INFO 614 Slide Show

INFO 614 Distributed Systems, Drexel University March 2011
INFO780-900-201025 ST: Advanced Issues in Healthcare Informatics JANUARY 20, 2011

Prof. Allen, iSchool
Medical Clinic Network and Electronic Record System Security
UNIVERSITY
Medical Clinic Network and

Electronic Record System
Security
INFO 614
William Murakami-Brundage
Drexel, March 2011
UNIVERSITY
Table of Contents
1. Overview
1a. Medical Record Systems
1b. Networking and Data Flow
1c. System Design
1d. HIPAA and Patient Data
1e. Meaningful Use
2. Clinical Networks and Security
2a. System Security
2b. Medical Clinic and Community Outreach Computer Networks
2c. System Design
2d. Medical Clinic Data Flow
3. Networks and Security Breaches: Case Studies
3a. Network Failure
3b. Patient Data Loss
3c. Security Failure
4. Summary
Medical
Clinical Clinic Network
information andtheir
systems and Electronic Record System Security
evaluation
UNIVERSITY
1. Overview
1a. Medical Record Systems
1b. Networking and Data Flow
1c. System Design
1e. Meaningful Use

Medical
evaluation
UNIVERSITY
1. Overview: Electronic Medical Record

Systems (EMR)
• Electronic Medical Record Systems are part of
the 21st century medical system.
• EMRs collect patient data, communicate with
other provider’s EMR systems, send
prescription and lab requests, and store and
transmit images and medical documents.
They also interconnect with medical devices
in hospitals and clinics.
UNIVERSITY
1a. Electronic Medical Record Systems

• Every EMR is required to be • The 2009 Act includes
interconnected to external reimbursement for providers who
networks due to Meaningful Use have fully operational systems2.
regulations included in the 2009
• In order to be eligible for
Recovery Act1.
reimbursement, an EMR must be
• Files are sent and received to certified by the Certification
other medical facilities. This Commission for Health
includes billing and chart Information Technology
documents. (CCHIT), a Federally authorized
• EMRs can interconnect with organization3.
medical sensors and other • As well, EMRs must use secure
devices. file transfer methods mandated by
Health Level 7 (HL7)4.
UNIVERSITY
1a. Electronic Medical Record Systems,

Cont.
Major EMR Vendors5 EMR Application
• AllMeds, Inc. AllMeds EMR Ver. 8
• GE Healthcare Centricity EMR 9.0/9.5
• eClinicalWorks LLC eClinicalWorks 8.0.100
• AllScripts Enterprise 11.1.7
• MedConnect MedConnect EHR 1.0
• Nortec Software Inc. Nortec EHR 7.0
• As of March 16, 2011, there were 154 CCHIT-

certified products on CCHIT’s list
(http://cchit.org).
UNIVERSITY
1c. EMR System Design
An outline of a clinical EMR data center. Note that, depending on the size of the
clinic, the non-medical servers could be separated into a different stack.
UNIVERSITY
1c. System Design, Cont.

EMR Data in Applications
•As mentioned earlier, many applications
within an EMR require an external network
connection.
•Applications or modules include the eFax,
eRx (prescriptions), DICOM images
(radiology images, etc.), and laboratory
documents and results. Ambulatory care
will have distinctly different modules than
an ICU or ER.
•These modules interact with the patient
demographic data, patient progress notes or
documents, and patient billing charges.
•As well, the data is tracked and analyzed,
typically via a server unit. This data is also
transmitted to/from interested parties (i.e.
research institutions).
UNIVERSITY

HIPAA History HIPAA and EMRs
• There are specific protocols that • HIPAA dictated national
define how patient data can be standards for electronic patient
transmitted or shared. data transfer.
• The legal basis for these protocols • It was recognized that EMRs
is the Health Insurance Portability could result in privacy loss.
and Accountability Act of 1996, • For EMR systems, HIPAA has
also known as the HIPAA Act. become the bare minimum for
• HIPAA defines how hospitals, necessary patient data security.
clinics, and other organizations • HIPAA also regulates the
can share patient data. minimum requirements for
• HIPAA also determines the level sending patient images,
of security necessary for patient documents, and/or bills to/from
document storage. another provider.
UNIVERSITY
1d. HIPAA and Patient Data, cont.

