Questions tagged [healthcare]
17 questions
36
votes
6 answers
What are the purposes of these security policies?
I work at an IBM lab and there are some security policies that I do not understand the point of. When I ask why we do them my boss simply says it's policy and avoids answering the question.
We must keep empty drawers locked
When we leave work we…
hushhush
- 359
- 3
- 7
23
votes
10 answers
In Healthcare IT, is a "break glass" mode to bypass access controls commonly required?
I've seen referenced in literature the need to have a "break glass" mode in Healthcare IT applications. In this mode, the access controls in an application can be bypassed for an emergency when it is critical for a user to gain access to imaging…
Steve Wranovsky
- 488
- 1
- 4
- 9
20
votes
4 answers
Protecting Health Care Database
I am doing a minor project on information security in which i am implementing techniques listed below to protect a HEALTH CARE database.
Preventing SQL Injection (using prepared statements,validating,using a tokenization algorithm)
Preventing CSRF…
Shubham Gupta
- 301
- 1
- 5
13
votes
5 answers
What is the risk of giving USB drives as promotional items by a healthcare provider
There have been a couple of instances where malware infected USB drives have been given away unknowingly as promotional items at conferences, e.g., IBM in 2010.
Besides this, if a healthcare company were to give away "branded" USB drives, what…
Cassandra Cross
- 131
- 2
13
votes
2 answers
Best practices for implementation of role-based access control in healthcare applications
Amongst the open source EMRs, which ones may be good to learn from? Any references I can go to as a starting point?
Ming K
- 243
- 2
- 8
12
votes
5 answers
what would be a good way for a doctor to send xrays encrypted to another doctor?
As a dentist, I often want to send medical information including digital xrays to another doctor. What would be a good/easy way to do this encrypted?
Our organization currently requires that all such sent information be encrypted. Their current…
Ken Wylie
- 121
- 5
7
votes
1 answer
Healthcare company uses keyloggers for security purposes. Is this normal?
I just attended a recruitment session for a major healthcare provider in the United States. The presenter, a high-ranking member of one of their IT divisions (not security specifically) mentioned that they use a lot of security software on their…
ndm13
- 245
- 1
- 6
7
votes
3 answers
Active measures against lost or stolen PDAs in healthcare?
Many physicians, nurses, and technical staff like to carry PDAs to be kept abreast of patient conditions. Various companies want caretakers to view ECGs on their iPads.
Due to the incredibly private nature of medical records and data, if such a…
jonsca
- 343
- 1
- 6
- 21
6
votes
2 answers
What issues exist in generating a signed, paper-based PGP message stored by a hostile organisation?
I have recently been the victim of having my medical record tampered with by the organisation holding it. Under state law I have a legal right to submit information to be included in my medical record, but I cannot request any information to be…
daniel
- 161
- 2
4
votes
2 answers
Anthem Leak - How do I find out if I'm affected?
Recently, Anthem (A health insurance company somehow associated with Blue Cross Blue Shield and potentially other insurance providers that I am unaware of) was the victim of a large data breach. I've seen reports that Anthem had a vulnerable…
Fernando
- 705
- 5
- 17
4
votes
1 answer
Encrypt Medicare card numer in C# in ASP.NET
I am giving a free consultation for a non profit organisation that wants a simple system to manage multiple groups with a schedule component, etc. and also manage the medical informations of the kids. Its all in an Excel file but the problem is, it…
metraon
- 141
- 3
3
votes
1 answer
Solution for Enterprise SW Eng. with Github and NPM
Can anyone share an architecture or framework that supports the use of Open Source software in enterprise software development environments?
I'm seeking solutions to manage and mitigate the risk of compromised libraries and dependencies in CRAN and…
Colin
- 181
- 4
2
votes
2 answers
How to get medical vendors to take security seriously?
I work as a CISO/Director of Cybersecurity for a large hospital. My background is in penetration testing, but I'm fairly new (a couple years) to the healthcare side. The challenge that I and almost every healthcare security exec faces is securing…
SomeGuy
- 730
- 3
- 18
2
votes
1 answer
UK healthcare encryption obligations
I'll soon be working on upgrading a system which contains a MYSQL server and redis server on AWS
It works by querying two entire tables decrypting all of the contents and then putting the result in redis, the application then queries redis from…
arcanine
- 121
- 3
2
votes
1 answer
Shared floor space, cameras and HIPAA compliance
I am a compliance associate at my company, which is a small call center. My problem is that two of our clients will have to share floor space. One client is tech support for high-end action cameras, while the other is a healthcare account that deals…
Dadfia
- 23
- 3