1.1.3 Security

YOUR PASSWORD & SECURITY

Your password is your digital signature - choose it and use it with care

A Good Password Is:

• a minimum of six characters in length
• composed of alpha characters (both upper and lower case) and numerals
• no alphanumeric character appearing more than once
• not resembling a dictionary entry in any way
• not based on a trivial pattern like a1b2C3 or a family name such as sheldon1
• not written down - memorise it!

CHANGING YOUR PASSWORD

1. In the appointment screen, click the ‘Preference’ tab
2. Click on the ‘Change Your Password’ link
3. Type your old password in the top box
4. Type your new password in the 2nd box
5. Re-type your new password in the 3rd box
6. Click on the UPDATE button

More on Passwords & Physical Security

by Nick Torenvliet

SECURITY: Why the big concern?

By using a variety of security and encryption standards OSCAR, provides a secure system for the safe transmission, storage and review of sensitive patient information. In many installations, OSCAR resides on a remote server publicly accessible on the Internet. Other installations of OSCAR may reside on what is assumed to be a safe internal network or LAN. In either case the security of your patients’ data rests on your efforts. Just as the filing cabinet where patient records may previously have been kept was only as secure as your collective staff effort, modern electronic systems are similarly endowed with security that reflects the efforts of end-users. This should not trouble or dismay you in terms of appreciating the benefits of electronic records; instead it should raise your vigilance in terms of making no compromises when it comes to system security.

WEAKEST LINK IN SECURITY

Your system administrator plays a large role in ensuring the security of your patients’ data, however there are some forms of attack over which administrators have no power. It is widely acknowledged that the weakest link in system security is the user. Since this is true, the first step to good system security is to encourage the end-user to actively participate in engendering safe practices.

THE THREAT OF HACKERS

The first thing you can do is pick a very hard-to-guess password for your OSCAR login. By far, the largest security threat comes in the form of malicious individuals running user name and password lists against a log-in screen. It does not require great skill to crack into a system through a simple password.

All a hacker has to do is find some likely user names for your organisation (perhaps the first and last names of your staff). She/he can then run any of a number of downloadable programs against the OSCAR login screen which will test permutations of the likely user names with literally tens of thousands of commonly used passwords.

DEVELOPING A GOOD PASSWORD

In order to ensure that no one gets into your patients’ record through your password, you need to choose a password with low odds of being guessed. Words found in the dictionary, simple patterns such as a1b2c3 or 36963 and variations of family names such as sheldon1 are very easy to remember but also very easy to guess. It is recommended that you choose a password that you will have trouble remembering, and then that you take the time to memorise it. Your password should be six digits or longer and should contain upper and lower case letters as well as numerals; in addition your password should contain no repeat occurrences of any symbol. A six-digit password chosen according to the rules above has a one in approximately 32.4 billion chance of being guessed by a brute force procedure. Remember your password is your digital signature, so choose it and use it with care.

PHYSICAL ACCESS

Your second means of ensuring the security of your system is to avoid situations where unauthorised physical access could occur.

• Don’t leave patients unattended in rooms where OSCAR is running.
• If it can’t be avoided, use a screen saver with a password lock out. For windows Window Key + L will lock the screen
  
• If you have a local server, keep it under lock and key.