Protecting Health Information

Size: px
Start display at page:

Download "Protecting Health Information"

Transcription

1 Agenda Protecting Health Information BRONSON HEALTHCARE GROUP INFORMATION TECHNOLOGY SECURITY ENGINEERING MICHAEL SMITH Personal device usage with sensitive data Mobile devices and BYOD Secure messaging Corporate security measures / breach prevention Enterprise security systems User education and security awareness Questions Posttest Objectives Describe concerns with the use of personal devices in the exchange of patient health information. Explain security measures used to prevent security breaches related to health information. List initiatives to increase healthcare workers awareness of security concerns. BYOD - Personal Devices BYOD - Personal Devices BYOD Bring Your Own Device. Organizational approach to allow and support personal devices in the corporate environment. Gartner Inc. predicts that almost 40% of organizations will rely exclusively on BYOD in 2016, and 85 percent will have some kind of BYOD program in place by BYOD hardware comprised of smartphones, tablet PCs and notebooks. Device population typically consists of Google Android smartphones, Apple iphones / ipads, Blackberry devices and Microsoft Windows smartphones. 1

2 BYOD Driving Forces BYOD - Challenges Allows customers a wide choice of device selection as opposed to company provided / approved devices. Substantial cost savings to organizations that do not provide mobile devices to user populations. Takes advantage of newer devices and cutting edge features. Giving users a choice in device selection which promotes a much higher adoption rate and user satisfaction. High risk approach due to limited control of devices by Information Technology. Difficulties balancing security and ease of use. Ongoing support issues due to a lack of consistency and conformity on devices. Personally installed apps or utilities can compromise the integrity of a device s security. Mobile device carriers each have proprietary releases of (Android) operating systems which creates functionality and encryption issues. Mobile Device Management Mobile Device Management MDM Mobile Device Management. Security software used to monitor, manage and secure mobile devices that are deployed across multiple service providers and operating systems. Policies applied on personal devices to address security issues without being overly intrusive or hindering the user experience. Corporate provided apps are housed in a secure location that is segregated from the rest of the phone. Provides near-instant remote wipe capabilities to remove all data from a lost or stolen device. Encrypts the entire device requiring a passcode to decrypt and access data. Secure Messaging Secure Messaging Breaches can occur when PHI is sent in an unencrypted manner or to the wrong recipient. Once PHI is sent the owner loses control of but maintains responsibility for it. Secure Messaging solutions provide a HIPAA compliant method for sending and receiving PHI between mobile devices. Encrypts text messages, pictures, videos and office documents. Stores sensitive data in an encrypted, password protected and segregated area of the device referred to as a container or locker. Messages can be revoked / returned to sender without requiring recipient approval. 2

3 Protected Health Information Protected Health Information Medical records are worth much more than that of any other stolen personal data on the black market. The average cost of a data breach for a lost or stolen record is $158. Healthcare organizations have an average cost of $360 per record. Stolen data can include names, social security numbers, birth dates, policy numbers, diagnosis codes, prescription histories and billing information. Data is used to commit Medicare fraud, illegally file false claims and obtain drugs or medical equipment to be resold for large profits. Privacy and security firms found that unplanned downtime at healthcare organizations may cost an average of $7,900 a minute. 61% of healthcare organizations reported some form of security incident in These security events cost U.S. hospitals an estimated $1.6 billion each year. Data Loss Prevention (DLP) A system for ensuring end users do not send PHI or financial information outside the corporate network. Antivirus, Antimalware Detects, blocks or quarantines malicious / unwanted infections. Sandboxing Executes untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites without risking harm to the corporate network. Content Filtering Filters, records and secures both regular and encrypted internet traffic. Intrusion Prevention System (IPS) monitors a network for malicious activities such as security threats or policy violations. Security Information and Event Management (SIEM) Provides real-time analysis of security alerts generated by hardware and applications. Removable media encryption Encrypted USB storage devices (thumb drives) requiring complex password to decrypt and access data. Virtual Private Networks (VPN) Secure solution for remote access to corporate network resources. Full Disk Encryption (FDE) Protects all data stored on laptops, desktops, phones and tablets with secure encryption. 3

