GENERAL SANTOS DOCTORS’ MEDICAL

SCHOOL FOUNDATION INC.

NCM 110: NURSING INFORMATICS

CHAPTER 12
ELECTRONIC SECURITY
 INTRODUCTION
Healthcare systems must comply with HIPAA and HITECH
regulations while ensuring robust network security to protect
patient information. Mowry and Oakes (2011) highlighted the
vulnerability of electronic health records, noting that up to 77
individuals could access a patient’s record during
hospitalization. While IT policies must safeguard private data,
cumbersome authentication procedures can hinder clinicians’
efficiency. Physicians spend nearly two minutes per patient
encounter managing logins, and major healthcare providers
handle over 150 applications, complicating access to
essential data. Organizations must balance security with
streamlined access to optimize patient care. This chapter
examines how health systems manage and secure information
within their networks.
SECURING NETWORK SECURITY
Healthcare organizations rely on computer networks for
communication and operations.
Network connections create security risks, exposing information
to u authorized access.
The rise of smart devices increases challenges in securing
network information.
Wireless medical devices (MDs) are vulnerable to security threats
(Sullivan, 2012).
3 MAIN AREAS OF SECURE
NETWORK INFORMATION
CONFIDENTIALITY
Ensures private health information is kept secure.
Organizations must have a well-defined confidentiality policy.
Prevent "shoulder surfing" by properly placing computer monitors.
3 MAIN AREAS OF SECURE
NETWORK INFORMATION
AVAILABILITY
Ensures network information is accessible when needed.
Protects key hardware and prepares for disruptions.

Ensures data accuracy and reliability.

INTEGRITY Employees must trust the information
they access.
 AUTHENTICATION OF USERS
WHAT IS AUTHENTICATION?
Authentication is the process of verifying a user's identity before granting access.

Organizations use authentication to protect sensitive data and prevent

unauthorized access.

Something the user knows (passwords)

3 Main Types of
Something the user has (security tokens, ID cards)
Authentication
Something the user is (biometrics)
 AUTHENTICATION OF USERS

MULTI-FACTOR AUTHENTICATION (MFA)

Combines two or more authentication methods for better security.

Prevents unauthorized access

Why is
Protects sensitive information
Authentication
Important? Enhances cybersecurity in organizations
Reduces risks of fraud and identity theft
 BLOCKCHAIN
BLOCKCHAIN TECHNOLOGY
Decentralized digital database that records transactions across multiple networked
computers
Transactions are stored in ordered blocks, each time-stamped and linked to the previous
block, forming a secure chain
It is used as a Public Ledger
o What is a public ledger? – This is a transparent and
immutable record of all transactions on a blockchain network

Immutability
Secured and Authenticated - Super-secure method of storing, authenticating, and
protecting data
 BLOCKCHAIN
BLOCKCHAIN’S SECURITY FEATURES
Decentralized
Data Encryption
Could either be Private or Public
Organizations can implement additional protections by restricting
network nodes to HIPAA-covered entities, (Health Insurance Portability
and Accountability Act) encrypting sensitive data, and keeping certain
data off-chain (Alder, n.d.; Miliard, 2017).
- HIPAA is a U.S. law that protects sensitive patient health
information
 BLOCKCHAIN
APPLICATIONS OF BLOCKCHAIN IN HEALTHCARE
HEALTHCARE RESEARCH

PATIENT-CENTERED CARE
Blockchain improves patient privacy, security, and interoperability by giving
patients control over their data and enabling seamless, secure information
exchange between healthcare systems
By linking patients to their data instead of personal identifiers, blockchain
standardizes records and ensures only certified healthcare providers can access
and update them, reducing fraud and errors.
USE CASE FOR BLOCKCHAIN TECHNOLOGY
It describes a distinct situation in which specific
USE CASE product or service coulr possibly used.

BLOCKCHAIN USE CASE:

INSURANCE CLAIM PROCESSING
The goal of this use case was to automate health insurance claim
processing by demonstrating the application of blockchain to the
insurance industry and specifically in health care.
USE CASE FOR BLOCKCHAIN TECHNOLOGY

KEY BENEFITS: TECHNOLOGY USED:

Decentralized management Smart Contracts– Automates
Indisputable audit trail claim validation and
Data trusted, transparent, and easily tracked approval.
Robustness and availability Distributed Ledger
Privacy and security Technology (DLT) – Ensures
synchronized and secure data
sharing.
THREATS TO SECURITY
One of the biggest advantages of a computer network is sharing
information easily. However, healthcare organizations must
protect this information and ensure that only the right people
can access it.
Data security threats in healthcare are increasing. A national
survey by the Computing Technology Industry Association
(CompTIA) found that human error caused over half of security
breaches.
Common mistakes include:
Not following security rules and procedures
Carelessness when handling data
Lack of experience with technology
Not being aware of new security threats (Greenberg,
2015)
 THREATS TO SECURITY
RANSOMWARE
Ransomware is a growing threat to healthcare organizations.
It is a type of malicious software that locks access to computer
systems until a ransom is paid to the hacker.

