Security in dental office computing.Abstract Dental office computers are increasingly used to store critical financial and clinical data. That data is subject to loss or alteration from a number of possible sources. Secure communications, security of the computer system from outside attacks, and data back-up are discussed. Introduction Computer security in a dental office can take many forms. Financial and clinical data is routinely kept on personal computers. This data is important not only to the financial health of the practice but also to the patient who expects the information contained in their record to remain private. Every effort should be made to keep this important information from being lost or stolen. The security of this data faces several possible threats: 1. Accidental loss or corruption may cause the data to be lost. 2. Data transmitted from the office to and from various third parties may be compromised while in transit. 3. The office computer system needs to be secured from outside attempts to read or destroy confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead . Data Backup As more clinical and financial data is stored on computer systems, the data contained by those systems becomes increasingly valuable. The principle method of preventing this data from being lost in the future involves using a regular backup routine. As more computer programs are used in the dental office by different team members in multiple locations throughout the office, the chances increase that some action may garble gar·ble tr.v. gar·bled, gar·bling, gar·bles 1. To mix up or distort to such an extent as to make misleading or incomprehensible: She garbled all the historical facts. 2. the data. Also, no complex computer program has ever been written without several programming bugs. There is always the possibility of fire, theft, disgruntled dis·grun·tle tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles To make discontented. [dis- + gruntle, to grumble (from Middle English gruntelen; see employee mischief or viruses causing the practice to lose the data stored in its systems. Most practice management software packages advise the practitioner on the best way to backup the practice's database. This should be done on some type of removable media In computer storage, removable media refers to storage media which can be removed from its reader device, conferring portability on the data it carries. A removable drive is a reader device for such media. that someone takes home with them periodically, ideally every night. Common removable media include: tapes, ZIP disks A 3.5" removable disk drive from Iomega. Zip disks come in 100MB, 250MB and 750MB varieties, with the latter introduced in 2002 using USB and FireWire interfaces. The 250MB drives, introduced in 1998, also read and write 100MB disks. , floppy disks, recordable CDs and removable hard drives. The most recent concept for backup is the transmission of your data to a remote storage site via the Internet. There are many different backup schemes for doing a backup. If only one or two tapes or disks are used repeatedly, they will likely wear out in a relatively short time. Also, it is desirable to have access to data that was on the computer further back in time than just the previous day or two. If a virus or some technical problem has corrupted the data it may have affected the most recent backup also. Once a problem has been identified, the data can be restored from a point in time before the problem occurred. A common backup scheme is the so-called father, son, grandson system. Ten pieces of media are required. They are labeled Monday, Tuesday, Wednesday, Thursday, then Friday 1, Friday 2, Friday 3, Month 1, Month 2, Month 3. The daily backup is performed on each day of the week from Monday through Thursday. Then each Friday of the month is backed up on the first through the third Friday media respectively. On the fourth Friday the Month 1 media is used, and so on. Using this system past data is available for nearly three months. Secure Communication of Data Electronic data is often shared between the dental office and various third parties. These transmissions could include insurance claims, e-mail, consultations, and electronic commerce with suppliers. Recently, there have been companies that will keep the practice's data on their computers with the ability to remotely input data from the dental office or any other location. It is important that confidentiality be maintained when it concerns the privacy of individual patients. Most electronic claims software uses dial-up direct telephone modem connections between the dental office and a clearinghouse. This method is as secure as normal long distance telephone calls. Today there is a great deal of interaction between dental office computer systems and the Internet. Information sent through the public Internet is secure in varying degrees. Most e-mail sent and received has little or no security and could theoretically be intercepted and read at any one of dozens of points in its electronic journey from sender to receiver. It is also likely that at least one computer in the chain will backup the e-mail, effectively preserving the transmission into the distant future. Due to the many