4 User Awareness and Training User Awareness and Training Require annual review and signature of Acceptable Use and Electronic Communication Policies by end user population. New hire orientation introduces and reinforces security practices and end user responsibility for new employees. Security handbooks available at numerous locations and events as well as electronically. Single point of contact to report ALL security-related incidents or questions (IT Support Center). Minimum working requirements for end users to include annual coursework and training with safeguarding, transmitting and managing PHI and financial data. Security awareness training use mock scenarios to test user awareness. The results can be used for counseling, raising awareness and training. Questions What is your organization doing to protect PHI on mobile devices? What other initiatives could your organization take to raise security awareness? Questions? 4

5 Posttest All of the following are challenges with the use of personal devices in healthcare except: A) Obtaining technical Support B) Cost savings to the organization C) Personal apps compromising security D) Limited control of devices 5

Health Insurance Portability and Accountability Act (HIPAA) Security Requirements for Mobile Healthcare Solutions

Health Insurance Portability and Accountability Act (HIPAA) Security Requirements for Mobile Healthcare Solutions Health Insurance Portability and Accountability Act (HIPAA) Security Requirements for Mobile Healthcare Solutions A white paper on mobility and healthcare This white paper analyzes HIPAA security requirements

More information

Securing Today s Mobile Workforce

Securing Today s Mobile Workforce WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring

More information

Securing Health Data in a BYOD World

Securing Health Data in a BYOD World Business White Paper Securing Health Data in a BYOD World Five strategies to minimize risk Page 2 of 9 Securing Health Data in a BYOD World Table of Contents Page 2 Introduction Page 3 BYOD Adoption Drivers

More information

Mobile Security using IBM Endpoint Manager Mobile Device Management

Mobile Security using IBM Endpoint Manager Mobile Device Management Mobile Security using IBM Endpoint Manager Mobile Device Management Mahendra Chopra Security Solution Architect @ IBM CIO Lab, Innovation mahendra.chopra@in.ibm.com Agenda Market Trends Mobile Security?

More information

HIPAA & Privacy Compliance Update

HIPAA & Privacy Compliance Update HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com

More information

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the

More information

October 2016 Issue 07/16

October 2016 Issue 07/16 IPPF: NEW IMPLEMENTATION GUIDES - IG 1100, IG 1110, IG 1111, IG 1120 and IG 1130 The IIA has released new Implementation Guides (IG) addressing the following standards: Standard 1100: Independence and

More information

HIPAA Compliance & Privacy What You Need to Know Now

HIPAA  Compliance & Privacy What You Need to Know Now HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry

More information

The Future of Mobile Device Management

The Future of Mobile Device Management The Future of Mobile Device Management Simplifying the move from BlackBerry to a multi-os environment MobileIron Advisory Services 415 E. Middlefield Road Mountain View, CA 94043 www.mobileiron.com Table

More information

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on

More information

Mobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference

Mobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference Mobile Technology meets HIPAA Compliance Tuesday, May 2, 2017 MT HIMSS Conference Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare

More information

The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions

The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions The Mobile Risk Management Company Overview of Fixmo and Mobile Risk Management (MRM) Solutions Company Proprietary Information Copyright Fixmo Inc., 2012 Introduction to Fixmo Founded on a simple idea:

More information

Bring Your Own Device (BYOD) Best Practices & Technologies

Bring Your Own Device (BYOD) Best Practices & Technologies Experience the Eide Bailly Difference Bring Your Own Device (BYOD) Best Practices & Technologies Ross McKnight Sr. Network Engineer 406.867.4160 rmcknight@eidebailly.com Agenda Best Practices for BYOD

