1 / 1

Modifying without a Trace

Modifying without a Trace. Jason King Ben Smith Laurie Williams. 0. 0. 0. 0. 0. General Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms. 0. 0. 0. 0. Motivation

gilda
Download Presentation

Modifying without a Trace

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Modifyingwithout a Trace Jason King Ben Smith Laurie Williams 0 0 0 0 0 General Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms 0 0 0 0 • Motivation • Policy, law, and regulations require audit mechanisms to record and examine interactions withprotected health information • Insider attack and/or general curiosity may lead to unauthorized access to protected health information • The health informatics field needs standards that address implementation of software audit mechanisms for ensuring accountability and non-repudiation • Findings • Software developers for EHR systems should focus on specific auditable events for managing protected health information, instead of basing their audit mechanisms on guidelines or checklists that contain generalized auditable event types • Without strong audit mechanisms to ensure accountability and responsibility, healthcare software remains vulnerable to undetected misuse, both malicious and accidental, including insider threat Chuvakin & Peterson CCHIT 7 1 5 EHR Systems Studied 3 IEEE SANS • Chuvakin & Peterson’s “Logging in the Age of Web Services” • Certification Commission for Health Information Technology • SysAdmin, Audit, Network, & Security Institute • IEEE Standard for Information Technology: Hardcopy Device & System Security

More Related