Secure Handling of Electronic Health Records for Telemedicine Applications

Total Page:16

File Type:pdf, Size:1020Kb

Secure Handling of Electronic Health Records for Telemedicine Applications DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2018 Secure Handling of Electronic Health Records for Telemedicine Applications FREDRIK LJUNG KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Secure Handling of Electronic Health Records for Telemedicine Applications FREDRIK LJUNG Master in Computer Science Date: June 29, 2018 Supervisor: Sonja Buchegger Examiner: Mads Dam Swedish title: Säker hantering av elektroniska patientjournaler School of Computer Science and Communication iii Abstract Medical record systems are used whenever caregiving is practiced. The medical records serve an important role in establishing patient safety. It is not possible to prevent honest-but-curious doctors from accessing records since it is legally required to allow doctors to ac- cess health records for emergency cases. However, it is possible to log accesses to records and mitigate malicious behaviour through rate limiting. Nevertheless, many of the records systems today are lacking good authentication, logging and auditing and existing proposals for securing medical records systems focus on the context of multiple dif- ferent healthcare providers. In this thesis, an architecture for an elec- tronic health records system for a telemedicine provider is designed. The architecture is based on several requirements from both the le- gal perspective and general security conventions, but also from a doc- tor’s perspective. Unlike the legal and general security conventions perspective, doctor requirements are more functionality and usability concerns rather than security concerns. The architecture is evaluated based on two main threat models and one secondary threat model, i.e. insider adversaries. Almost all requirements are satisfied by the solution design, but the two main threat models can not be entirely mitigated. It is found that confidentiality can be violated by the two main threat models, but the impact is heavily limited through audit logging and rate limiting. iv Sammanfattning Journalsystem är en central del inom vården och patientjournaler har en stor roll i att uppnå bra patientsäkerhet. Det är inte möjligt att för- hindra läkare från att läsa särskilda journaler eftersom läkare behö- ver tillgång till journaler vid nödsituationer. Däremot går det att logga läkarnas handlingar och begränsa ondsint beteende. Trots det saknar många av dagens journalsystem bra metoder för autentisering, logg- ning och granskning. Befintliga förslag på att säkra journalsystemen fokuserar på sammanhang där flera olika vårdgivare är involverade. I den här rapporten presenteras en arkitektur för ett patientjournalsy- stem till en telemedicinsk leverantör. Arkitekturen utgår från flerta- let krav baserade på både ett legalt perspektiv och generella säker- hetskonventioner, men även läkares perspektiv. Arkitekturen är eva- luerad baserat på två huvudsakliga hotmodeller och en sekundär hot- modell. Arkitekturen uppfyller så gott som alla krav, men de två hu- vudsakliga hotmodellerna kan inte mitigeras helt och hållet. De två huvudsakliga hotmodellerna kan bryta sekretessen, men genom flö- desbegränsning och granskning av loggar begränsas påverkan. v Acknowledgements I would like to thank Kry for giving me the opportunity to do my the- sis project with them and especially my supervisor at Kry, Calle Svens- son, for his continuous great feedback and suggestions throughout the whole project. I would also like to thank my supervisor at KTH, Sonja Buchegger, for her help and advice from start to finish. Finally I would like to thank my family and friends for their great support. Contents 1 Introduction1 1.1 Research Question......................2 1.2 Objective............................2 1.3 Related Work.........................2 2 Background7 2.1 Electronic Health Record...................7 2.2 EHR System..........................7 2.3 EHR Users...........................8 2.4 Laws & Regulations......................9 2.4.1 Sammanhållen journalföring & NPÖ........9 2.4.2 Patientdatalagen................... 10 2.4.3 General Data Protection Regulation........ 10 2.5 Access control......................... 10 2.5.1 Identification and Authentication......... 10 2.5.2 Authorization..................... 11 2.6 Encryption........................... 12 2.6.1 AES........................... 12 2.6.2 RSA........................... 12 2.7 End-to-End Encryption.................... 13 2.7.1 Hyker......................... 13 2.7.2 Signal.......................... 13 2.8 Cryptographic Anchor.................... 14 2.8.1 Hardware Security Module............. 14 2.9 Audit Logging......................... 14 2.9.1 Emergency Situations................ 15 2.10 Formal Specification..................... 15 vi CONTENTS vii 3 Requirements 16 3.1 Law Requirements...................... 16 3.1.1 Literature....................... 16 3.1.2 Interview....................... 18 3.2 Security Requirements.................... 19 3.2.1 The Parkerian Hexad................. 20 3.2.2 ISO/IEC 27001.................... 21 3.3 Doctor Requirements..................... 21 3.4 Summary of Requirements.................. 22 3.5 Adversarial Models...................... 23 3.6 Scenarios............................ 23 4 Architecture Proposals 26 4.1 Architecture 1......................... 26 4.2 Architecture 2......................... 27 4.3 Architecture 3......................... 28 4.4 Architecture 4......................... 29 5 Solution Design 30 5.1 High-level Design....................... 30 5.1.1 Cryptographic Functions.............. 31 5.2 Workflows/Operations.................... 