ITGS Presentation 2013
Conversations, Security Keys, and BYOD
Dull & Boring Stuff
Communication Protocols
• Transmission Control Protocolo Transport layer protocolo Breaks transmission into pieces (packets)o Supports resending of packetso Only supports one-to-one communication
http://www.dummies.com/how-to/content/the-tcpip-networking-protocol-suite.html
TCP
• Internet Protocolo Network layer protocolo Delivers packetso Uses logical addresses instead of MAC addresseso IP address is comprised of two parts
Network part Host part
o Allows for communication to another network
http://www.dummies.com/how-to/content/the-tcpip-networking-protocol-suite.html
IP
• URLo Uniform Resource Locationo More English-Like than TCP/IP addresso Domain Name Server (DNS)
Translates URL to TCP/IP addresso Lets you type www.hectic-dad.com and get to a real
website
http://computer.howstuffworks.com/dns1.htm
TCP/IP, URL, DNS blah blah blah
• Envelope Examplehttp://www.thegeekstuff.com/2011/11/tcp-ip-fundamentals/http://technet.microsoft.com/en-us/library/cc786128(v=ws.10).aspx
TCP/IP Protocol Architecture
• Internet Protocol addressingo IPv4
Address every device on the planet (hahahaha) 232 addresses (4,294,967,296) 4 octets (192.168.1.1)
o IPv6 2128 addresses (way more) 16 octets (192.168.1.1.1.0.0.0.2.0.0.3.0.0.0.0)
• Address like phone number, same evolutionhttp://en.wikipedia.org/wiki/IP_address
TCP/IP Addressing
• 2345
• MO-2345
• MO2-2345
• 620-662-2345
• 1-620-662-2345
• 0011-1-620-662-2345
Growth of Addressing
• Hypertext Transport Protocolo Request-Response protocol (ask & ye shall receive)o Not limited to world wide web (www) communicationo Can be used for other purposeso Runs on top of TCP networko Utilizes structured texto It’s a conversation
http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
HTTP
• Example: You type www.janie-patterson.com
• User request to go to the URL GET / HTTP/1.1
Accept: text/*, image/jpeg, image/png, image/*, */*
Accept-Language: en, en_US
Host: www.janie-patterson.com
HTTP/1.1 200 OK
Date: Thu, 24 Jan 2002 17:33:52 GMT
Server: Apache/1.3.14
Last-Modified: Mon, 21 Jan 2002 22:08:33 GMT
Accept-Ranges: bytes
Content-Length: 9696
Connection: close
Content-Type: text/html
note: URL = Universal Resource Locator. Translated to a TCP/IP address 66.39.89.30
http://www.silicon-press.com/briefs/brief.http/brief.pdf
HTTP Example
• File Transfer Protocolo Used to transfer entire fileso Request-Response protocol (ask & ye shall receive)o Client-server architectureo Runs on top of TCP-based connectiono Separate control and data connectionso It’s two conversations at once
http://www.webmonkey.com/2010/02/ftp_for_beginners/
FTP
• User request to transfer a file Status:Connecting to ftp.fakesite.org ...
Status:Connected with ftp.fakesite.org.
Response:220 ProFTPD 1.2.4 Server (ProFTPD) [109.41.xx.xxx]
Command:USER mcalore
Response:331 Password required for mcalore.
Command:PASS **********
Response:230 User mcalore logged in.
Status:Connected
Status:Retrieving directory listing...
Command:PWD
Response:257 "/users/mcalore" is current directory.
Command:LIST
Response:150 Opening ASCII mode data connection for file list.
Response:226 Transfer complete.
