Abstract
The security challenges faced by public health systems have some commonalities with all systems, but also some unique issues. The large amounts of sensitive data collected by public health, combined with the importance of public health to the well-being of the population, make security a crucial issue. US Homeland Security has categorized Healthcare and the Public Health Sector as one of the 16 critical infrastructure sectors.
This chapter discusses the context of health data security, including core concepts such as privacy, confidentiality, and HIPAA regulations. Two different but related security paradigms are explored, the CIA Triad and the Parkerian Hexad. The value of health and public health data is reviewed, along with information on security breaches, risk assessments, security frameworks, resources, and countermeasures.
A case study is presented, the Kentucky Health Information Exchange (KHIE). The context, security concerns and preventive measures, and future plans of KHIE are reviewed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Department of Homeland Security. Critical infrastructure sectors. https://www.dhs.gov/cisa/critical-infrastructure-sectors. Accessed 30 Nov 2019.
ISKO. Knowledge pyramid, the DIKW hierarchy. 2019. https://www.isko.org/cyclo/dikw. Accessed 30 Nov 2019.
CDC. HIPAA, privacy & confidentiality. 2012. https://www.cdc.gov/aging/emergency/legal/privacy.htm. Accessed 30 Nov 2019.
CDC. Sexually transmitted disease (STD) Contact tracing. http://www.ncsddc.org/wp-content/uploads/2017/08/infographic_5-26-16.pdf. Accessed 30 Nov 2019.
HIPAA Journal. What is considered protected health information under HIPAA law? 2019. https://www.hipaajournal.com/what-is-considered-protected-health-information-under-hipaa/. Accessed 30 Nov 2019.
HHS. Health information privacy, summary of the HIPAA security rule. 2013. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html. Accessed 30 Nov 2019.
HHS. Health information privacy, disclosures for public health activities. 2013. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/disclosures-public-health-activities/index.html. Accessed 30 Nov 2019.
Ebrary.net. The InfoSec handbook. 2019. https://ebrary.net/26648/computer_science/parkerian_hexad. Accessed 4 Dec 2019.
Sulleyman, A. NHS cyber attack: why stolen medical information is so much more valuable than financial data. 2017. https://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-medical-data-records-stolen-why-so-valuable-to-sell-financial-a7733171.html. Accessed 30 Nov 2019.
CDC. The public health system & the 10 essential public health services. 2018. https://www.cdc.gov/publichealthgateway/publichealthservices/essentialhealthservices.html. Accessed 30 Nov 2019.
HHS Office for Civil Rights. Breach portal: notice to the secretary of HHS breach of unsecured protected health information. 2019. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf#. Accessed 30 Nov 2019.
Symantec. Privacy. 2019. https://us.norton.com/internetsecurity-privacy-security-breach.html. Accessed 30 Nov 2019.
No More Ransom! Ransomware: Q&A. https://www.nomoreransom.org/en/ransomware-qa.html. Accessed 30 Nov 2019.
NIST. Federal Information Security Management Act (FISMA) implementation project. 2018. https://www.nist.gov/programs-projects/federal-information-security-management-act-fisma-implementation-project. Accessed 30 Nov 2019.
NIST. Computer Security Resource Center, FISMA Implementation Project. 2019. https://csrc.nist.gov/Projects/risk-management/rmf-overview. Accessed 2 Dec 2019.
Organisation Internationale de Normalisation (ISO). ISO/IEC 27001 Information Security Management. https://www.iso.org/isoiec-27001-information-security.html. Accessed 30 Nov 2019.
ISACA. COBIT. 2019. http://www.isaca.org/COBIT/Pages/default.aspx. Accessed 30 Nov 2019.
NIST. Cybersecurity Framework. https://www.nist.gov/cyberframework. Accessed 30 Nov 2019.
NIST. Framework for Improving Critical Infrastructure Cybersecurity. 2018. https://www.nist.gov/system/files/documents/2018/05/14/framework_v1.1_with_markup.pdf. Accessed 30 Nov 2019.
HHS. Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. 2015. https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html. Accessed 30 Nov 2019.
KHIE Kentucky Health Information Exchange. https://khie.ky.gov/Pages/index.aspx. Accessed 30 Nov 2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Magnuson, J.A., Leber, D.E. (2020). Health Systems Security. In: Magnuson, J., Dixon, B. (eds) Public Health Informatics and Information Systems . Health Informatics. Springer, Cham. https://doi.org/10.1007/978-3-030-41215-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-41215-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41214-2
Online ISBN: 978-3-030-41215-9
eBook Packages: MedicineMedicine (R0)