32 5.2.1 Read Record...................... 32 5.2.2 Write Record..................... 33 5.2.3 Add New Patient................... 35 5.2.4 Direct Access to Database or Log.......... 36 5.3 Logs............................... 37 5.4 Specification.......................... 39 5.4.1 Event-B........................ 39 5.4.2 Formal Modelling with Event-B: Read Record.. 40 6 Security Analysis 44 6.1 Must-have Requirements................... 44 6.1.1 Fully achievable requirements........... 45 6.1.2 Partially Achievable Requirements......... 48 6.2 Nice-to-have Requirements................. 52 6.2.1 Classification and Policy............... 52 6.2.2 Secure Key Management and Log Tamper Resis- tance.......................... 53 viii CONTENTS 7 Conclusion 55 7.1 Evaluation........................... 55 7.1.1 Ethics and sustainability............... 56 7.2 Conclusion........................... 56 7.3 Future Work.......................... 57 Bibliography 59 A Interview questions 65 CONTENTS ix Acronyms EHR Electronic Health Record EMR Electronic Medical Record PHR Personal Health Record RBAC Role Based Access Control PDL Patientdatalagen GDPR General Data Protection Regulation NPÖ Nationell Patientöversikt CWE Common Weakness Enumeration AES Advanced Encryption Standard RSA Rivest Shamir Adleman 2FA Two Factor Authentication CRUD Create, Read, Update, Delete ACL Access Control List NIST National Institute of Standard and Technology PKCS Public Key Cryptographic Standards E2EE End-to-End Encryption HSM Hardware Security Module BTG Break The Glass PdS Patient-data-Service AWS Amazon Web Services ECDHE Elliptic-curce Diffie-Hellman Ephemeral GCM Galois/Counter Mode PSS Probabilistic Signature Scheme x CONTENTS OCSP Online Certificate Status Protocol PKI Public Key Infrastructure KDS Key Distribution System RNG Random Number Generator Chapter 1 Introduction Within healthcare doctors need to perform record keeping of their pa- tients. In the beginning this was done by paper, today it is done elec- tronically and most medical record systems are adapted to fit the op- erations of traditional physical medical centres. Lately, however, we have seen an uprise in digitalization of healthcare. For example, Ap- ple announced that they want to increase the accessibility of medical information by introducing a new functionality where it will be pos- sible to store your personal records in your iPhone [43]. In Sweden, primary healthcare applications like Kry and Min Doktor are growing in popularity [9]. Letting people interact with doctors and psychol- ogists or access their health records via their smartphones opens up great possibilities in regards to accessibility. Healthcare applications like these have the potential of reaching out to hundreds of thousands of patients. On the other hand it has incurred security and privacy is- sues. The nonprofit organisation privacy rights clearinghouse reports that in January 2018 there have been 15 security breaches disclosing over 390.000 medical records in the US alone. Since 2005, the number of disclosed records in the US is over 228 million [13]. Since patient data is so sensitive there are several laws and regulations caregivers need to abide by. In Sweden there is the Patient Data Act (Patient- datalagen, PDL) and the regulations set up by The National Board of Health and Welfare (Socialstyrelsen). For countries in the European Union the General Data Protection Regulation (GDPR) will come into effect in May 2018. Having such a large amount of patients and thou- sands of doctors involved with tight regulations and possibly devas- tating consequences requires a more modern way of handling medical 1 2 CHAPTER 1. INTRODUCTION records. This thesis will investigate if a secure medical records system can be built for a telemedicine based healthcare provider. Relevant laws, regulations and security conventions will be identified and from them requirements
Recommended publications
  • Individuals' Use of Online Medical Records and Technology for Health
    ONC Data Brief ■ No. 40 ■ April 2018 Individuals’ use of online medical records and technology for health needs Vaishali Patel, MPH PhD & Christian Johnson, MPH 1 Individuals’ electronic access and use of their health information will be critical towards enabling individuals to better monitor their health as well as manage and coordinate their care. Past efforts sought to provide individuals the capabilities to view, download, and transmit their patient health information. Building on these efforts, the 21st Century Cures Act (Cures Act) includes provisions to improve patients’ access and use of their electronic health information via a single, longitudinal format that is secure and easy to understand.1 The Cures Act also calls for patients to be able to electronically share their information. Online access to medical records, such as through patient portals, enable patients and caregivers to access their health information. Mobile health apps and devices connected to a providers’ electronic health record system using open application programming interfaces (APIs) will also allow individuals to collect, manage, and share their health information. Using the National Cancer Institute’s 2017 Health Information Trends Survey, we report on access and use of online medical records and the use of technology such as smartphones, tablets, and electronic monitoring devices (e.g. Fitbits, blood pressure monitors) for health related needs.2 HIGHLIGHTS As of 2017, 52 percent of individuals have been offered online access to their medical record by a health provider or insurer. Over half of those who were offered online access viewed their record within the past year; this represents 28 percent of individuals nationwide.
