5 hours 25 minutes
to the Hcs PP Certification course with Sai Buri.
Impact of health care I t on privacy and security.
My name is Shalane Hutchins and I will be your instructor for this course.
Today we'll talk about understanding the threat, landscape
oversight, regulatory changes,
and medical devices.
Understanding the threat landscape is imperative to being a health care security and privacy professional.
The threat vectors are many and expanding its technology expanse
as a read on the T shirt at a conference data is the new bacon.
Everyone wants data and access to data and to use the data for various reasons.
Health care Information technology requires different frameworks to manage the comprehensive information across multiple platforms and between multiple parties.
The cybersecurity industry is growing rapidly as more and more businesses are transforming their systems and infrastructure to enable our presence on the Internet to facilitate relationships with others across various borders
and with increased presence in the World Wide Web comes vulnerabilities that may be easily exploited and or exposed by various actors, some accidentally and others purposefully.
Some examples of the most prevalent threats to information in the healthcare industry are phishing attacks,
fake emails to get a user to click on a link or download an attachment with a malicious payload or virus attached.
There are new attacks in the advanced, persistent threat space where someone can get access to users email credentials. They can actually send the user and email from their own inbox, posing as a co worker or even from the outside, and get them the download, an attachment or click on the link.
They can gain access to the user's files on their computer
and begin to find ways to traverse the network.
They're now a trusted source using using the users authenticated tokens. It's pretty slick, so security professionals we must stay vigilant and aware.
Ransomware is another threat
vector that is very prevalent in the healthcare space. Medical records are tend 20 times more valuable than financial data or bank account numbers on the dark, wide wet.
Because all of the information attached to a medical record can be broken apart and sold in different pieces.
Think about the information that's contained in a health record. You have
age, social security number, birthdate, employer name, health insurance, member number, the pharmacy, the doctor's name. The doctors number the pharmacy. Address the pharmacy number.
Think about how annoying all of this information can be useful to an attacker.
Would you want someone to have all that information about you?
Well, I'm sorry to say that they probably already do
everyone's information. It's already been leaked
out on the Internet
so staler and do what you can to monitor your information and Internet activity.
Now. Medical Device Attacks In most hospitals, the soul method of connective ity between Elektronik medical records and medical devices is through network connections. Many organizations are now using wireless connections. The benefits to health care, including a reduction in medical errors,
lead to improve quality of care.
And you have the risk of medical devices being hacked also increases.
These are just some of the threat vectors that security and privacy professionals need to be aware.
So let's give a little background about the regulatory requirements.
The LCR established an audit protocol that contains the requirements to be assessed based on the high tech.
The high tech legislation was created to stimulate the adoption of electronic health records and supporting technology in the United States.
President Obama signed the high tech Act into law on February 17 2000.
The high tech act was created as part of the a R a
economic stimulus bill.
This bill said that beginning 2011 and until 2015
health care providers would be offered financial incentives for demonstrating meaningful use of electronic records
after 2015. If health care entities didn't demonstrate meaningful use of electronic records, meaning not using technology to facilitate treatment, payment or operations of healthcare penalties could be assessed against them.
Now, in order to comply with these new laws, technology needed to have interoperability as we discussed in a previous model. Interoperability means the data must be standardized for use across despaired technologies
to facilitate information exchange, medical coding and clinical coding systems. Air used.
These coding systems assign a distinct in America value to medical diagnosis procedures in surgery, signs and symptoms of diseases and conditions.
These assigned codes and other patient data are processed by a group or software to determine a diagnosis related group, or DRG.
is the most widely recognized nomenclature in healthcare. Its current version, Snow met C T, is intended to provide a set of concepts and relationships that offer common reference point for comparison and aggregation of data
about the healthcare process.
I C D 10 is the most widely recognized medical classification maintained by the World Health Organization or W H O. Its primary purpose is to categorize diseases for mobility and mortality, reporting
health care providers worldwide, or were obligated to be i CD 10 ready by October 2015.
I C D 11 is the next major update and has been released on June 18th 2018 and officially endorsed by the W H O on May 25th, 2019.
In a nutshell. It is fully Elektronik and provides access to over 17,000 diagnostic categories in over 100,000 medical diagnostic index terms.
The index based search algorithm interprets more than 1.6 million terms.
Snowman, C, T and I see 10 are designed for different purposes, and each should be used for the purposes for which it was designed.
Mapping of the two sources has been done through the unified medical language system met at the Saurus,
although each term is not truly synonymous, but in the same neighborhood. Because Snowman has far more specific terms
Let's talk about medical devices.
The World Health Organization, the Pho, commented that medical devices range from simple thermometers too sophisticated and costly diagnostic imaging equipment,
a medical devices intended for use in the diagnosis of disease or other conditions in the cure, mitigation, treatment or prevention of disease.
The various types of medical devices are listed here.
They include Self Care,
Elektronik, Diagnostic and Sola.
Please study these terms for the exam.
Based on the Food, Drug and Cosmetic Act,
the F D A recognizes their classes of medical devices based on the level of control necessary to assure safety and effectiveness.
Listed here are examples of different medical devices and their classes.
All classes are subject to general controls.
General controls include provisions that relate to adulteration.
Misbranding device registration in listening band devices, including modification, repair and replacement
controls must be in place to prevent these things from happening with these devices.
When general controls alone, can Matt assure safety and effectiveness? An additional special control
The device falls into the class to category.
A. Class three device needs premarket approval in scientific review to ensure the devices safety and effectiveness.
In summary Today we talked about threat, landscape
oversight and regulatory requirements, interoperability and medical devices and how they all have an impact on privacy and security and health care.
Thank you for watching, and I'll see you in the next video.
This HCISPP training provides students with the knowledge and skills to successfully pass the certification test needed to become a healthcare information security and privacy practitioner. The course covers all seven domains included on the exam.