Resource Search Results

Encrypting Data at Rest on Servers: Implications for Health Centers (2016). Resource Type: Publication. Description: It is common practice today to encrypt data at rest, that is, data stored on servers. This is especially applicable to health centers who are less frequently actively transporting data across disparate networks. Like many smaller healthcare organizations, Health Centers are particularly vulnerable to potential attack and infiltration by data hackers for several reasons: they tend to have fewer technical support staff, resource limitations make it harder to assess, implement, and maintain safe data practices, and organizational inertia limits preventive action when no threat is perceived.  It is common practice today to encrypt data at rest, that is, data stored on servers. Like many smaller healthcare organizations, Federally Qualified Health Centers FQHC are particularly vulnerable to potential attack and infiltration by data hackers for several reasons: they tend to have fewer technical support staff, resource limitations make it harder to assess, implement, and maintain safe data practices, and organizational inertia limits preventive action when no threat is perceived. To build off an old adage, no one ever got fired for encrypting their data. But what protection does that really provide? Is just encrypting data enough? First, let’s distinguish between three methods for encrypting data at rest. Full-disk encryption. Most modern operating systems like Linux or Windows Server provide the capability to encrypt their disks in their entirety. This is accomplished with symmetric encryption whereby there is a key or passphrase that a computer operator has to enter when the disks are encrypted and when the system boots to allow access to the data. Typically, the password must be manually entered on the physical server console, though some virtualized and cloud-based environments offer remote passphrase entry and varying degrees of passphrase management and automation. With full-disk encryption, software installed on the server does not need to know or do anything special to operate normally: the operating system provides transparent access to the encrypted data as necessary with very little performance loss. But note that the initial encryption needs to be done on a new disk or set of disks as an existing disk will be wiped clean in the process. So it’s easiest to do this during an initial deployment or migration to a new server. File system encryption. Physical disks are typically divided into one or more file systems by the operating system.  As an alternative to full-disk encryption, file system encryption allows administrators to encrypt only selected file systems or even just selected folders within file systems. This makes it possible to configure a server than can boot without a passphrase; and then require a passphase only after the system is up and running and needs to access its encrypted file systems.  Similar to full-disk encryption, the encryption is transparently provided to applications by the operating system.  Unlike full-disk encryption, developers and administrators need to be careful not to store sensitive files on non-encrypted file systems. Database encryption.  Another way to encrypt data at rest is at the database level: The database software Oracle, SQL Server can provide application-level encryption. Like operating system level encryption, a key or passphrase is entered by an operator when the database starts up, after which all database operations access the encrypted data transparently hence the name: Both Oracle and Microsoft SQL Server call the feature “Transparent Data Encryption”. For servers that may store sensitive data in files outside the database, this provides less protection than encrypting the entire file system, but likely protects the most sensitive data on the system. What kind of protection does encrypting data at rest really provide? Here are a few salient points: Benefits of Encrypting Data at Rest First and foremost, encrypting data at rest protects the organization from the physical theft of the file system storage devices which is why end-user mobile devices from laptops to cell phones should always be encrypted. While this might sound unlikely, the physical disk devices are only as secure as the data center where they are located. While data center access control policy is usually quite strict, in practice it can be quite lax. Door entry can employ weak precautions like old push-button unlock devices, and the proliferation of easily-swappable modular disks for quick maintenance makes removing a disk quite easy. Encrypting data at rest can protect the organization from unauthorized access to data when computer hardware is sent for repair or discarded. Encrypting data at rest can help to satisfy information security or regulatory requirements such as the Payment Card Industry Data Security Standard PCI DSS or the Health Insurance Portability and Accountability Act HIPAA. In some deployments, the actual file system where data resides is somewhat disconnected from the server upon which applications are loaded either through the use of a storage area network SAN or cloud-based storage. This introduces the possibility that an intruder could break in to the storage subsystem but not the rest of the system. Encrypting the storage subsystem can protect against such attacks. Limitations of Encrypting Data at Rest Encryption of data at rest provides little protection against intrusions in which a hacker gains remote privileged access to a running server in which the passphrase has already been entered. Even more so, if the applications that access the encrypted files or databases web applications, query systems are not themselves secured, a hacker who penetrates one of these applications gains access to the data, whether it is encrypted or not. For database encryption, note that some database management systems only support data encryption in more advanced read more expensive versions of the software. When full-disk encryption is enabled on a physical non-virtualized server, remember that an operator – a human being – will need to type the passphrase into a console whenever the system starts up. For database-level encryption, the passphrase will need to be entered when the database starts up. While this intervention increases the level of protection, it is at the expense of convenience, as systems cannot reboot automatically without a passphrase or even without someone actually being in the server room which can be especially inconvenient if the system manager is not collocated with the hardware. File system encryption can mitigate some of these startup issues. And, of course, if that passphrase is ever lost your data will be encrypted forever. Special Considerations for Virtualized and Cloud-based Environments As mentioned, some virtualized and cloud-based environments offer remote passphrase entry and varying degrees of passphrase management and automation for full-disk encryption – but be aware that there is often a tradeoff between convenience and security with automated solutions. For example, if a cloud provider keeps your passphrase and automatically provides it to the operating system at boot time, the level of security offered by the full-disk encryption solution is largely dependent on how securely the cloud provider manages the passphrase. While encrypting data at rest can be a useful component in a data security toolbox, it must be implemented with a full understanding of the protection it does and does not provide. Organizations should consult with their vendors, data security staff, system staff, and application staff to determine an appropriate set of actions to secure institutional data. More Details...