• The eFax and eRx function are
used by EMR systems to transfer
patient data.
• Currently, DICOM is modeled
after the HL7’s CDA structure, which
is an XML-based file categorization
method
• Noteworthy is that patient
documents can be transferred via
email. This breaks HIPAA in many
cases, but can still be done under
specific circumstances. Examples
would be research data that has been
made unidentifiable.
• In medical service, fax is
considered more secure than email.
This is an important basis for the
eFax function.
UNIVERSITY
1e. Meaningful Use in EMR Systems

Reimbursements for Networking/Security Elements
Meaningful Use, 2009 Act7 for Meaningful Use8
• Medicare Incentive Program will 1. Electronic exchange of patient
pay up to $44,000 over five years. information
This is contingent upon meeting 2. Capable of reporting lab results
meaningful use criteria. to public health agencies
• Medicaid EHR Incentive Program 3. Having a security audit
will pay up to $67,500 over five 4. Syndromic surveillance for
years. This is also contingent epidemiological factors
upon meeting criteria.
5. Patient web portal
• Many medical centers and clinics
applied for and received large 6. Submission of data to
grants to assist with EMR/EHR immunization registries.
There are 15 mandatory, and several optional,
infrastructure and development9. functions in order to reach meaningful use
status. EMRs have many other capabilities.
Medical
evaluation
UNIVERSITY
2. Clinical Networks and Security

2a. System Security
2b. Medical Clinic and Community Outreach Computer Networks
2c. Network System Design

Medical
evaluation
UNIVERSITY
2a. System Security

• Clinical networks must ensure patient privacy. A clinical EMR
and network is a huge target for identity thieves, and more
recently, extortionists.
• While the amount of patient data is immense, some reports
estimate that medical providers spend an estimated 3-4% of
their annual budget on technology10.
• This indicates that not enough is being spent on the necessary
components of technical safety, even at a time where medical
record adoption is increasing nation-wide11.
Medical
evaluation
UNIVERSITY
2b. Medical Clinic and Community

Outreach Computer Networks
• An example medical clinic and community outreach clinic is modeled
on the next slide. Especially note the different mechanisms to ensure
access to the Medical Data Center. A Virtual Private Network (VPN) is
used in order to maintain security. In the meantime, the data center
continues to act as the server unit for the rest of the agency.
• Not modeled here are the outgoing connections from the clinic and
outreach offices, each of which are serviced with a standard
connection (i.e. fiber-optic or DSL line). Cable connections are
impractical, as there is no television in use.
UNIVERSITY
Medical
evaluation
UNIVERSITY

Outreach Computer Networks, cont.
• The medical network is connected via VPN to the data center,
which also allows the administrative offices to access the
Internet. The company could also route all Internet traffic via the
Data Center, in order to maintain company productivity.
• What can appear to be a good idea at one time (i.e. routing all
traffic for every site through the Data Center), can cause severe
congestion. One example would be an agency installing the Data
Center in 2000, pre-EMR (which was purchased in 2008).
• In 2000, the DSL web traffic would be minimal, and bandwidth
was highly available. This would have been preferred due to
having two satellite sites.
• Network administrators must consider what will happen when
the network load in increased.
Medical
evaluation
UNIVERSITY

Outreach Computer Networks, cont.
• The EMR requires a constant, SSL TCP/IP connection. As well, all
traffic is encrypted via the EMR software, and decrypted upon
packet receipt via the software’s private key. The key is not
known to any staff.
• As well, staff often check on scanned documents and images,
further increasing bandwidth consumption. Even with a solid
document management strategy, some complex documents can
reach well over 200Kb.
• By properly assessing the network changes that will be needed
from an EMR installation, problems can be reduced, but not
eliminated.
• Correct load balancing in a network can help maintain system
security as well.
UNIVERSITY
2b. Medical Clinic and