    [Show full text]
  • Medical Record Review Guidelines California Department of Health Services Medi-Cal Managed Care Division
    Medical Record Review Guidelines California Department of Health Services Medi-Cal Managed Care Division Purpose: Medical Record Survey Guidelines provide standards, directions, instructions, rules, regulations, perimeters, or indicators for the medical record survey, and shall used as a gauge or touchstone for measuring, evaluating, assessing, and making decisions.. Scoring: Survey score is based on a review standard of 10 records per individual provider. Documented evidence found in the hard copy (paper) medical records and/or electronic medical records are used for survey criteria determinations. Full Pass is 100%. Conditional Pass is 80-99%. Not Pass is below 80%. The minimum passing score is 80%. A corrective action plan is required for all medical record criteria deficiencies. Not applicable (“N/A”) applies to any criterion that does not apply to the medical record being reviewed, and must be explained in the comment section. Medical records shall be randomly selected using methodology decided upon by the reviewer. Ten (10) medical records are surveyed for each provider, five (5) adult and/or obstetric records and five (5) pediatric records. For sites with only adult, only obstetric, or only pediatric patient populations, all ten records surveyed will be in only one preventive care service area. Sites where documentation of patient care by all PCPs on site occurs in universally shared medical records shall be reviewed as a “shared” medical record system. Scores calculated on shared medical records apply to each PCP sharing the records. A minimum of ten shared records shall be reviewed for 2-3 PCPs, twenty records for 4-6 PCPs, and thirty records for 7 or more PCPs.
    [Show full text]
  • World Journal of Advanced Research and Reviews
    World Journal of Advanced Research and Reviews, 2020, 07(02), 218–226 World Journal of Advanced Research and Reviews e-ISSN: 2581-9615, Cross Ref DOI: 10.30574/wjarr Journal homepage: https://www.wjarr.com (RESEARCH ARTICLE) Implementation and evaluation of telepharmacy during COVID-19 pandemic in an academic medical city in the Kingdom of Saudi Arabia: paving the way for telepharmacy Abdulsalam Ali Asseri *, Mohab Mohamed Manna, Iqbal Mohamed Yasin, Mashael Mohamed Moustafa, Fatmah Mousa Roubie, Salma Moustafa El-Anssasy, Samer Khalaf Baqawie and Mohamed Ahmed Alsaeed Associate Professor Imam Abdulrahman Bin Faisal University; Director of Pharmacy services at King Fahad University Hospital, KSA. Publication history: Received on 07 July 2020; revised on 22 August 2020; accepted on 25 August 2020 Article DOI: https://doi.org/10.30574/wjarr.2020.7.2.0250 Abstract King Fahad University Hospital, a leading public healthcare institution in the Eastern region of KSA, implemented a disruptive innovation of Telepharmacy in pursuit of compliance with the National COVID-19 Response Framework. It emerged and proved to be an essential and critical pillar in suppression and mitigation strategies. Telepharmacy innovation resulted in Pharmacy staffing protection and provided uninterrupted access and care continuum to the pharmaceutical services, both for COVID-19 and Collateral care. This reform-oriented initiative culminated in adopting engineering and administrative controls to design the workflows, practices, and interactions between healthcare providers, patients, and pharmaceutical frontline staff. Pharmaceutical services enhanced its surge capacity (14,618 OPD requests & 10,030 Inpatient orders) and improved capability (41,242 counseling sessions) to address the daunting challenge of complying with the inpatient needs and robust outpatient pharmaceutical consumer services.