Ending the HIV Epidemic (EHE)-Primary Care HIV Prevention (PCHP): Training and Technical Assistance Resources for PCHP Awardees (2022). Resource Type: Publication. Description: This resource list contains training and technical assistance (T/TA) materials developed by BPHC-supported T/TA Partners and curated by BPHC to address the following top four TA areas requested in the FY 2021 PCHP applications. Also included are links to more general BPHC-supported and Federal EHE resources. More Details...

Ending the HIV Epidemic Collaborative: E-Clinical Works (2020). Resource Type: Collaborative. Description: Peer to peer sharing. If you are a Primary Care HIV Prevention (PCHP) funded health center that struggles with clinical decision support, tracking HIV prevention and treatment outcomes, your peers can share innovative ideas and strategies to help you find solutions. Relationship building. This is a unique opportunity for PCHP health centers to get together to share ideas around HIV screening and prevention. The EHE Collaborative is an opportunity to build relationships with other PCHPs. Improved technical assistance and training. Your participation in this roundtable helps HITEQ tailor our training and technical assistance services to serve you better. More Details...

Ending the HIV Epidemic Collaborative: E-Clinical Works (2020). Resource Type: Collaborative. Description: Peer to peer sharing. If you are a Primary Care HIV Prevention (PCHP) funded health center that struggles with clinical decision support, tracking HIV prevention and treatment outcomes, your peers can share innovative ideas and strategies to help you find solutions. Relationship building. This is a unique opportunity for PCHP health centers to get together to share ideas around HIV screening and prevention. The EHE Collaborative is an opportunity to build relationships with other PCHPs. Improved technical assistance and training. Your participation in this roundtable helps HITEQ tailor our training and technical assistance services to serve you better. More Details...

Ending the HIV Epidemic Collaborative: Greenway (2020). Resource Type: Learning Collaborative. Description: Peer to peer sharing. If you are a Primary Care HIV Prevention (PCHP) funded health center that struggles with clinical decision support, tracking HIV prevention and treatment outcomes, your peers can share innovative ideas and strategies to help you find solutions. Relationship building. This is a unique opportunity for PCHP health centers to get together to share ideas around HIV screening and prevention. The EHE Collaborative is an opportunity to build relationships with other PCHPs. Improved technical assistance and training. Your participation in this roundtable helps HITEQ tailor our training and technical assistance services to serve you better. More Details...

Ending the HIV Epidemic Collaborative: Greenway (2020). Resource Type: Collaborative. Description: Peer to peer sharing. If you are a Primary Care HIV Prevention (PCHP) funded health center that struggles with clinical decision support, tracking HIV prevention and treatment outcomes, your peers can share innovative ideas and strategies to help you find solutions. Relationship building. This is a unique opportunity for PCHP health centers to get together to share ideas around HIV screening and prevention. The EHE Collaborative is an opportunity to build relationships with other PCHPs. Improved technical assistance and training. Your participation in this roundtable helps HITEQ tailor our training and technical assistance services to serve you better. More Details...

Ending the HIV Epidemic Collaborative: Next Gen: HITEQ Ending the HIV Epidemic Collaborative (2020). Resource Type: Learning Collaborative. Description: Peer to peer sharing. If you are a Primary Care HIV Prevention (PCHP) funded health center that struggles with clinical decision support, tracking HIV prevention and treatment outcomes, your peers can share innovative ideas and strategies to help you find solutions. Relationship building. This is a unique opportunity for PCHP health centers to get together to share ideas around HIV screening and prevention. The EHE Collaborative is an opportunity to build relationships with other PCHPs. Improved technical assistance and training. Your participation in this roundtable helps HITEQ tailor our training and technical assistance services to serve you better. More Details...

Ending the HIV Epidemic Collaborative: Next Gen (2020). Resource Type: Learning Collaborative. Description: Peer to peer sharing. If you are a Primary Care HIV Prevention (PCHP) funded health center that struggles with clinical decision support, tracking HIV prevention and treatment outcomes, your peers can share innovative ideas and strategies to help you find solutions. Relationship building. This is a unique opportunity for PCHP health centers to get together to share ideas around HIV screening and prevention. The EHE Collaborative is an opportunity to build relationships with other PCHPs. Improved technical assistance and training. Your participation in this roundtable helps HITEQ tailor our training and technical assistance services to serve you better. More Details...

Ending the HIV Epidemic Collaborative: Other EHRs (2020). Resource Type: Learning Collaborative. Description: Peer to peer sharing. If you are a Primary Care HIV Prevention (PCHP) funded health center that struggles with clinical decision support, tracking HIV prevention and treatment outcomes, your peers can share innovative ideas and strategies to help you find solutions. Relationship building. This is a unique opportunity for PCHP health centers to get together to share ideas around HIV screening and prevention. The EHE Collaborative is an opportunity to build relationships with other PCHPs. Improved technical assistance and training. Your participation in this roundtable helps HITEQ tailor our training and technical assistance services to serve you better. More Details...

