INFO 614 Slide Show

UNIVERSITY

INFO780-900-201025 ST: Advanced Issues in Healthcare Informatics JANUARY 20, 2011

Medical Clinic Network and Electronic Record System

Security

INFO 614William Murakami-Brundage

Drexel, March 2011

INFO 614 Distributed Systems, Drexel University March 2011Prof. Allen, iSchoolMedical Clinic Network and Electronic Record System Security

UNIVERSITY


Table of Contents1. Overview

1a. Medical Record Systems1b. Networking and Data Flow 1c. System Design1d. HIPAA and Patient Data1e. Meaningful Use

2. Clinical Networks and Security2a. System Security2b. Medical Clinic and Community Outreach Computer Networks2c. System Design2d. Medical Clinic Data Flow

3. Networks and Security Breaches: Case Studies3a. Network Failure3b. Patient Data Loss3c. Security Failure

4. Summary


UNIVERSITY


Clinical information systems and their evaluation

1. Overview

1a. Medical Record Systems

1b. Networking and Data Flow

1c. System Design

1d. HIPAA and Patient Data

1e. Meaningful Use


UNIVERSITY



• Electronic Medical Record Systems are part of the 21st century medical system.

• EMRs collect patient data, communicate with other provider’s EMR systems, send prescription and lab requests, and store and transmit images and medical documents. They also interconnect with medical devices in hospitals and clinics.

1. Overview: Electronic Medical Record Systems (EMR)


UNIVERSITY


1a. Electronic Medical Record Systems• Every EMR is required to be

interconnected to external networks due to Meaningful Use regulations included in the 2009 Recovery Act1.

• Files are sent and received to other medical facilities. This includes billing and chart documents.

• EMRs can interconnect with medical sensors and other devices.

• The 2009 Act includes reimbursement for providers who have fully operational systems2.

• In order to be eligible for reimbursement, an EMR must be certified by the Certification Commission for Health Information Technology (CCHIT), a Federally authorized organization3.

• As well, EMRs must use secure file transfer methods mandated by Health Level 7 (HL7)4.


UNIVERSITY


1a. Electronic Medical Record Systems, Cont.

Major EMR Vendors5

• AllMeds, Inc.• GE Healthcare• eClinicalWorks LLC• AllScripts• MedConnect• Nortec Software Inc.

• As of March 16, 2011, there were 154 CCHIT-certified products on CCHIT’s list (http://cchit.org).

EMR ApplicationAllMeds EMR Ver. 8Centricity EMR 9.0/9.5eClinicalWorks 8.0.100Enterprise 11.1.7MedConnect EHR 1.0Nortec EHR 7.0


http://cchit.org/

UNIVERSITY


1c. EMR System Design

An outline of a clinical EMR data center. Note that, depending on the size of the clinic, the non-medical servers could be separated into a different stack.


UNIVERSITY


1c. System Design, Cont.EMR Data in Applications•As mentioned earlier, many applications within an EMR require an external network connection.•Applications or modules include the eFax, eRx (prescriptions), DICOM images (radiology images, etc.), and laboratory documents and results. Ambulatory care will have distinctly different modules than an ICU or ER.•These modules interact with the patient demographic data, patient progress notes or documents, and patient billing charges.•As well, the data is tracked and analyzed, typically via a server unit. This data is also transmitted to/from interested parties (i.e. research institutions).


UNIVERSITY


1d. HIPAA and Patient DataHIPAA History

• There are specific protocols that define how patient data can be transmitted or shared.

• The legal basis for these protocols is the Health Insurance Portability and Accountability Act of 1996, also known as the HIPAA Act.

• HIPAA defines how hospitals, clinics, and other organizations can share patient data.

• HIPAA also determines the level of security necessary for patient document storage.

HIPAA and EMRs• HIPAA dictated national

standards for electronic patient data transfer.

• It was recognized that EMRs could result in privacy loss.

• For EMR systems, HIPAA has become the bare minimum for necessary patient data security.

• HIPAA also regulates the minimum requirements for sending patient images, documents, and/or bills to/from another provider.


UNIVERSITY


1d. HIPAA and Patient Data, cont.• The eFax and eRx function are used by EMR systems to transfer patient data. • Currently, DICOM is modeled after the HL7’s CDA structure, which is an XML-based file categorization method• Noteworthy is that patient documents can be transferred via email. This breaks HIPAA in many cases, but can still be done under specific circumstances. Examples would be research data that has been made unidentifiable. • In medical service, fax is considered more secure than email. This is an important basis for the eFax function.


UNIVERSITY


1e. Meaningful Use in EMR SystemsReimbursements for Meaningful Use, 2009 Act7

• Medicare Incentive Program will pay up to $44,000 over five years. This is contingent upon meeting meaningful use criteria.