Community Outreach
Computer Networks, cont.
An example of a small medical clinic
network. Notably, there are two types of
mobile technology in use, as well as a
wireless external hard drive.
This is not an usual arrangement for a small
medical center to have. While the tablet is
connected via USB to the physician’s
personal computer, the iPhone transmits data
over the secure wireless system.
The visible security flaw in this network is
the wireless hard drive. While data is
encrypted and the channel is secured with
WPA or another security measure, this is a
critical security failure.
Another similar instance can occur with any
wireless device that is only moderately
secured. For example, wireless printers are
also susceptible to a hacked printer spool
.dll, which then allows access to the greater
network.
UNIVERSITY
2c. Network System Design

One huge issue with security is
displayed on the left. While the file
transmission is secure, there is no
guarantee that any provider that a
connection is opened with is also
secure.
For security purposes, there is a dual-
edged sword: files are transmitted
directly into another system. This
specifically occurs with eFax and
patient documents. This is not done via
port 80, but typically done with an
application’s own port. Documents
must typically be received in the same
fashion. While this is likely to function
as secured FTP, digital images are
more vulnerable than paper charts12.
This standard is supposed to ensure
safety, but many of the programs are
relatively new, and are constantly
evolving.
Medical
evaluation
UNIVERSITY

• Patient data formats must meet multiple standards for transfer.
These include Health Level 7 (HL7) Message Protocol 2/3, HL7
Clinical Document Architecture (CDA), and Digital Imaging and
Communication in Medicine (DICOM).
• As well, as data in an EMR must be indelible, meaning that
nothing can be deleted. This is to ensure both patient security
and quality of care.
• Any EMR is a resource-heavy product. Unfortunately, the
amount of bandwidth a multiple-site EMR consumes is not
readily available.
Medical
evaluation
UNIVERSITY
3. Networks and Security Breaches:

Case Studies
3a. Network Failure

Medical
evaluation
UNIVERSITY
3a. Network Failure

• Loss of medical network control can mean calamity.
• Examples of network failure include the Mytob virus in the U.K.
The U.K. is attempting to implement a national health
information technology system. The estimated cost for the
system is over £ 12.7Bn.
• In 2008, the entire infrastructure of the U.K. health system was
infected by the Mytob virus. It successfully shut down 4,700
computers, and reduced hospitals to using human runners in
order to transmit data13.
• Mytob was a sign that the entire U.K. health system has been
compromised. The national health system is scheduled for
completion in 2015, which means that the entire national EMR
will have been buggy for over seven years.
Medical
evaluation
UNIVERSITY
3a. Network Failure

• The U.K. is one of the most extreme examples of network
failure. Strangely, the national infrastructure was victim to a
very similar attack in 200714.
• It would make sense that unless there are system-wide issues,
the attack would have had isolated results. Instead, the entire
network failed, putting numerous lives at risk.
• It is important to keep in mind that the U.K. has national
healthcare. If the same had happened to a provider in the U.S.,
there could have been severe monetary issues and/or litigation.
Medical
evaluation
UNIVERSITY

• Patient files are tempting to identity thieves: a complete medical
record contains not only demographics, but substantial financial
and health documentation.
• In one scenario, identity theft could result in healthcare costs
due to fraud15.
• Patient data is now being targeted for extortion as well16; 17.
Laboratories and imaging centers are becoming targets.
• Drug testing and rehabilitation centers are particularly
vulnerable, and often unprotected.
• Another key element is physicality. If a thief can target the
computer system itself, than the network is much more
vulnerable.
Medical
evaluation
UNIVERSITY
3b. Patient Data Loss, cont.