millions of messages sent each day the likelihood of any individual message being read by someone other than the intended recipient is remote but real. Therefore any e-mail regarding confidential patient matters should not be sent in plain form but should be encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science . Some of the most recent e-mail programs Software in the user's computer that can access the mail servers in a local or remote network. Also known as an "e-mail client," "mail client," "mail program," and "mail reader," it provides the ability to send and receive e-mail messages and file attachments. have built-in security features. There are also several good commercial programs that will encrypt See encryption. e-mail. Most involve the sender and recipient exchanging an electronic key or digital ID that encrypts the message on one end and unlocks it when received by the intended recipient. (1) This arrangement would be desirable between two practitioners wishing to discuss private matters concerning a patient. Another common method of data interchange using the Internet involves Web pages and Web browsers The following is a list of web browsers. Historical Historically important browsers In order of release:
continuing education or adult education Any form of learning provided for adults. In the U.S. the University of Wisconsin was the first academic institution to offer such programs (1904). , etc. and pay for them by credit card. Information exchanged from your computer to another computer on the Web can also be easily be read by unknown parties. All modern Web browsers have a mode of secure transmission that can be used when needed for credit card information etc. Properly designed Websites that are set up for electronic commerce will have you interact with those pages over a secure connection. You will generally be told you are now about to view information on a secure site and the browser will indicate that to you by showing a closed lock at the bottom of the browser window. If sensitive information is to be transferred over a secure connection, the connection should not only be secure, but should use the highest level of encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. available. Today the highest level used has a cipher strength The number of bits in the key used to encrypt data. See cryptography. of 128-bits. Your browser's cipher strength can be found by clicking the Help menu of the browser. (2) If it shows a value less than 128-bits, it would be wise to update the browser to the most current version. The method to update the browser's security strength can be usually found under the same Help topic. Security of the System from Attack If a computer system is downloading information from the Internet there is always the possibility that there could be some unwanted material downloaded into the system as well. The most common unwanted information that may be received is a computer virus. A virus could do anything to your system from displaying a nuisance message to destroying some or all of the data on the hard drive. Viruses are easily spread around the world by e-mail. When a new destructive variation comes out, it is usually front-page news due to the speed at which the virus is spread to computers throughout the world and the damage that they can cause. The most common viruses encountered are those sent as e-mail attachments A file that rides along with an e-mail message. The attached file can be of any type. E-mail programs make it easy to attach a file. For example, in Eudora, all you do is select Attach from the Message menu, browse through the folder hierarchy to find the file you want and then double . The sender of the e-mail message may appear to be someone you know, but the hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. may have just stolen your address from your acquaintance's computer address book. A file attached File Attach - [FidoNet] 1. A file sent along with a mail message from one BBS to another. 2. Sending someone a file by using the File Attach option in a BBS mailer. to the e-mail contains the virus. Once the attachment is opened, the virus then infects the system and spreads by e-mailing a copy of itself to the names in your address book. The best defense is to install and use a quality commercial anti-virus software anti-virus software n → Antivirensoftware f product. These products can be setup to monitor your system continuously. The anti-virus product will then destroy, the virus and often will be able to repair any damage done. However, having a good backup as mentioned earlier is always highly desirable if attacked by a virus. Due to the appearance of new viruses, all modern antiviral antiviral /an·ti·vi·ral/ (-vi´ral) destroying viruses or suppressing their replication, or an agent that so acts. an·ti·vi·ral adj. products are made to be updated so that they are able to detect the latest viruses. Most major companies update these virus definitions every week or two and post the updates on their Websites. If the office downloads a lot of files from the Internet or opens a lot of e-mail attachments, weekly checking for updates is advisable. Another problem of world-wide connectivity lies in the ability of an outside computer