1 / 20

Jason Lin, Corporate Security Officer Tuesday, May 28, 2013

Exposing the Data Risks and Offering the Recommendations for the Secure Consumerization of e-Health. Jason Lin, Corporate Security Officer Tuesday, May 28, 2013. Faculty/Presenter Disclosure. Faculty: Jason Lin Relationships with commercial interests: None. Background. Productivity.

jerzy
Download Presentation

Jason Lin, Corporate Security Officer Tuesday, May 28, 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exposing the Data Risks and Offering the Recommendations for the Secure Consumerization of e-Health Jason Lin, Corporate Security Officer Tuesday, May 28, 2013

  2. Faculty/Presenter Disclosure • Faculty: Jason Lin • Relationships with commercial interests: • None

  3. Background • Productivity • Access • Quality • Personal Videoconferencing

  4. Scope Timeline • Review of policies and agreements to support the PCVC service • Focus on the extension of the PCVC service to mobile device platforms (Android and iOS) • 2012 • Laptops • Providers • 2013 • Tablets • Providers • 2014+ • Mobile Devices • ???

  5. Access “and” Quality “Our mission is to develop and support telemedicine solutions that enhance access and quality of health care in Ontario, and inspire adoption by health care providers, organizations, and the public.”

  6. Quality includes Information Security CIA Triad Confidentiality:  Privacy of patients depends upon maintaining the confidentiality of personal health information (PHI) at all times. Integrity:  Patient safety depends upon maintaining the integrity of PHI (e.g. ensure no systematic errors exist). Failure to maintain integrity can result in illness,injury or even death. Availability:  In order to provide safe care, HCP must have ready access to important PHI before, during and after providing care. Confidentiality Integrity Availability

  7. Center for Information Technology Leadership (CITL) Maturity Model

  8. PCVC Threat Risk Assessment Findings R3: Breach of physician privacy due to lack of end user guidance and surreptitious recording capabilities of consultations by end users/patients, especially within a BYOD configuration R1: Unauthorised disclosure of PHI due to re-provisioned or lost/stolen device containing Vidyo Mobile Logs R4: Limitations and complexity within policies, MOUs, member and end user guidance coupled with presence of PHI on mobile devices R2: Inadvertent exposure and unauthorised access to PCVC sessions due to limitations in Guestlink operations and configuration

  9. PEOPLE Defense In Depth Safeguards TECHNOLOGY PROCESS

  10. R1: “Unauthorised disclosure of PHI due to re-provisioned or lost/stolen device containing Vidyo Mobile Logs” Safeguard Do not leave your mobile device unattended

  11. R1: “Unauthorised disclosure of PHI due to re-provisioned or lost/stolen device containing Vidyo Mobile Logs” Safeguard Use passphrases

  12. R2: “Inadvertent exposure and unauthorised access to PCVC sessions” Safeguard Do not leave your mobile device unattended

  13. R2: “Inadvertent exposure and unauthorised access to PCVC sessions” Safeguard Do not share your account credentials

  14. Risk 3 “Breach of physician privacy due to lack of end user guidance” Safeguard Regularly Create best practise guidelines for HIC users

  15. Risk 4 “Limitations and Complexity within Policies” Safeguard Create simplified and friendly terms of services

  16. Risk “Increased external attacks…”

  17. Risk “Increased external attacks” Safeguard Harden devices and applications

  18. Risk “Increased external attacks…” Safeguard Separate corporate from consumer environments

  19. Circles of Trust • International • Federal • Provincial • OTN Local

  20. Questions and Answers Thank You http://otn.ca/en/services/pcvc

More Related