SOCIAL ENGINEERING
Social engineering is a major security threat. It involves
manipulating people by exploiting their trust or position in
an organization to gain unauthorized access to information
or systems
THREATS TO SECURITY
PHISHING Deceiving someone through fake emails
or calls to steal passwords or data.

SPEAR PHISHING
A more targeted version of phishing, using personal details to make
the scam more convincing.

Leaving an infected USB in a public place to

BAITING lure someone into plugging it into their
computer.

SCAREWARE
Tricking users into believing they’ve been hacked, then manipulating
them into allowing remote access.
 THREATS TO SECURITY
PREVENTING SECURITY BREACHES
To reduce risks, healthcare organizations need to take proactive steps. The
first line of defense is physical security:

Keeping offices locked

Having computers lock automatically after 5 minutes of inactivity
Providing regular security training

Employees should also be trained to:

Be aware of computer monitor visibility
Watch for shoulder surfing (someone looking over their shoulder)
Follow policies on removing computer hardware
 OFF-SITE USE OF PORTABLE DEVICES
Importance of Portable Devices in Healthcare
Mobile devices like laptops, tablets, smartphones, and portable storage
streamline healthcare delivery.
Healthcare professionals, like home health nurses and physicians, can access
Electronic Protected Health Information (EPHI) on the go.
 OFF-SITE USE OF PORTABLE DEVICES
Data Security Measures
Agencies must require data encryption when transmitting or storing EPHI on
unsecured networks.
Virtual Private Networks (VPNs) are essential to secure data on unsecured
networks (e.g., coffee shops, airports).
Only necessary clinical data should be stored on portable devices to
minimize risk.
 OFF-SITE USE OF PORTABLE DEVICES
Lost or Stolen Devices
Agencies are responsible for securing data on lost or stolen devices.
Using software to track devices and remotely delete sensitive data.
Simple steps like covering laptops left in cars and locking car doors help
deter theft.
 OFF-SITE USE OF PORTABLE DEVICES

Sanctions for Security Breaches

Clear sanctions must be in place for inappropriate access or theft of EPHI
(e.g., warning, suspension, termination, or prosecution).
Sanctions should emphasize the seriousness of protecting EPHI.
 OFF-SITE USE OF PORTABLE DEVICES

Strategies for Secure Remote Access

Use only company-owned devices and configure them properly.
Enforce strong VPN policies and user access privileges.
Mandate effective educational programs on secure computing practices.
 OFF-SITE USE OF PORTABLE DEVICES
Issues with Wireless Mobile Devices
and Malware
Wireless devices can easily be compromised, especially through
malware or insecure email/file transfers.
Lost/stolen devices can be gateways to healthcare networks and
sensitive data.
 OFF-SITE USE OF PORTABLE DEVICES
Cloud Computing Security
Cloud services need client-side encryption and multi-factor authentication.
Data Loss Prevention (DLP) protocols must be in place to prevent
unauthorized sharing of sensitive information.
 OFF-SITE USE OF PORTABLE DEVICES
Employee Training
The most effective defense against security breaches is comprehensive
employee training.
Cybersecurity breaches often come from careless internal actions rather than
external attacks.
 CONCLUSION
The chapter concludes that while ensuring security is essential, balancing accessibility and data
protection remains a challenge. As technology evolves, organizations must remain vigilant,
continuously updating security protocols to prevent breaches. With the growing use of cloud-
based solutions, the need for comprehensive security measures and proactive monitoring is more
crucial than ever. The only completely safe network is one that is turned off, making it essential
for healthcare institutions to find a middle ground between security and usability.
 GROUP 1-BSN2E
TRACY MAE ANTIPORTA
MARY NIKE LOUISE MICA Leader MIXIE BUBBLES AMPAN

ANTHEA PSYCHE BAJADE RYNCH SAMSON

Secretary Assistant Leader
 GROUP 1-BSN2E
KIETH IRECKA CASTOR RIA MILLAN

KEN ANDREW SALVACION KENZ JOSHUA SALINAS

THANK YOU