Configuring Electronic Health Records: Privacy and Security in the US Discussion Questions with Expected Outcomes


23 Φεβ 2014 (πριν από 3 χρόνια και 3 μήνες)

74 εμφανίσεις

Health IT Workforce Curriculum

Configuring Electronic Health Records


Version 3.0
Spring 2012

Privacy and Security in the US

This material (Comp
) was developed by Oregon Health and Science Unive
rsity, funded by the Department of Health and
Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000015.

Configuring Electronic Health Records
Privacy and Security in the US

Discussion Questions

with Expected Outcomes

Discussion questions (for individual assignments or small group discussion):

Identify the

authentication policy for a small hospital

ur group has just been named as the team to define the authentication policy for a
small hospital. What do you recommend?

Expected Outcome:

There is no single correct answer. However, during the discussion the group should
consider multi
factor authent
ication, biometric authentication, passwords and the cost of
implementation, as well as users who infrequently access the system.

The group
should also consider the number of systems that require independent authentication.

If passwords are selected as p
art of the authentication policy,
the trade
offs between
strength and usability should be considered, and whether too strict a policy will result in
an inability for the users to remember passwords and any potential consequences, such
as artifacts and pass
word sharing.

The final policy should be detailed

enough to present to the instructor in the role of the
hospital’s chief information officer, and the group should be able to defend their choices
to the instructor.