Ending the HIV Epidemic: The Health Center Role: HITEQ Highlights Webinar (2020). Resource Type: Archived Webinar. Description: This presentation will be led by Dr. Tim Long, and will focus on the four pillars of Ending the HIV Epidemic and primary care HIV prevention. This webinar will focus on the clinical aspects of Ending the HIV epidemic, and use of health IT and EHR to support clinical care. More Details...

Endocrinology TeleECHO Clinic: Endo ECHO (n.a.). Resource Type: E-Learning. Description: The Endocrinology TeleECHO Clinic (Endo ECHO) trains and supports primary care providers in rural and underserved communities to improve their knowledge of and skill in the care and management of patients with endocrinologic needs. Issues like complex diabetes, thyroid disease, adrenal and pituitary disorders, hypogonadism, Polycystic Ovary Syndrome (PCOS), hyperlipidemia, metabolic bone disorders and transgender health are discussed weekly in a community of practice with a team of experts. More Details...

Engaging Families of Transgender and Gender Diverse Youth (2021). Resource Type: Archived Webinar. Description: In this webinar, participants will learn strategies for engaging families and caregivers in supporting transgender and gender diverse (TGD) children and youth. Webinar attendees will explore best and promising practices for implementing interventions in order to decrease family rejection, improve physical and mental health outcomes, and ensure safe and stable housing for TGD youth. More Details...

Engaging Health Centers in the Human Rights Campaign's Healthcare Equality Index to Advance LGBTQIA+ Equity (2023). Resource Type: Archived Webinar. Description: Health centers strive to create an environment where all patients, visitors, and employees feel safe, affirmed, and respected. How do you know if your health center is truly meeting those needs? One way is to participate in the upcoming Healthcare Equality Index (HEI) survey from the Human Rights Campaign (HRC). This biennial survey evaluates and scores healthcare facilities on detailed criteria under four central pillars: Foundational Policies and Training in LGBTQIA+ Patient-Centered Care; LGBTQIA+ Patient Services and Support; Employee Benefits and Policies; and, Patient and Community Engagement. More Details...

Engaging High-Functioning Managers for Retention (2020). Resource Type: E-Learning. Description: In this course you will learn about the fundamental role high-functioning managers play in your health center's retention efforts. High-Functioning Managers is one of the STAR² Center's Core Components for a robust health center workforce. This core component will serve as the driving force for the content presented in this course. More Details...

Engaging Leadership and Organizational Change (2022). Resource Type: Archived Webinar. Description: This talk is from the 2022 Advancing Excellence in Transgender Health Care Conference. More Details...

Engaging the Data Creators: Involving Front-Line Staff in the Health IT Enabled QI Process (2016). Resource Type: Publication. Description: This brief discusses the importance of including frontline staff such as front desk, intake staff, and medical assistants in Health IT Enabled QI process, as they are often the ‘data creators’ or the ones entering the information into the system. Real world examples as well as suggested approaches and further resources are included. The data that is generated within health centers through entry into the EHR or practice management system and used for myriad purposes such as decision support, reporting, and quality improvement is often input by front-line staff. This may include front desk staff who enter information on intake forms, medical assistants who enter height, weight, and vital signs, among others. Another way to look at it is the information that health center leadership, providers, and payers are using to make decisions is often ‘created’ by entry level staff that may have less training and higher turnover. For these reasons, it is critically important to consider these ‘data creators’ in quality improvement activities that are undertaken. More Details...

Engaging the Families of Transgender and Gender Diverse Children (2021). Resource Type: Publication. Description: This publication engages pediatric primary care providers, mental health providers, health center administrators and support staff in learning how to actively engage families in the support of their transgender and gender-diverse (TGD) children, with the aim of improving the health outcomes for TGD youth. More Details...

Engaging Youth in Mobile Vaccine Programs (44454). Resource Type: Archived Webinar. Description: This webinar features the COVID-19 vaccination experience at Hawai‘i Pacific Health, including their successful mobile vaccination program with direct youth engagement at schools and community centers. Our speaker shared strategies to build these innovative partnerships . More Details...

Enhancing Health Center & Housing Authority Partnerships with AmeriCorps VISTA (42836). Resource Type: Archived Webinar. Description: This webinar describes the AmeriCorps VISTA program and the ways in which VISTA members can support health center and housing authority partnerships. More Details...

Enhancing Healthcare Access for Special Populations Through Telehealth and Home Visitation Services: NCHPH Webinar (2023). Resource Type: Archived Webinar. Description: Hosted by the National Nurse-Led Care Consortium and the National Center for Health in Public Housing, this 2-part webinar series discussed promising practices in home visitation and telehealth as ways to support improved access to comprehensive primary care for communities with high levels of disability, and isolation, lack of adequate transportation, and other social drivers of health that contribute to health inequities, particularly residents of public housing. More Details...