SpringerLink
Log in

Health Systems Security

  • Chapter
  • First Online:
Public Health Informatics and Information Systems

Part of the book series: Health Informatics ((HI))

  • 3511 Accesses

Abstract

The security challenges faced by public health systems have some commonalities with all systems, but also some unique issues. The large amounts of sensitive data collected by public health, combined with the importance of public health to the well-being of the population, make security a crucial issue. US Homeland Security has categorized Healthcare and the Public Health Sector as one of the 16 critical infrastructure sectors.

This chapter discusses the context of health data security, including core concepts such as privacy, confidentiality, and HIPAA regulations. Two different but related security paradigms are explored, the CIA Triad and the Parkerian Hexad. The value of health and public health data is reviewed, along with information on security breaches, risk assessments, security frameworks, resources, and countermeasures.

A case study is presented, the Kentucky Health Information Exchange (KHIE). The context, security concerns and preventive measures, and future plans of KHIE are reviewed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (Brazil)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (Brazil)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (Brazil)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (Brazil)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Department of Homeland Security. Critical infrastructure sectors. https://www.dhs.gov/cisa/critical-infrastructure-sectors. Accessed 30 Nov 2019.

  2. ISKO. Knowledge pyramid, the DIKW hierarchy. 2019. https://www.isko.org/cyclo/dikw. Accessed 30 Nov 2019.

  3. CDC. HIPAA, privacy & confidentiality. 2012. https://www.cdc.gov/aging/emergency/legal/privacy.htm. Accessed 30 Nov 2019.

  4. CDC. Sexually transmitted disease (STD) Contact tracing. http://www.ncsddc.org/wp-content/uploads/2017/08/infographic_5-26-16.pdf. Accessed 30 Nov 2019.

  5. HIPAA Journal. What is considered protected health information under HIPAA law? 2019. https://www.hipaajournal.com/what-is-considered-protected-health-information-under-hipaa/. Accessed 30 Nov 2019.

  6. HHS. Health information privacy, summary of the HIPAA security rule. 2013. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html. Accessed 30 Nov 2019.

  7. HHS. Health information privacy, disclosures for public health activities. 2013. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/disclosures-public-health-activities/index.html. Accessed 30 Nov 2019.

  8. Ebrary.net. The InfoSec handbook. 2019. https://ebrary.net/26648/computer_science/parkerian_hexad. Accessed 4 Dec 2019.

  9. Sulleyman, A. NHS cyber attack: why stolen medical information is so much more valuable than financial data. 2017. https://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-medical-data-records-stolen-why-so-valuable-to-sell-financial-a7733171.html. Accessed 30 Nov 2019.

  10. CDC. The public health system & the 10 essential public health services. 2018. https://www.cdc.gov/publichealthgateway/publichealthservices/essentialhealthservices.html. Accessed 30 Nov 2019.

  11. HHS Office for Civil Rights. Breach portal: notice to the secretary of HHS breach of unsecured protected health information. 2019. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf#. Accessed 30 Nov 2019.

  12. Symantec. Privacy. 2019. https://us.norton.com/internetsecurity-privacy-security-breach.html. Accessed 30 Nov 2019.

  13. No More Ransom! Ransomware: Q&A. https://www.nomoreransom.org/en/ransomware-qa.html. Accessed 30 Nov 2019.

  14. NIST. Federal Information Security Management Act (FISMA) implementation project. 2018. https://www.nist.gov/programs-projects/federal-information-security-management-act-fisma-implementation-project. Accessed 30 Nov 2019.

  15. NIST. Computer Security Resource Center, FISMA Implementation Project. 2019. https://csrc.nist.gov/Projects/risk-management/rmf-overview. Accessed 2 Dec 2019.

  16. Organisation Internationale de Normalisation (ISO). ISO/IEC 27001 Information Security Management. https://www.iso.org/isoiec-27001-information-security.html. Accessed 30 Nov 2019.

  17. ISACA. COBIT. 2019. http://www.isaca.org/COBIT/Pages/default.aspx. Accessed 30 Nov 2019.

  18. NIST. Cybersecurity Framework. https://www.nist.gov/cyberframework. Accessed 30 Nov 2019.

  19. NIST. Framework for Improving Critical Infrastructure Cybersecurity. 2018. https://www.nist.gov/system/files/documents/2018/05/14/framework_v1.1_with_markup.pdf. Accessed 30 Nov 2019.

  20. HHS. Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. 2015. https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html. Accessed 30 Nov 2019.

  21. KHIE Kentucky Health Information Exchange. https://khie.ky.gov/Pages/index.aspx. Accessed 30 Nov 2019.

Download references

Author information

Authors and Affiliations

  1. Department of Medical Informatics and Clinical Epidemiology, Oregon Health & Science University, Portland, OR, USA

    J. A. Magnuson

  2. The University of Tennessee Health and Science Center (UTHSC), Memphis, TN, USA

    Dennis E. Leber

Authors
  1. J. A. Magnuson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dennis E. Leber
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to J. A. Magnuson .

Editor information

Editors and Affiliations

  1. Department of Medical Informatics and Clinical Epidemiology, Oregon Health & Science University, Portland, OR, USA

    J.A. Magnuson

  2. Department of Epidemiology, Indiana University, Richard M. Fairbanks School of Public Health, Indianapolis, IN, USA

    Brian E. Dixon

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Magnuson, J.A., Leber, D.E. (2020). Health Systems Security. In: Magnuson, J., Dixon, B. (eds) Public Health Informatics and Information Systems . Health Informatics. Springer, Cham. https://doi.org/10.1007/978-3-030-41215-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41215-9_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41214-2

  • Online ISBN: 978-3-030-41215-9

  • eBook Packages: MedicineMedicine (R0)

Publish with us

Policies and ethics

Search

Navigation