• E-mail
• Print
• RSS

Protect your computer system from outside threats

HIM Connection, February 8, 2005

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

You need to take certain precautions to secure information against threats that are unknown to you. Computer hackers-people who attempt to inappropriately access or disable computer networks-cause millions of dollars in damage each year.

The most common way hackers break into computer systems is by simply convincing someone to share a password or give them access by pretending to be someone they are not. However, there are also technical methods that people can use to access your network and you need to guard against these as well.

Viruses and other malicious software
A computer virus is a program or piece of computer code installed on your computer without your knowledge. These programs can destroy information stored on your computer. They are often transmitted via email attachments. Protecting against malicious software and viruses is an important responsibility. The following tips will help you guard against malicious software:

• Do not open any unknown attachments or unrecognizable emails.
• If you receive an unrecognizable or suspicious email, immediately report it to your IT department or information security officer.
• Document and report any suspicious activity, such as unfamiliar programs appearing on your computer.
• If you are provided with virus scanning software, always makes use of it to scan email attachments or other files that you open on your computer. Follow your organization's policy with regard to scanning files.
• Don't use unapproved email. Web-based email accounts, such as Hotmail, are convenient, but you should only use them if your technical support department approves.

Case #1
Q: A doctor asks you to log onto her email account to find and print an email that she is expecting. She wants it ready for her review when she returns to the hospital. Should you do this?

A: No. You should not have access to anyone's email but your own. The doctor should not give you her username or password.

Case #2
Q: You receive an email with an attachment from an unknown source. The email reads that your computer has been infected with a virus and you need to follow the directions and open the attachment to get rid of it. Should you follow the instructions?

A: No. Never open unexpected attachments from unknown sources. If you are unsure about whether you should open something, contact your IT department or information security officer for instructions.

Unauthorized software and hardware
Another source of security problems is software or hardware that is installed without the support of your technical support department.

Music sharing software, remote access software, games, and other programs you may want to install can disable your computer, threaten your organization's network, and contain malicious software that would allow someone access to your computer. Don't install any software on your computer without permission from your IT department.

Make a special note of the file extension at the end of a file name before opening it. You have probably seen file names that end with ".doc." You should never open any files from an unknown source, but pay particular attention to files that end with ".exe." These are executable files, or software programs. Viruses or malicious software are often contained in downloaded executable files.

Use similar precautions when installing hardware. Any device attached to your organization's network or your computer needs to be installed with the appropriate security precautions in mind. For that reason, you should only connect other devices, such as computers or servers, to the network with permission from your technical support staff.

Case #3
Q: Your sister sends you an email with a screen saver she says you would love. Should you download it onto your computer?

A: No. Never put unapproved programs or software on your work computer. Your work computer is for work use only. Everything on it must be approved by your IT department.

Email use and transmission of electronic data
Information that is passed via email is usually not secure. For that reason your organization has adopted strict policies with regard to how it electronically transmits PHI. Your organization's email program may encrypt the information before sending it, or you may have special Web-based tools for transmitting patient information. Before you transmit PHI in electronic form, make sure you are in compliance with your organization's policies.

Encryption
Encryption simply means that information is coded or scrambled so it cannot be read by anyone who doesn't have the key to read it.

Many organizations encrypt the data they store or transmit depending on whether there is a high risk that the information might be read by an unauthorized individual. Often this encryption process is carried out by software programs and operates invisibly to the user. You need to know whether your organization requires you to encrypt data. Comply with that policy by using the approved tools for transmitting or storing patient information electronically.

This excerpt is adapted from the HIPAA Security Training Handbook for the Healthcare Staff.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive