Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
technical_safeguards [2016/05/10 10:28] wikiadmin |
technical_safeguards [2016/07/04 16:00] (current) jillian_nadette_de_leon |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ##TECHNICAL SAFEGUARDS | ##TECHNICAL SAFEGUARDS | ||
| - | **ACCESS CONTROLS**\\ | + | **A. Access Controls**\\ |
| - | * Standard user IDs shall be given to each staff whose work entails the need to access or process heath information.\\ | + | Technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights:\\ |
| - | * There shall be a three way process for authentication of users: something they know (password), something they have (secure token), and something they are (biometrics).\\ | + | |
| - | * Multi-factor authentication shall be implemented, especially for admin and supervisory accounts. | + | |
| - | * Passwords shall have the following characteristics: minimum of eight characters in length, have an upper case, lower case and special character in it.\\ | + | |
| - | * The last user ID that logged in must not be displayed on the log-in screen.\\ | + | |
| - | * There shall be an automatic screen or keyboard locking after 5 minutes of inactivity.\\ | + | |
| - | //Leave of Absence// | + | I. Information access management (required)\\ |
| - | * User IDs of employees/staff who are on extended leave of absence shall be disabled until they return for work.\\ | + | 1. Implementation specifications:\\ |
| + | (A) Isolating health care clearinghouse functions (required). If a health care clearinghouse is part of a larger organization, the clearinghouse must implement policies and procedures that protect the electronic protected health information from unauthorized access by the larger organization.\\ | ||
| + | (B) Access authorization (addressable). Policies and procedures for granting access to electronic health information such as access to a workstation, transaction, program, process or other mechanisms shall be implemented by the health facility. Guidelines on the access of health information are provided in Rule III (Access of Health Information) in the SOR.\\ | ||
| + | (C) Access establishment and modification (addressable). Based upon the access authorization policy of the data controller and/or data processor, policies and procedures on the establishment, documentation, review and modification of a user's rights to access a workstation, transaction, program or process shall be implemented.\\ | ||
| + | II. User identification (required). A process for unique user identification shall be made within a policy and procedure of the health facility.\\ | ||
| + | 1. Implement specifications: \\ | ||
| + | (A) There shall be a user name and/or number for identifying user identity throughout all levels of the organization.\\ | ||
| + | (B) User identity shall not be shared, delegated or assigned to a group or individual.\\ | ||
| + | (C) User identity that was previously used shall not be reused for new and/or existing users.\\ | ||
| - | **DATA PROTECTION**\\ | + | III. Emergency Access Procedure (Required). Procedures for obtaining necessary electronic health information during an emergency.\\ |
| - | * Data on many computer devices can be damaged by being moved, knocked or even when turned off. If there is a hard disk, the heads on the drive should be "parked" before moving the system to avoid destroying stored information (devices with solid state drives have a different system and are less vulnerable to movement).\\ | + | 1. Situations that may require emergency access shall be identified, defined, and described by health facilities.\\ |
| - | * Due to the different variations of computers and types of connections, it is important to seize all the different cables and chargers for the seized equipment.\\ | + | 2. There shall be identification of authorized personnel who will need to access health information during emergency situations.\\ |
| - | * Antivirus software must be loaded in every computer possible. The software needs to be configured regularly and automatically download updates for the latest threats. \\ | + | 3. Procedures for obtaining necessary health information during emergency situations shall be established and implemented.\\ |
| - | * Complete back-ups of the system shall be done periodically- once a month or every few months.\\ | + | 4. Policies and procedures for governing access to health information shall be created.\\ |
| - | * Back-up data tapes shall not be stored near a computer monitor or uninterruptible power supply-the electromagnetic interference coming from these devices can corrupt data on them or completely delete them.\\ | + | |
| - | **CONFIGURATION MANAGEMENT** | + | IV. Automatic log-off (addressable). Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.\\ |
| - | * It is important to document how the computer system is organized to know when and how to disconnect additional pieces of equipment such as telephone modems, auto-dialers, and printers from the system. Otherwise, important information can be lost.\\ | + | 1. A policy and procedure that governs how automatic log-off is used shall be created.\\ |
| - | * There shall be a regular monitoring and maintenance of database and networks of health facilities to be conducted by the Database and Network administrator of the PHIE group.\\ | + | 2. A predetermined time shall be documented within the policy based on the application.\\ |
| + | V. Encryption and decryption (addressable). The method of converting an original message of regular text into encoded text using an algorithm.\\ | ||
| + | 1. For encryption in transit, the standard security technology shall be Secure Socket Layer (SSL) (addressable).\ | ||
| + | 2. Minimum requirement AES (Advanced Encryption Standard) 128\\ | ||
| + | 3. Encryption in storage TKE (Trusted Key Entry)\\ | ||
| - | **POINTS TO CONSIDER**\\ | + | VI. Multi-factor authentication (addressable). Policy, operational, and technical mechanisms must be in place to use multi-factor authentication for those systems identified to have significant risk (e.g. servers, unified threat management, etc.)\\ |
| - | * The minimum server configuration shall be specified.\\ | + | |
| - | * Provide detailed and specific protocols on encryption (e.g. encryption of data at rest).\\ | + | |
| - | (//Specific technical requirements should ideally be developed by DOST-ICTO.//)\\ | + | |
| - | * Security features shall be incorporated in the system requirements.\\ | + | |
| - | * HIS should only be for recording and record keeping, but access to the medical records should be under the MRS.\\ | + | |
| + | **B. Audit Controls**\\ | ||
| + | A record that shows who has accessed a computer system when it was accessed and what operations were performed.\\ | ||
