Electronic health records
Download as PPT, PDF2 likes876 views
An EHR is an electronic record of a patient's health information generated during encounters in care settings. EHRs can reduce costs, improve care quality, and easily store records. EHR security is important to protect from insider attacks, software vulnerabilities, and targeted exploits like SQL injections, cross-site scripting, and phishing. EHR systems are attacked to access health records, billing information, and services. Implementation bugs and design flaws allow exploits like session hijacking and authorization failures. Strong privacy and security protections are needed as EHR information becomes more available.
Electronic health records
- 1. What is an EHR?What is an EHR? The EHR is a longitudinal electronic record of a patient health information generated by one or more encounters in any care delivery setting.
- 2. Advantages of EHRAdvantages of EHR Cost can be reduced Quality of care can be improved Record can be kept easily Mobility
- 3. Why Security of EHR Is Needed ?Why Security of EHR Is Needed ? INSIDER ATTACKS An Insider attack occurs when employees with legitimate access to their organization information systems use these systems to sabotage their organization IT infrastructure or commit fraud.
- 4. SOFTWARE SECURITY REQUIREMENTS SOFTWARE SECURITY REQUIREMENTS Use cases Misuse cases It specifies a negative use case i.e. behavior that is not allowed in the proposed system. It is a description of the possible sequences of interactions between the system and it’s external actors.
- 5. Certification of EHR SystemsCertification of EHR Systems Its certification began in 2006 It is primarily conducted by the Certification Commission of Healthcare IT (CCHIT)
- 6. Why EHR Systems Are Attacked ? For Health Records For Service For Identity And Billing Information
- 7. Exploits Done On Targeted Applications Exploits Done On Targeted Applications Implementation Bugs Design Flaws They are code level software problems. They are high-level problems associated with the architecture and design of the system.
- 8. Implementation Bugs Session Hijacking Cross-Site Scripting Phishing SQL Injections PDF Exploits Denial of Service: File Uploads Authorization Failure
- 9. SQL InjectionsSQL Injections In this, an attacker exploits a lack of input validation to force unintended system behavior by inserting reserved words or characters into input fields that will alter the logical structure of a SQL statement.
- 11. Cross-Site Scripting Cross-Site Scripting It’s a computer security vulnerability that enables malicious attackers to inject client side script into web-page viewed by other users.
- 13. Denial of Service: File Uploads Denial of Service: File Uploads In this the attacker changes the state of web server to slow or unresponsive.
- 14. PhishingPhishing It is an attempt to acquire sensitive information such as user names, passwords etc. by masking as a trustworthy entity.
- 15. Lack of Authorization control Lack of Authorization control In this the patient’s confidential health records and personal identification information can be viewed by the attacker.
- 16. ConclusionConclusion The EHR will soon have …. Better privacy and security protections … Information will be available when we need it …
- 17. BibliographyBibliography 1) Research paper 2) http://www.ncrr.nih.gov/publications/informatics/ehr.pdf 3) http://www.hhs.gov/health/healthnetwork/background/ 4) Wikipedia. 5)http://mhcc.maryland.gov/electronichealth/mhitr/EHR %20Links /challenges_to_ehr.pdf 7) www.drivencompany.com/nist.cfm 8) http://go4webapps.com/2010/04/24/webscarab-web- security-application-testing-tool/
- 18. THANK YOU Submitted by: Shivani Tyagi Anurag Deb