    [Show full text]
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • A Study of the Management of Electronic Medical Records in Fijian Hospitals
    A Study of the Management of Electronic Medical Records in Fijian Hospitals Swaran S. Ravindra1*& Rohitash Chandra2*& Virallikattur S. Dhenesh1* 1 School of Computing, Information and Mathematical Sciences, University of the South Pacific, Laucala Campus, Fiji 2 Artificial Intelligence and Cybernetics Research Group, Software Foundation, Nausori, Fiji *Authors are in order of contribution. Email addresses: SSR: [email protected] RC: [email protected] VSD: [email protected] Page 1 of 24 Key Words: Australian Agency for International Development (AusAID) – is an Australian agency that manages development and assistance projects internationally. AusAID has recently been absorbed into the Australian Department of Foreign Affairs and Trade [1] . Biomedical Informatics – is the field of science that develops theories, techniques, methods pertaining to the use data, information and knowledge which support and improve biomedical research, human health, and the delivery of healthcare services [2] . Cloud Computing- refers to Information Technology services leased to a person or organization over internet network according to service level requirements. It requires minimal management effort or service provider interaction [3] e-Health- an emerging field in the intersection of medical informatics, public health and business, referring to health services and information delivered through the Internet and related technologies [4]. Electronic Medical Record (EMR)- An electronic medical record (EMR) is a digital version of a patient’s medical
    [Show full text]
  • The Handshake - Establishing Secure Connections Over Insecure Channels
    Lecture 13: The handshake - establishing secure connections over insecure channels Boaz Barak We’ve now compiled all the tools that are needed for the basic goal of cryptography (which is still being subverted quite often) allowing Alice and Bob to exchange messages assuring their integrity and confidentiality over a channel that is observed or controlled by an adversary. Our tools for achieving this goal are: • Public key (aka assymetric) encryption schemes. • Public key (aka assymetric) digital signatures schemes. • Private key (aka symmetric) encryption schemes - block ciphers and stream ciphers. • Private key (aka symmetric) message authentication codes and psedoran- dom functions. • Hash functions that are used both as ways to compress messages for authentication as well as key derivation and other tasks. The notions of security we require from these building blocks can vary as well. For encryption schemes we talk about CPA (chosen plaintext attack) and CCA (chosen ciphertext attacks), for hash functions we talk about collision-resistance, being used (combined with keys) as pseudorandom functions, and then sometimes we simply model those as random oracles. Also, all of those tools require access to a source of randomness, and here we use hash functions as well for entropy extraction. Cryptography’s obsession with adjectives. As we learn more and more cryptography we see more and more adjectives, every notion seems to have modifiers such as “non malleable”, “leakage-resilient”, “identity based”, “concurrently secure”, “adaptive”, “non-interactive”, etc.. etc. Indeed, this motivated a parody web page of an automatic crypto paper title generator. Unlike algorithms, where typically there are straightforward quantitative tradeoffs (e.g., faster is better), in cryptography there are many qualitative ways protocols can vary based on the assumptions they operate under and the notions of security they provide.
    [Show full text]
  • The Electronic Medical Record: Promises and Problems
    The Electronic Medical Record: Promises and Problems William R. Hersh Biomedical Information Communication Center, Oregon Health Sciences University, BICC, 3 18 1 S. W. Sam Jackson Park Rd., Portland, OR 97201. Phone: 503-494-4563; Fax: 503-494-4551; E-mail: [email protected] Despite the growth of computer technology in medicine, the form of progress notes, which are written for each most medical encounters are still documented on paper encounter with the patient, whether done daily in the medical records. The electronic medical record has nu- hospital setting or intermittently as an outpatient. Inter- merous documented benefits, yet its use is still sparse. This article describes the state of electronic medical re- spersed among the records of one clinician are those of cords, their advantage over existing paper records, the other clinicians. such as consultants and covering col- problems impeding their implementation, and concerns leagues, as well as test results (i.e., laboratory or x-ray over their security and confidentiality. reports) and administrative data. These various components of the records are often As noted in the introduction to this issue, the provi- maintained in different locations. For example, each sion of medical care is an information-intensive activity. physician’s private office is likely to contain its own re- Yet in an era when most commercial transactions are cords of notes and test results ordered from that office. automated for reasons of efficiency and accuracy, it is Likewise, all of a patient’s hospital records are likely to somewhat ironic that most recording of medical events be kept in a chart at the hospital(s) where care is ren- is still done on paper.
