independent of the requirements of the Health Insurance Portability and Accountability Act (HIPAA). Data security is comprised of five components:
Authentication
Authentication means identifying who is trying to access the information. This typically involves a username and a password. Choosing a good password is critical because modern "cracker" programs are able to guess simple passwords like names, numbers, or words in the dictionary. A more rigorous form of authentication is called two-factor authentication. This is based on using "something you have" and "something you know". An example would be most modern automated teller machines that require you to have a card and to enter a password. This is much more difficult to break into because it requires a criminal to not only learn your password, but also to steal the card. There are many types of "things you have", including magnetic cards, smart cards, computerized tokens, fingerprints, and other biometric measurements.
Transport security (encryption)
Encryption is the process of scrambling transmitted data in a way that makes it difficult for someone to steal and decode the information. We do this every day that we make a credit card purchase using a Web browser. All Web browsers now contain built-in encryption software. Medicare, HIPAA, and good security practice all require that any clinical information sent over the public Internet be encrypted. This includes Web browsing, e-mail, pictures, and video. Most encryption methods used a large number, called a key, in order to do the actual encoding of the data. The larger the key the harder it is to decrypt the data.
Authorization
Authorization means determining who can see what. The goal of authorization is to ensure that everyone can see the data they need to in order to do their job or to provide the appropriate clinical care, but that they cannot see unnecessary information. The HIPAA standard uses the term "minimum necessary" to describe this. Authorization is more a policy then it is a technical implementation. It means categorizing all of the different types of data and all of the different types of users, and then determining which types of users should have access to which types of data. For example, in the IDEATel project, there are four types of users: patients, case managers, referring physicians, and project physicians. Patients are only allowed to view their own data. Case managers are allowed to view any type of data but only on their own patients. Referring physicians, those who have patients in this study but are not on the staff of the IDEATel project, are able to see project related data on their own patients. Lastly, project physicians are allowed to see any data on any patients.
Access control
Access control is provided by software tools that determine how the authorization policy will be implemented. For example, the case management software assigned every patient to a doctor and a case manager. These patient lists control the data that users are able to see. The WebCIS system supports many different types of users including doctors, nurses, administrators, departmental clerks, transcriptionists, receptionists, etc.. It allows specific types of data to be viewed by specific groups of users. Similar to the case management system, it also allows enumerated lists of patients to be assigned to specific users.
Auditing
As part of both HIPAA and good security practice, it is important to not only control access but also to record who saw what. This is important because it is impossible to predict in advance exactly which users will need to view what data on which patients. Therefore, most authorization policies error on the side of allowing access. By having a detailed log of everything that was viewed by every user it is possible to ensure that such policies are not abused. Both the case management system and WebCIS log all data access.
Physical security
All of the data security in the world is useless if someone can walk in and pull the hard drive out of your computer. Therefore, it is necessary not only to have secure software but also to have secure computers. For the IDEATel project all of the data servers are in the New York Presbyterian Hospital data center. This is a locked facility that is staffed 24 hours today. Because home telemedicine devices are in patient’s homes, it is extremely difficult to provide physical security. The HTUs have been modified so that patients can only access the IDEATel software and cannot use a floppy drive or CD-ROM drive. In addition, no clinical data is stored on the patient’s devices. As soon as data is collected it is sent to the secure IDEATel servers.
| Top |