• Medicaid EHR Incentive Program will pay up to $67,500 over five years. This is also contingent upon meeting criteria.

• Many medical centers and clinics applied for and received large grants to assist with EMR/EHR infrastructure and development9.

Networking/Security Elements for Meaningful Use8

1. Electronic exchange of patient information

2. Capable of reporting lab results to public health agencies

3. Having a security audit4. Syndromic surveillance for

epidemiological factors5. Patient web portal6. Submission of data to

immunization registries.There are 15 mandatory, and several optional, functions in order to reach meaningful use status. EMRs have many other capabilities.


UNIVERSITY



2. Clinical Networks and Security

2a. System Security

2b. Medical Clinic and Community Outreach Computer Networks

2c. Network System Design

2d. Medical Clinic Data Flow


UNIVERSITY



• Clinical networks must ensure patient privacy. A clinical EMR and network is a huge target for identity thieves, and more recently, extortionists.

• While the amount of patient data is immense, some reports estimate that medical providers spend an estimated 3-4% of their annual budget on technology10.

• This indicates that not enough is being spent on the necessary components of technical safety, even at a time where medical record adoption is increasing nation-wide11.

2a. System Security


UNIVERSITY



• An example medical clinic and community outreach clinic is modeled on the next slide. Especially note the different mechanisms to ensure access to the Medical Data Center. A Virtual Private Network (VPN) is used in order to maintain security. In the meantime, the data center continues to act as the server unit for the rest of the agency.

• Not modeled here are the outgoing connections from the clinic and outreach offices, each of which are serviced with a standard connection (i.e. fiber-optic or DSL line). Cable connections are impractical, as there is no television in use.

2b. Medical Clinic and Community Outreach Computer Networks


UNIVERSITY

INFO780-900-201025 ST: Advanced Issues in Healthcare Informatics JANUARY 20, 2011INFO 614 Distributed Systems, Drexel University March 2011Prof. Allen, iSchoolMedical Clinic Network and Electronic Record System Security

UNIVERSITY



2b. Medical Clinic and Community Outreach Computer Networks, cont.• The medical network is connected via VPN to the data center,

which also allows the administrative offices to access the Internet. The company could also route all Internet traffic via the Data Center, in order to maintain company productivity.

• What can appear to be a good idea at one time (i.e. routing all traffic for every site through the Data Center), can cause severe congestion. One example would be an agency installing the Data Center in 2000, pre-EMR (which was purchased in 2008).

• In 2000, the DSL web traffic would be minimal, and bandwidth was highly available. This would have been preferred due to having two satellite sites.

• Network administrators must consider what will happen when the network load in increased.


UNIVERSITY



• The EMR requires a constant, SSL TCP/IP connection. As well, all traffic is encrypted via the EMR software, and decrypted upon packet receipt via the software’s private key. The key is not known to any staff.

• As well, staff often check on scanned documents and images, further increasing bandwidth consumption. Even with a solid document management strategy, some complex documents can reach well over 200Kb.

• By properly assessing the network changes that will be needed from an EMR installation, problems can be reduced, but not eliminated.

• Correct load balancing in a network can help maintain system security as well.

2b. Medical Clinic and Community Outreach Computer Networks, cont.


UNIVERSITY


2b. Medical Clinic andCommunity Outreach

Computer Networks, cont.

An example of a small medical clinic network. Notably, there are two types of mobile technology in use, as well as a wireless external hard drive.This is not an usual arrangement for a small medical center to have. While the tablet is connected via USB to the physician’s personal computer, the iPhone transmits data over the secure wireless system.The visible security flaw in this network is the wireless hard drive. While data is encrypted and the channel is secured with WPA or another security measure, this is a critical security failure.Another similar instance can occur with any wireless device that is only moderately secured. For example, wireless printers are also susceptible to a hacked printer spool .dll, which then allows access to the greater network.


UNIVERSITY


2c. Network System DesignOne huge issue with security is displayed on the left. While the file transmission is secure, there is no guarantee that any provider that a connection is opened with is also secure.For security purposes, there is a dual-edged sword: files are transmitted directly into another system. This specifically occurs with eFax and patient documents. This is not done via port 80, but typically done with an application’s own port. Documents must typically be received in the same fashion. While this is likely to function as secured FTP, digital images are more vulnerable than paper charts12.This standard is supposed to ensure safety, but many of the programs are relatively new, and are constantly evolving.


UNIVERSITY



• Patient data formats must meet multiple standards for transfer. These include Health Level 7 (HL7) Message Protocol 2/3, HL7 Clinical Document Architecture (CDA), and Digital Imaging and Communication in Medicine (DICOM).