• A laptop, along with at least 660 patient records, was stolen
from a rehabilitation clinic in Los Angles, CA.
• This highlights the earlier points. Access to physical elements of
a network invalidates much of the digital security.
• A patient account, once stolen and shared, becomes riddled
with hazardous information. Even with clinical steps to mitigate
the damage, medical identity theft can have dangerous results.
• While a small clinic may have 800 patients, Kaiser Permanente is
a multi-national healthcare provider. This means that network
security and EMR protection must come first on the list for
technology and IT systems.
• For further reading, Cisco has a number of publications about
medical networks and system design:
http://www.cisco.com/web/strategy/healthcare/index.html.
Medical
evaluation
UNIVERSITY

• At $50 per record, a small stolen medical record database can be
worth $40,000 on the black market.
• As well, it is possible to find complete guidelines written by
anonymous authors that cover medical network design. Some of
these publications specifically cover network security18.
• The Mytob virus demonstrates that once a system has been
severely damaged, repairs may be not be possible at more than
the superficial level.
• Network intrusion can include theft for several reasons: identity
theft, extortion, and causing havoc are several major causes.
• It can be safely assumed that if something is valuable, then
attempts will be made to get into a network. The goal is a strong
defense, as well as a solid back-up plan.
Medical
evaluation
UNIVERSITY
4. Conclusion
• EMR systems are complex and resource-heavy. This can be seen
in the data center design.
• They are required to conduct hundreds of daily transactions
within internal and external networks.
• EMR systems are crucial to quality of care and patient safety.
• Due to the 2009 Recovery Act, Medicare, and Medicaid, it is
almost certain that every provider in the U.S. will be using an
EMR in the future. When is unknown.
• EMRs function as part of medical networks, which often tie
together clinics, hospitals, and community centers.
• Due to heavier usage, many medical clinic networks are under-
performing. This is partially due to outdated network
infrastructure, and also because of larger demands for files and
data. This trend will only accelerate in the future.
Medical
evaluation
UNIVERSITY
4. Conclusion, cont.
• Due to the sheer value of patient data, medical network and
EMR security has to be a priority for all providers and staff.
• Network system design often includes weak points, and
medical/clinical settings are no exception.
• There are numerous ways for network and computer security
systems to be corrupted and/or compromised.
• Besides viruses and Trojans, physical theft and network collapse
can occur.
• Patient data has become a premium target for extortion,
blackmail, and identity theft.
• When a patient’s file is compromised, financial and health costs
can skyrocket. Also, litigation can occur.

INFO 614 Slide Show

Uploaded by

Document Information

Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Description:

Copyright:

Available Formats

INFO 614 Slide Show

Uploaded by

Description:

Copyright:

Available Formats

INFO 614 Distributed Systems, Drexel University March 2011

INFO780-900-201025 ST: Advanced Issues in Healthcare Informatics JANUARY 20, 2011

Medical Clinic Network and

1a. Medical Record Systems

1b. Networking and Data Flow

1c. System Design

1d. HIPAA and Patient Data

1e. Meaningful Use

1. Overview: Electronic Medical Record

1a. Electronic Medical Record Systems

1a. Electronic Medical Record Systems,

• As of March 16, 2011, there were 154 CCHIT-

1c. EMR System Design

1c. System Design, Cont.

1d. HIPAA and Patient Data

1d. HIPAA and Patient Data, cont.

1e. Meaningful Use in EMR Systems

2. Clinical Networks and Security

2b. Medical Clinic and Community Outreach Computer Networks

2c. Network System Design

2d. Medical Clinic Data Flow

2a. System Security

2b. Medical Clinic and Community

2b. Medical Clinic and Community

2b. Medical Clinic and Community

2b. Medical Clinic and

2c. Network System Design

2d. Medical Clinic Data Flow

3. Networks and Security Breaches:

3b. Patient Data Loss

3c. Security Failure

3a. Network Failure

3a. Network Failure

3b. Patient Data Loss

3b. Patient Data Loss, cont.

3c. Security Failure

Related Interests

You might also like