Introduction

You might be wondering why after all these years I am writing about the basics of computers and Internet concepts. The answer is simple. I believe there is a huge gap between what you ought to know to cope with the technological advances and what you actually know.

You may be aware of most of computer and internet concepts as healthcare professionals. IT departments in your organizations may have spent hours designing presentations to explain these concepts. The only difference between this work and what you learnt in your organizations is – I am explaining these concepts in a simple language with analogies from real life and medical world. If you compare and contrast a computer and a human being, both work in a similar way. The major difference between the two being, computers are much simpler in nature. Computers do not have reproductive system, respiratory system etc.

The Government while working on regulations, software companies are bullish about the growth opportunities in the Industry especially with the rise in demand for quality of healthcare strutted with exponential growth in number of patients of all ages, it is right time (if not late) to adopt and use computer and Internet tools as you use scalpels to perform day to day activities in your hospital facilities.

This guide is a reference for all the healthcare professionals (physicians, nurses and others) who want a fresh perspective on how IT works from basics of Internet (browser, login etc…) to robots and virtual operations so you can cope with future technological advances. After all you are a physician – you mastered the tough part, a medicine degree; what’s in a computer; it is just a tool.

The following table of contents covers some of the topics that I would cover in this blog site. However I will kick start the dialogue with Security.

Table of Contents:

Software Product life cycle

Basics of Internet

• Browser and its capabilities
• Internet / application speeds

Security (the most dreaded)

• User Ids/Passwords
• Alternative Authentication methods
• Single Sign On and Portals
• Threats and protection
• Secure Information Exchange

Networks

• IP Address
• Firewalls
• Gateways

Security

We are using computer and Internet applications in our day-to-day work for years now and yet we complain about the user id(s) and passwords that are required by these applications to maintain security. This form of authentication is necessary for many reasons. Why authentication is necessary for our applications is not a part of this discussion; rather lets take it for granted that these are necessary.

Lock + Keys = User ID + Password

Application security is a very simple concept if we think about it. We use keys to open and lock our doors. The set of keys that we carry is unique. Keys that we use are of different types; house keys, car keys, safe keys among others. We don’t want others to get a handle of our keys. The same is the concept with our user id(s) and passwords. They are unique like our door lock and key sets. The complex the user id and password combination, the better because it would be very difficult to crack the password. The complex our safety equipment, the secure we feel.

Fortunately we don’t have to purchase user id(s) and passwords like we do physical lock and key sets. All we have to do is select a password that is very difficult for others to predict. That is why your IT department always asks you to create cryptic passwords. In your organization this rule is almost enforced because they cannot compromise with the security of information that is being exchanged between computers and users. The cost is too high to take any such chances especially in healthcare industry.

Multiple keys to protect each individual possession
=
Multiple User ID and Passwords for each individual system

There is a definite inconvenience with this approach though. There are many systems we access on a daily basis for patient and other clinical/insurance information. And each of these systems require us to provide a unique user id and password. As a result you have to remember many user id and password combinations. The systems are so disparate, it is very difficult to integrate them to work seamlessly. Even if there is a solution, it is very expensive to implement the solution with huge risk of incomplete integration and access problems. This is why we use multiple user id(s) and passwords to access information from different systems. For now lets just think that it is not possible to open your house’s main door, garage door, safe and car with one key. We have to use different keys.

One easy solution to this problem is to keep your passwords same for all the applications. Your user id may change from system to system and application to application but you can always keep your password same. If you have to change the password for one system, then change it for all systems. Caution though that you do not share the password with anyone or write it on piece of paper and leave it on your desk reference purposes. Also try to make it as cryptic as possible with combination of letters, numbers, mixed characters (CAPITAL letters etc). This trick works fine and I have advised the same to many people. Some examples could be "itI75Nfw" meaning "i take I75 North for work" or "mcatUFM" meaning "my child attends to University OF Michigan".

As there are advances in physical access systems with biometric finger print scans, retinal scans etc, similar advances have been taking place in computer industry. Single Sign On (SSO) is expected to revolutionize the industry with its promises but the problem unfortunately still persists. It is costly and difficult to implement SSO at least in mid sized companies. This usually is the case with healthcare organizations; information technology is not their bread and butter and your organization is no exception.

SSO = Master key(User ID + Password) to access all systems

If SSO is implemented, then you can access most of the system resources (if not all) with single logon to your network or portal. After the login, you can access all other systems as you access microsoft word in your machine. Authentication is still required, but the system takes care of it.

Portal = Superstore

Portal is another buzzword we keep hearing in the industry today. Perhaps by now you all know what a portal is. If not, imagine your superstore (walmart, samsclub, meijer etc). These are the places we go for our shopping everyday because we get everything at one place from plastic spoons to golf kits. We don’t like to shop at 10 different stores because it is time consuming. So we find a place where we get everything. Your organization portal is same thing. The information that you need most and use most is available in your portal at one place. Now, you don’t have to go to 10 different websites searching for information. It is all inbuilt in this tool for you. Portals are in fact better than these super stores in that you can customize your portal to suit your daily needs. Now simply imagine if you could rearrange samsclub to suit your personal purchase list (home improvement equipment next to music and video game controls). Perhaps this is not possible. But such flexibility is usually provided within your portals. You can rearrange information in a portal to suit your reading habit and preference.

There are different levels of security that is maintained in every organization. Infrastructure (computer and network) , Application security etc. Infrastructure is secured with firewalls and antivirus programs that constantly safe guard your network and machines and data within like our soldiers protect us at the borders. A firewall is nothing but a simple computer application that protects your machine from the outside world. It is much like a watchman at the main gate of your house. A firewall works in the same way, it acts as a gate keeper to your network and watches and monitors every bit of information that passes through the gate (computer).

Antivirus Software = Immune System

Antivirus system/software is much like your immune system. It constantly checks the health of your computer and keeps you informed about the same. Similar to a human body, computers are susceptible to viruses. When a virus attacks us, our immune system takes appropriate measures to kill the bacteria. If it cannot kill the bacteria, then we fall sick. Then we take antibiotics and pills to kill the virus. In the same way, a virus protection system constantly tries to watch the system health and if attacked by a virus, tries to tell the owner what needs to be done. If you have an anti virus system installed on your machine, the software vendor usually provides automatic updates to the softwares. At this time, the patch is downloaded to your machine and it kills the virus in your machine.

https = Secure Information

The biggest and most dreaded question everyone has – IS MY INFORMATION SECURE? Simply the answer is “Yes”. Organizations go over and beyond in IT budget allocations and planning to implement and maintain security. This is especially true in healthcare and banking industry. To put it simply whenever NPPI (Non Public Personal Information) data is sent or received, it is passed over secure network connections in encrypted formats. How to make sure your data is encrypted and sent via secure channels? If you see “https://” instead of "http://" on the browser, that means the information exchanged between client and server is via secure communication channels and that the data is encrypted before it is sent to the server. The receiver (server) receives the decrypted data at the other end automatically and responds to the sender with information via secure communication channel again. There is no possibility for eves dropping in this case. Your information is secure.

Client Server = Patient Physician

Client is requester of information and Server is the responder. Simply put, a physician is a server and a patient is a client. Client (patient) requests for information and doctor (server) responds to the questions and concerns of the patient (client). As physicians maintain the privacy of their patients, client and server maintain the same privacy of information exchanged between them.