to get into your computer and either damage files, snoop around or use your computer to attack someone else's computer under your name. This type of activity is called hacking into a system. Hacking into a system is possible whenever the computer system is connected to the Internet, whether or not you are downloading or viewing anything at all. It is possible for your computer to be hacked when connected through a dial-up telephone type modem but these instances are fairly rare. The hacker must be looking at the right place at the right time and you must remain connected long enough for him to get into your system. The most vulnerable computer systems are those connected by so-called permanent connections to the Internet. These most commonly include cable modem cable modem Modem used to convert analog data signals to digital form and vise versa, for transmission or receipt over cable television lines, especially for connecting to the Internet. connections and digital subscriber lines See DSL. (communications, protocol) Digital Subscriber Line - (DSL, or Digital Subscriber Loop, xDSL - see below) A family of digital telecommunications protocols designed to allow high speed data communication over the existing copper telephone lines between end-users and or DSL DSL in full Digital Subscriber Line Broadband digital communications connection that operates over standard copper telephone wires. It requires a DSL modem, which splits transmissions into two frequency bands: the lower frequencies for voice (ordinary . Hackers have automated programs that search throughout the Internet for these permanently connected computers. These programs will then present a list of susceptible systems to the hacker. They can then return at their leisure, as they know your electronic door is always open. Once they have access to your computer, they return to snoop around or possibly enlist your computer in a denial-of-service attack "DoS" redirects here. For other uses, see DOS (disambiguation). A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. . A denial-of-service attack is where a number of computers are taken over by the hacker and used to overwhelm o·ver·whelm tr.v. o·ver·whelmed, o·ver·whelm·ing, o·ver·whelms 1. To surge over and submerge; engulf: waves overwhelming the rocky shoreline. 2. a. the victim's Website. (3) Your computer could be used as one of these attacking computers without your knowledge. Once the hacker is in your network, he can look around at patient files, financial records, etc. Patients should be aware that there is a potential for their dental records Dental Records is a small, independent metal record label, based in Ipswich, UK. Artists
The best defense against these kinds of activities is a firewall. The firewall is a hardware/software block between your computer and the Internet (Figure 1). An updated firewall should be used to safeguard your system if you have a permanent Internet connection. (5) The firewall sits between the incoming data from the Internet and your connected computer. It analyzes and screens incoming data requests and hides you Internet address There are two kinds of addresses that are widely used on the Internet. One is a person's e-mail address, and the other is the address of a Web site, which is known as a URL. Following is an explanation of Internet e-mail addresses only. For more on URLs, see URL and Internet domain name. from computers outside the firewall. [FIGURE 1 OMITTED] Conclusion In summary, a good backup of important practice data is critical due to possible accidental or intentional harm to the information contained on your computer system. Secure communications should be used over the Internet whenever confidential patient matters or credit card information is being exchanged. Virus detection software should be used on every computer and a firewall should be installed on any computer that is permanently connected to the Internet. Reprinted with the permission of the Tennessee Dental Association. REFERENCES (1.) Phelps A: Keep It Sealed. Smart Computing Guide Series: PC Privacy 2000;8(4):60-52. (2.) Lake M: Stealth Surfing. PC World 2000;18(6):121-136. (3.) Leonhard W: The New Internet See Web 2.0 and Internet2. Security Threats. Smart Business for the New Economy 2000;13(7):102-111. (4.) Golder D and Brennan K: Practicing Dentistry dentistry, treatment and care of the teeth and associated oral structures. Dentistry is mainly concerned with tooth decay, disease of the supporting structures, such as the gums, and faulty positioning of the teeth. in the Age of Telemedicine. JADA 2000;131:734-744. (5.) Machrone B: Protect and Defend. PC Magazine 2000;19(12):169-200. Dr. Stephen C. Alsobrook, a Past President of the Memphis Dental Society, is a general practitioner general practitioner n. Abbr. GP A physician whose practice consists of providing ongoing care covering a variety of medical problems in patients of all ages, often including referral to appropriate specialists. in Memphis. He has been in private practice over 20 years and a computer hobbyist for more than 18 years. He has written and lectured on various computer topics, and designed and maintains the Memphis Dental Society Website. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion