HCISPP

Course
Time
5 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Hello again and welcome back to the A C I S P p Certification course works library security objectives. I'm Shalane Hutchins and I'll be your instructor.
00:12
So today we're going back to the basics
00:16
will be discussing the three components to security, confidentiality, integrity and availability.
00:23
Many of you may already know this information, but it's a good refresher when talking about health care in privacy.
00:31
As I'm sure you've noticed so far, security and privacy overlap in several ways, and it's important to understand the foundational concepts when speaking to your peers and to help users of technology and healthcare information understand why we do what we do, the way we do it.
00:48
So let's begin.
00:52
While there may be several small and large objectives of security program, the main three principles off all Crow Prince are referred to as the CIA. Try it.
01:03
They are confidentiality,
01:06
integrity and availability.
01:08
All security controls, mechanisms and safeguards are implemented to provide one or more of these principles.
01:17
All risk
01:19
threats and vulnerabilities
01:21
are measured in their potential ability to compromise one or all of these principles.
01:26
Let's think about it.
01:30
Let's make it personal.
01:30
If someone was to get access to, say, your cell phone.
01:34
Which principle or principles would be compromised?
01:41
Confidentiality?
01:42
Well, yes, if you don't have everything under a different protective safeguard or use your biometrics or uh something else to protect your information,
01:53
your pictures, your text messages will be available to the person who has your phone, and they can share it with anyone.
02:00
What about integrity?
02:02
Wow,
02:05
this person has access to your phone so they can make social media posts Impersonating you.
02:10
Your integrity would be shot if they post things that creator promote violence or negativity and go against the code of conduct that we discussed in the beginning, Of course.
02:22
And then there's availability.
02:24
Well, you no longer have access to your phone, so it's no longer available to you.
02:30
You may be able to trace and track your phone with a different software and even have the mobile company Lockett.
02:36
But you still don't have your phone,
02:39
so this is just a small example, and we'll go a little deeper into each principal. But I find that when we make things personal for the sake of learning, it helps us to get clarity around some of the security principles
02:52
So let's move on.
02:57
Confidentiality.
02:59
Keeping in contact with our studies here as patients data uh, private information and medical records are increasingly stored process and transmitted online. The ability to effectively maintain confidentiality oven individuals Data is becoming increasingly challenging,
03:17
but it's a must in order to earn and maintain a person's trust.
03:22
Confidentiality provides the ability to ensure that the necessary level of secrecy is forced at each junction of data processing and prevention of unauthorized disclosure.
03:35
This level of confidentiality should prevail while data lives on systems and devices within the network as it's transmitted. And once it reaches his destination,
03:46
users can intentionally or accidentally disclose sensitive information by not encrypting it before sending to another person. Or they could fall prey to social engineering attacks. Ah, sharing a company's trade secrets or not providing the extra care of protection
04:03
for confidential information when processing it.
04:08
Implementing strong technical controls helps to alleviate the potential for human hair.
04:14
Confidentiality can be provided by encrypting data as it is stored and transmitted,
04:19
using strict access controls, data classification and user training on proper procedures. Confidentiality means that data and or information has not been disclosed to unauthorised persons or processes prohibit definitions.
04:40
Now, the hip of technical safeguards defines integrity as the property that data or information has not been altered or destroyed in an unauthorized manner.
04:54
Elektronik ph. I that is improperly altered or destroyed can result in clinical quality problems for cover density, including patient safety issues.
05:05
Let's stop and think about this for a moment. From a patient's perspective,
05:10
let's say you're a patient.
05:12
You've gone into the doctor's office to have a routine checkup and a physical.
05:16
You have some blood work done, and you're awaiting the results.
05:19
Well,
05:20
your ex, who's still holding a grudge, works in the lab where your test results are processed.
05:28
They recognize the name and information and decide to get revenge by altering your test results. To say you have diabetes,
05:36
the integrity of your test results were compromised. And when it gets back to the doctor, you're now being prescribed medications that you don't actually need.
05:46
What is taking medication that you don't actually need due to your overall health?
05:51
Yeah,
05:53
you see where I'm going here.
05:55
So without the proper quality and reconciliation processes in place, this could very well happen and unfortunately, probably does This is why becoming an HC I SPP is so important.
06:11
Okay, let's talk about availability.
06:14
Hippel defines this principle as the property that data or information is accessible and usable upon demand by an authorised person
06:25
system. Availability can be affected by device or software failure.
06:30
Back up devices should be used and available to quickly replace critical systems. Or employees should be skilled and available to make the necessary adjustments to bring the systems back. Online
06:43
systems and networks should be able to recover from disruptions in a secure and quick manner, so productivity will not be negatively affected.
06:54
Cloud technology is advancing this concept with infrastructure as a service of models. Allowing for the quick creation and shifting a resource is from a failed or halted practice process to new resource is and process almost instantaneously.
07:10
Keeping what the contents availability also means that e ph. I is not lost according to hip and high tech. Not knowing where data is or should be means is not available for its intended use.
07:27
All right, let's check our knowledge
07:30
which objective insurance data has not been altered or destroyed by an unauthorized user
07:45
integrity.
07:46
Awesome.
07:56
Okay, Next,
07:59
which objective ensures data has not been disclosed
08:03
to unauthorised persons or processes.
08:13
You got it.
08:13
Confidentiality.
08:18
Now
08:20
which objective ensures data is accessible and usable by authorized persons.
08:33
There you go.
08:35
Availability.
08:39
Congratulations. You're coming along. Great. We've covered the foundational principles of a security program.
08:46
Confidentiality, integrity and availability.
08:50
Next up is security concepts season.

Up Next

HCISPP

The HCISSP certification course provides students with the knowledge and skills to successfully pass the certification test needed to become a healthcare information security and privacy practitioner. The course covers all seven domains included on the exam.

Instructed By

Instructor Profile Image
Schlaine Hutchins
Director, Information Security / Security Officer
Instructor