Securing your patient information

Transcript

1. How  to  keep  your   patient  information   secure  

   Joel Friedlaender Founder - Cliniko
2. None

3. Who  is  this  Joel  guy?   Why do I care

   what he has to say?
4. None
5. None

6. 1.5  hours  of   CPD!!!!  

7. What  exactly  is   this  talk  about?  

8. This  talk  is  about…   Preventing unauthorised access Not losing

   information Unnecessary charts

9. Questions?   I might answer them as we go, maybe

   at the end. ¯\_(ツ)_/¯

10. Why  should  you   care  about   securing  patient  

    information?  
11. None
12. None
13. None
14. None

15. Preventing  unauthorised  access     Passwords  

16. What  could   someone  access   if  they  had  your

      password(s)?  

17. Is  your  password  easy   to  guess?  

18. 1) 123456 2) password 3) 12345 4) 12345678 5) qwerty

    6) 1234567890 7) 1234 8) baseball 9) dragon 10) football 11) 1234567 12) monkey 13) letmein 14) abc123 15) 111111 16) mustang 17) access 18) shadow 19) master 20) michael 21) superman 22) 696969 23) 123123 24) batman 25) trustno1 Most  common  passwords  2014  

19. Do  you  keep  it  secure?  

20. What  does  a  good   password  look  like?  

21. bT5&io!  

22. i  love  osteo  

23. bT5&io!    (???)     or     i  love

     osteo  (???)     Source:  https://howsecureismypassword.net/  

24. bT5&io!    (1  hour)     or     i

     love  osteo  (???)     Source:  https://howsecureismypassword.net/  

25. bT5&io!    (1  hour)     or     i

     love  osteo  (546  years)     Source:  https://howsecureismypassword.net/  

26. Do  you  have  a  different   password  for  each  

    service?  

27. ymxTNWRuoXawqavDRftHHBnkVqgvAu

28. Protect  your  devices   with  passwords!  

29. None
30. None
31. None

32. 2  factor  authentication     Something  you  know,    

    something  you  have.  
33. None

34. Places  to  use  2  factor   authentication     Internet

     Banking   Email  (eg.  Gmail)   Facebook   Dropbox   Many  more!    
35. None

36. Preventing  unauthorised  access     Encryption  

37. In cryptography, encryption is the process of encoding messages or

    information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. Encryption  

38. If someone steals your computer, they can still access everything

    if it’s not encrypted (even without your password). Encrypting your computer is easy. Encryption  

39. How  to  Encrypt   your  computer  

40. 1.  Go to System preferences 2.  Choose Security & Privacy

    3.  Choose Filevault 4.  Turn it on 5.  Sleep better How  to  encrypt  -­‐  Mac  

41. How  to  encrypt  -­‐  Mac  

42. 1.  Search 2.  Type “BitLocker” 3.  Choose Settings 4.  Choose

    BitLocker Drive Encryption 5.  Choose Turn on BitLocker How  to  encrypt  -­‐  Windows  

43. How  to  encrypt  -­‐  Windows  

44. Drawbacks     Speed  &  Recovery  

45. Preventing  unauthorised  access     Safe  web   browsing  

46. None

47. If  it’s  not  HTTPS,   it’s  not  secure.  

48. Firesheep  

49. Enable  HTTPS  if   it’s  an  option.  

50. Don’t  trust  the   site  if  it’s  not.  

51. None

52. Preventing  unauthorised  access     Patient  files  

53.   Paper     Digital  files     Practice  management

      software  

54. Paper  

55. None
56. None

57. Digital  files  

58. “When you upload, submit, store, send or receive content to

    or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.” Google   Source: http://www.google.com/intl/en/policies/terms/

59. •  Secure passwords •  Anti virus software •  Firewalls • 

    Secure any external access (eg. HTTPS/VPN) •  Install security updates •  Ensure physical security Precautions  

60. Practice   Management   Software  

61. •  Secure passwords •  Anti virus software •  Firewalls • 

    Secure any external access (eg. HTTPS/VPN) •  Security updates •  Physical security Precautions  for   installed  software  

62. •  Passwords •  Control access •  Trusted vendor? Precautions  for

     hosted   software  

63. •  Designed for medical records •  Runs completely under HTTPS

    •  Secure authentication (username/password scheme) •  Security information available •  Able to export patient information •  Encryption (in transfer and at rest) Trusted  vendor?  

64. Not  losing   information  

65. Poll:  Do  you  backup  your  data?     •  Yes

      •  No   •  Not  applicable  

66. Poll:  Have  you  tested  your  backup?     •  Yes

      •  No   •  Not  applicable  

67. Does  it  work?  

68. Is  it  encrypted?  

69. Is  it  physically   safe  from  theft?  

70. Is  it  in  a  different   location?  

71. Hosted  practice   management   software?       Ask

     them  those   questions.  

72. Recommended  tools  -­‐  Mac  

73. Recommended  tools  -­‐  Mac  

74. Recommended  tools  -­‐  Windows   Disclaimer: I have not used

    this product, it might be rubbish.

75. Recommended  tools  -­‐  Windows  

76. Summary  

77. Use  1password   for  secure   passwords     https://agilebits.com/onepassword

78. Use  2  factor   authentication   where  possible    

79. Protect  your   devices  with   passwords    

80. Encrypt  your   computer(s)    

81. If  it’s  not  HTTPS,   it’s  not  secure    

82. Use  Hosted   Practice   Management   Software   Disclaimer:

    I have bias here, but it’s not why I recommend this.

83. Backup  your   information  

84. Encrypt  your   backups  

85. Test  your  backups  

86. Done.     Thanks  for   listening!  

87. Osteopathy Australia will upload 1.5hrs of CPD on your behalf

    to your online CPD record. However it is your responsibility to record your level of commitment, relevance and duration undertaken for the pre-reading.

88. Questions?     Joel  Friedlaender   Twitter: @jfriedlaender Email: [email protected]