Status:Directory listing successful
FTP Example
Slightly More Interesting Stuff
EHR Security, Using EHRs, BYOD, VPN, Intranets, and
TANSTAAFL
Electronic Health Records
An alphabet soup and a can of worms
• Lots of nameso CPRo EMRo EHRo PHR
• Two varietieso Specialtyo Patient or Longitudinal
• Beware of data silos
Electronic Health Records
• Information accessibility
• Information transportability
• Improved Clinical Outcomeso Qualityo Reduced Medical errors
• Reduced Costso Individualo Societal
• Data mining
EHR Advantages
• Upfront acquisition costs
• Training costs
• Ongoing maintenance costs
• Disruptions in workflows
• Losses in productivity
• Transfer of data entry tasks to providers
• Inaccuracy
• Physician liability risks
EHR Disadvantages
• Information accessibility
• Information transportability
• Improved Clinical Outcomeso Qualityo Reduced Medical errors
• Reduced Costso Individualo Societal
• Data mining
EHR (DIS)Advantages
• Complicationso Interoperabilityo Transferabilityo Data siloageo Lexicon / Terminology
• Concernso Securityo Privacyo Patient Targeting
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3270933/
EHR Complications & Concerns
• Authenticationo One stepo Two step
• Underlying computer security
• Underlying network security
• No holes allowed
EHR Security
• Computer/network steps
• EHR login
• Patient selection
• Patient viewo By encountero By diagnosiso By treatment
EHR Access Practicum
BYOD
It’s really easy until you have to actually support it
• Policy-based
• Allow employees to bring personally owned mobile devices to work and use those devices to access privileged company information and applications
http://en.wikipedia.org/wiki/BYOD
BYOD
• Save company money
• Appease workers
• Users select their own devices
• High device familiarity
• Increased mobility
• Higher job satisfaction
• Improvements in efficiency and productivity
http://www.businesszone.co.uk/blogs/scott-drayton/optimus-sourcing/advantages-and-disadvantages-byod
http://www.mcpc.com/benefits-of-BYOD
BYOD Advantages
• Heterogenous devices
• Lack of control over data
• Security
• Privacy
• Device control / Acceptable use
• Cost-sharing Complications
• Support nightmareshttp://searchconsumerization.techtarget.com/guides/How-to-weigh-BYOD-benefits-and-risks
http://searchconsumerization.techtarget.com/tip/BYOD-pros-and-cons-Spend-less-on-devices-more-on-support
BYOD Disadvantages
Virtual Private Networks
Playing hide-and-seek on the world wide web
• Method of connecting distant computers
• Goes through a public network
• Extends a private network across public network
• Shares functionality
• Security is main goal
http://en.wikipedia.org/wiki/Virtual_private_network
Virtual Private Networks
Intranets
Playing in your own sandbox
• Collection of local network items
• Utilize standard network itemso Hardwareo Softwareo Ethernet, Wi-Fi, TCP/IPo Web browserso Web servers
• Local network using internet technologieshttp://compnetworking.about.com/cs/intranets/g/bldef_intranet.htm
http://medicalexecutivepost.com/2009/06/26/healthcare-intranets-and-extranets/
Intranets
• Lightning can be VPN
• Really *should be*http://www.skullbox.net/intranet.php
Intranets & Extranets
TAANSTAFL
Any guesses?
• There Ain’t No Such Thing As A Free Lunch
• Costs associated with technologieso TCP/IP - overheado HTTP - overhead, interpretation timeo FTP - overheado EHR Security - hassle, inaccuracy, not perfecto BYOD - support, heterogenous nature, securityo VPN - support, complexityo Intranet - support, complexity, overhead
TANSTAAFL
Project Simulation
Kill me now...this is too hard
• The Seven Questionso Whoo Whato Wheno Whyo Whereo Howo What aren’t you telling me?
Implementation Scenario
• The Seven Questionso Who - Dr. Hanna Schreibero What - Wired networko When - Yesterday (it’s always yesterday)o Why - To allow the practice to functiono Where - New Buildingo How - Computer networko What aren’t you telling me? - I dunno
Single Provider’s Office
• Wired workstations
• Limited connectivity
http://en.wikipedia.org/wiki/Computer_network_diagram
Single Provider’s Office
• The Seven Questionso Who - Dr. Hanna Schreiber & Dr. Maddie Pageo What - Wired + Wireless networko When - Yesterday (it’s always yesterday)o Why - To allow the practice to functiono What aren’t you telling me? - I dunno
Multiple Providers
http://www.conceptdraw.com/samples/resource/images/solutions/network-diagram/Network-Diagram.png
Drs. Schreiber & Page
• The Seven Questionso Who - Dr. Colton “I can do better” Harpero What - Wired + Wireless networko Why - Because I can provider better medical careo Where - Right next door in the same buildingo What aren’t you telling me? - I want to crush them
Dr. Colton “I can do better” Harper
• Two networks - one wireless airspacehttp://www.conceptdraw.com/samples/resource/images/solutions/network-diagram/Network-Diagram.png
Dr. Colton “I can do better” Harper
• The Seven Questionso What - Wired + Wireless + Patient Accesso Who - Dr. Josh “Rule the world” Pattersono Why - To provide one-stop medical careo Where - The entire floor above the other practiceso What aren’t you telling me? - Mwahahaha
Dr. Josh “Rule the world” Patterson
Even more complex
• Bandwidth
• Wireless cross-over
• Privacy
• Security
Inter-office Network Issues