    [Show full text]
  • Wiretapping End-To-End Encrypted Voip Calls Real-World Attacks on ZRTP
    Institute of Operating Systems and Computer Networks Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schürmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf, 2017-07-18 wiretapping difficulty End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time
    [Show full text]
  • AUTHENTICATION TECHNIQUES for HETEROGENEOUS TELEPHONE NETWORKS by BRADLEY GALLOWAY REAVES a DISSERTATION PRESENTED to the GRADUA
    AUTHENTICATION TECHNIQUES FOR HETEROGENEOUS TELEPHONE NETWORKS By BRADLEY GALLOWAY REAVES A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2017 © 2017 Bradley Galloway Reaves For Sarah ACKNOWLEDGMENTS Iamonlywritingthistodaybecauseofthemultitudeoffamily,friends,teachers,and colleagues who helped get me here. This journey began in high school, when Mrs. Reid, my English teacher, suggested that I would make a good college professor. I wasn’t sure about the idea until my second programming class in college. I loved programming, so I would do the lab assignments at home, then show up in the lab to demonstrate the project to the TA. My work for the week was done, but I didn’t leave the lab. Instead, I stayed for the next few hours helping other students when they needed help with the programming assignments. It became the best part of my week, and I realized that there was no career I wanted more than to be a professor of computing. Having a goal and knowing what it takes to achieve it are two very di↵erent things. At the time I knew I needed a PhD, but nothing of what it took to get one. Luckily, I had wonderfully supportive professors and advisors who told me what it took, and one in particular helped me take the first steps toward a research career. Tommy Morris was a new professor at Mississippi State, and after teaching my digital design class o↵ered me a (paid!) position in his research lab.
    [Show full text]
  • Zfone: a New Approach for Securing Voip Communication
    Zfone: A New Approach for Securing VoIP Communication Samuel Sotillo [email protected] ICTN 4040 Spring 2006 Abstract This paper reviews some security challenges currently faced by VoIP systems as well as their potential solutions. Particularly, it focuses on Zfone, a vendor-neutral security solution developed by PGP’s creator, Phil Zimmermann. Zfone is based on the Z Real-time Transport Protocol (ZRTP), which is an extension of the Real-time Transport Protocol (RTP). ZRTP offers a very simple and robust approach to providing protection against the most common type of VoIP threats. Basically, the protocol offers a mechanism to guarantee high entropy in a Diffie- Hellman key exchange by using a session key that is computed through the hashing several secrets, including a short authentication string that is read aloud by callers. The common shared secret is calculated and used only for one session at a time. However, the protocol allows for a part of the shared secret to be cached for future sessions. The mechanism provides for protection for man-in-the-middle, call hijack, spoofing, and other common types of attacks. Also, this paper explores the fact that VoIP security is a very complicated issue and that the technology is far from being inherently insecure as many people usually claim. Introduction Voice over IP (VoIP) is transforming the telecommunication industry. It offers multiple opportunities such as lower call fees, convergence of voice and data networks, simplification of deployment, and greater integration with multiple applications that offer enhanced multimedia functionality [1]. However, notwithstanding all these technological and economic opportunities, VoIP also brings up new challenges.
    [Show full text]
  • Health Information Technology
    Published for 2020-21 school year. Health Information Technology Primary Career Cluster: Business Management and Technology Course Contact: [email protected] Course Code: C12H34 Introduction to Business & Marketing (C12H26) or Health Science Prerequisite(s): Education (C14H14) Credit: 1 Grade Level: 11-12 Focused Elective This course satisfies one of three credits required for an elective Graduation Requirements: focus when taken in conjunction with other Health Science courses. This course satisfies one out of two required courses to meet the POS Concentrator: Perkins V concentrator definition, when taken in sequence in an approved program of study. Programs of Study and This is the second course in the Health Sciences Administration Sequence: program of study. Aligned Student HOSA: http://www.tennesseehosa.org Organization(s): Teachers are encouraged to use embedded WBL activities such as informational interviewing, job shadowing, and career mentoring. Coordinating Work-Based For information, visit Learning: https://www.tn.gov/content/tn/education/career-and-technical- education/work-based-learning.html Available Student Industry None Certifications: 030, 031, 032, 034, 037, 039, 041, 052, 054, 055, 056, 057, 152, 153, Teacher Endorsement(s): 158, 201, 202, 203, 204, 311, 430, 432, 433, 434, 435, 436, 471, 472, 474, 475, 476, 577, 720, 721, 722, 952, 953, 958 Required Teacher None Certifications/Training: https://www.tn.gov/content/dam/tn/education/ccte/cte/cte_resource Teacher Resources: _health_science.pdf Course Description Health Information Technology is a third-level applied course in the Health Informatics program of study intended to prepare students with an understanding of the changing world of health care information.
    [Show full text]
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage
    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.
    [Show full text]