• As well, as data in an EMR must be indelible, meaning that nothing can be deleted. This is to ensure both patient security and quality of care.

• Any EMR is a resource-heavy product. Unfortunately, the amount of bandwidth a multiple-site EMR consumes is not readily available.

2d. Medical Clinic Data Flow


UNIVERSITY



3a. Network Failure

3b. Patient Data Loss

3c. Security Failure

3. Networks and Security Breaches:Case Studies


UNIVERSITY



• Loss of medical network control can mean calamity.• Examples of network failure include the Mytob virus in the U.K.

The U.K. is attempting to implement a national health information technology system. The estimated cost for the system is over £ 12.7Bn.

• In 2008, the entire infrastructure of the U.K. health system was infected by the Mytob virus. It successfully shut down 4,700 computers, and reduced hospitals to using human runners in order to transmit data13.

• Mytob was a sign that the entire U.K. health system has been compromised. The national health system is scheduled for completion in 2015, which means that the entire national EMR will have been buggy for over seven years.

3a. Network Failure


UNIVERSITY



• The U.K. is one of the most extreme examples of network failure. Strangely, the national infrastructure was victim to a very similar attack in 200714.

• It would make sense that unless there are system-wide issues, the attack would have had isolated results. Instead, the entire network failed, putting numerous lives at risk.

• It is important to keep in mind that the U.K. has national healthcare. If the same had happened to a provider in the U.S., there could have been severe monetary issues and/or litigation.

3a. Network Failure


UNIVERSITY



• Patient files are tempting to identity thieves: a complete medical record contains not only demographics, but substantial financial and health documentation.

• In one scenario, identity theft could result in healthcare costs due to fraud15.

• Patient data is now being targeted for extortion as well16; 17. Laboratories and imaging centers are becoming targets.

• Drug testing and rehabilitation centers are particularly vulnerable, and often unprotected.

• Another key element is physicality. If a thief can target the computer system itself, than the network is much more vulnerable.

3b. Patient Data Loss


UNIVERSITY



• A laptop, along with at least 660 patient records, was stolen from a rehabilitation clinic in Los Angles, CA.

• This highlights the earlier points. Access to physical elements of a network invalidates much of the digital security.

• A patient account, once stolen and shared, becomes riddled with hazardous information. Even with clinical steps to mitigate the damage, medical identity theft can have dangerous results.

• While a small clinic may have 800 patients, Kaiser Permanente is a multi-national healthcare provider. This means that network security and EMR protection must come first on the list for technology and IT systems.

• For further reading, Cisco has a number of publications about medical networks and system design: http://www.cisco.com/web/strategy/healthcare/index.html.

3b. Patient Data Loss, cont.


http://www.cisco.com/web/strategy/healthcare/index.html

UNIVERSITY



• At $50 per record, a small stolen medical record database can be worth $40,000 on the black market.

• As well, it is possible to find complete guidelines written by anonymous authors that cover medical network design. Some of these publications specifically cover network security18.

• The Mytob virus demonstrates that once a system has been severely damaged, repairs may be not be possible at more than the superficial level.

• Network intrusion can include theft for several reasons: identity theft, extortion, and causing havoc are several major causes.

• It can be safely assumed that if something is valuable, then attempts will be made to get into a network. The goal is a strong defense, as well as a solid back-up plan.

3c. Security Failure


UNIVERSITY



• EMR systems are complex and resource-heavy. This can be seen in the data center design.

• They are required to conduct hundreds of daily transactions within internal and external networks.

• EMR systems are crucial to quality of care and patient safety.• Due to the 2009 Recovery Act, Medicare, and Medicaid, it is

almost certain that every provider in the U.S. will be using an EMR in the future. When is unknown.

• EMRs function as part of medical networks, which often tie together clinics, hospitals, and community centers.

• Due to heavier usage, many medical clinic networks are under-performing. This is partially due to outdated network infrastructure, and also because of larger demands for files and data. This trend will only accelerate in the future.

4. Conclusion


UNIVERSITY



• Due to the sheer value of patient data, medical network and EMR security has to be a priority for all providers and staff.

• Network system design often includes weak points, and medical/clinical settings are no exception.

• There are numerous ways for network and computer security systems to be corrupted and/or compromised.

• Besides viruses and Trojans, physical theft and network collapse can occur.

• Patient data has become a premium target for extortion, blackmail, and identity theft.

• When a patient’s file is compromised, financial and health costs can skyrocket. Also, litigation can occur.

4. Conclusion, cont.


INFO 614 Slide Show

Documents

Transcript of INFO 614 Slide Show