| + | I. Recording of information (required). Recorded information must include, but is not limited to, unique user identified, date and time of use/access, location (if applicable).\\ | ||
| + | II. Audit Data Life Span (addressable). A policy shall be made by health facilities to specify the length of time the data must be stored and how it will be destroyed.\\ | ||
| + | III. Access to Audit Data (addressable). The Medical Records Officer alongside with the Privacy Officer shall be authorized to audit the shared health record. | ||
| + | |||
| + | **C. Integrity Controls**\\ | ||
| + | Protection of electronic health information from improper alteration or destruction. \\ | ||
| + | I. Implementation specifications:\\ | ||
| + | (A) Mechanism to authenticate electronic protected health information (addressable). Mechanisms to corroborate that electronic health information has not been altered or destroyed in an unauthorized manner shall be implemented.\\ | ||
| + | (B) Digital signatures (required). Digital signatures shall be used to identify authenticity of the entry in an electronic system.\\ | ||
| + | (C) Sum Verification (required) shall be used to determine if the input data matches the source data.\\ | ||
| + | (D) Anti-virus software (required). Computers shall have an Industry Standard Antivirus Software with automatic updates turned on. The software shall be configured regularly and automatically download updates for the latest threats.\\ | ||
| + | (E) Data storage encryption (required). Data storage and transmission shall be encrypted. For websites, https encryption shall be used. \\ | ||
| + | (F) Transmission encryption (required). Data transmission via wireless networks or the internet shall always be encrypted. \\ | ||
| + | (G) Proper Handling of Mechanical Components. Training on the proper use and handling of CPUs, Servers, flash drives, external hard drives shall be given to the user of electronic systems. (addressable)\\ | ||
| + | (H) Back-up components such as servers, flash drives, external hard drives shall be stored away from possible electromagnetic interference. (addressable)\\ | ||
| + | (I) Offline modes and Caching. Electronic systems shall have online and offline modes. (addressable)\\ | ||
| + | (J) Interface Integration of Information Systems. Data transmission from electronic medical records shall follow a standard for integration and interfacing to facilitate interoperability and data compatibility. (addressable)\\ | ||
| + | |||
| + | **D. Transmission Security**\\ | ||
| + | Technical security measures to guard against unauthorized access to electronic health information that is being transmitted over an electronic communications network shall be implemented.\\ | ||
| + | |||
| + | **E. Identity Authentication**\\ | ||
| + | Procedures to verify that a person or entity seeking access to electronic health information is the one claimed shall be implemented. Rule III (Access of Health Information) provides guidelines on authentication of access. \\ | ||
| + | |||
| + | **F. Storage Security**\\ | ||
| + | Implementation Specifications:\\ | ||
| + | (A) Data stored in portable data storage devices (e.g. Flash drive, portable hard drives, etc.) must be encrypted. | ||
| + | (B) Data stored in cloud storage services (e.g. Dropbox, OneDrive, Google Drive, etc.) must be encrypted. | ||
| ---- | ---- | ||
| Line 45: | Line 76: | ||
| //Contract/ agreement between health facility and cloud provider://\\ | //Contract/ agreement between health facility and cloud provider://\\ | ||
| - | * The health care facility's ownership rights over the data must be firmly established in the service contract to enable the basis of trust and privacy of data. In so far as practicable, the contract between the health care facility and cloud service provider should state clearly that the health facility retains ownership over all its data; that the cloud provider acquires not rights or licenses throughout the agreement, including intellectual property rights or licenses, to use the health facility's data for its own purposes; and that the cloud provider does not acquire and may not claim any interest in the data due to security.\\ | + | * The health care facility's ownership rights over the data must be firmly established in the service contract to enable the basis of trust and privacy of data. In so far as practicable, the contract between the health care facility and cloud service provider should state clearly that:\\ |
| + | (a) the health facility retains ownership over all its data; | ||
| + | (b) the cloud provider acquires not rights or licenses throughout the agreement, including intellectual property rights or licenses, to use the health facility's data for its own purposes; | ||
| + | (c) the cloud provider does not acquire and may not claim any interest in the data due to security.\\ | ||
| * Service agreements should include some means for the health facility to gain visibility into the security controls and processes employed by the cloud provider and their performance over time. Ideally, the health facility will have control over aspects of the means of visibility to accommodate its needs, such as the threshold for alerts and notifications, and the level of detail and schedule of reports.\\ | * Service agreements should include some means for the health facility to gain visibility into the security controls and processes employed by the cloud provider and their performance over time. Ideally, the health facility will have control over aspects of the means of visibility to accommodate its needs, such as the threshold for alerts and notifications, and the level of detail and schedule of reports.\\ | ||
| * Contracts/agreements shall clarify the types of metadata collected by the cloud provider, the protection afforded the metadata, and the organization's rights over metadata, including ownership, opting out of collection or distribution and fair use.\\ | * Contracts/agreements shall clarify the types of metadata collected by the cloud provider, the protection afforded the metadata, and the organization's rights over metadata, including ownership, opting out of collection or distribution and fair use.\\ | ||
| Line 72: | Line 106: | ||
| * Grance, T., Jansen, W. (2011). //Guidelines on Security and Privacy in Public Cloud Computing.// Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf | * Grance, T., Jansen, W. (2011). //Guidelines on Security and Privacy in Public Cloud Computing.// Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf | ||
| \\ | \\ | ||
| + | |||
| ##See Also | ##See Also | ||
| - | * [[consolidated_workshop_outputs|Consolidated Workshop Outputs]] | + | * [[consolidated_workshop_outputs|Privacy Set of Rules (SOR)]] |