More information

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013 BYOD Transformation April 3, 2013 Joe Leonard Director, Secure Networks Agenda Joe Leonard Introduction CIO Top 10 Tech Priorities What is BYOD? BYOD Trends BYOD Threats Security Best Practices HIPAA Security

More information

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices. Data Loss Prevention Whitepaper When Mobile Device Management Isn t Enough Your Device Here. Good supports hundreds of devices. Contents Shifting Security Landscapes 3 Security Challenges to Enterprise

More information

MDM is Calling: Does Your Business Have an Answer? arrival. Here To Go. Lunch Dinner. continue. Riiinnggg. Dec. 12

MDM is Calling: Does Your Business Have an Answer? arrival. Here To Go. Lunch Dinner. continue. Riiinnggg. Dec. 12 MDM is Calling: Does Your Business Riiinnggg arrival flight itinerary PLACE ORDER Here To Go Lunch Dinner continue Dec. 12 Riiinnggg Office answer MDM is Calling: Does your Business MDM is Calling: Does

More information

Securing Institutional Data in a Mobile World

Securing Institutional Data in a Mobile World University of Wisconsin Madison Securing Institutional Data in a Mobile World July 13, 2017 Securing Institutional Data in a Mobile World / Agenda 01 What is a mobile device? 02 Protecting institutional

More information

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice

More information

NMHC HIPAA Security Training Version

NMHC HIPAA Security Training Version NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and

More information

Best practices with BYOD. Title. Prepared by: Paul Dalton, Security Consultant

Best practices with BYOD. Title. Prepared by: Paul Dalton, Security Consultant Best practices with BYOD Title Prepared by: Paul Dalton, Security Consultant Table of contents 1. Introduction 3 2. What is BYOD? 4 3. Security considerations for end-user devices 5 4. Security considerations

More information

Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD

Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD The UAMS HIPAA Office Heather Schmiegelow, UAMS HIPAA Privacy Officer Stephen Cochran, UAMS Security Officer Sara Thompson, HIPAA

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is

More information

Compliance & HIPAA Annual Education

Compliance & HIPAA Annual Education Compliance & HIPAA Annual Education 1 The purpose of this education is to UPDATE The purpose and of this education REFRESH is to UPDATE your and REFRESH understanding understanding of: of: Aultman s Compliance

More information

Enterprise Mobile Management (EMM) Policies

Enterprise Mobile Management (EMM) Policies Enterprise Mobile Management (EMM) Policies Best Practices Guide Copyright 2016 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software

More information

Securing Corporate Data on Mobile Devices

Securing Corporate Data on Mobile Devices Protection as a Priority TM Securing Corporate Data on Mobile Devices Abstract Regulating the information flow between various devices has been a top priority for Information Technology (IT) managers.

More information

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use

More information

HIPAA AND SECURITY. For Healthcare Organizations

HIPAA AND  SECURITY. For Healthcare Organizations HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08

More information

BYOD Secure Zoning Between Enterprise and Personal Data on Mobile Devices. 14 November 2013 Rozana Rusli Meling Mudin

BYOD Secure Zoning Between Enterprise and Personal Data on Mobile Devices. 14 November 2013 Rozana Rusli Meling Mudin BYOD Secure Zoning Between Enterprise and Personal Data on Mobile Devices 14 November 2013 Rozana Rusli Meling Mudin Contents 1.0 Bring Your Own Device (BYOD) - Trend or Necessity? 2.0 BYOD Opening Pandora's

More information

Securing Office 365 with MobileIron

Securing Office 365 with MobileIron Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,

More information

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device

More information

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER FORTINET Say Yes to BYOD PAGE 2 Introduction Bring Your Own Device (BYOD) and consumerization

More information

2013 InterWorks, Page 1

2013 InterWorks, Page 1 2013 InterWorks, Page 1 The BYOD Phenomenon 68% of devices used by information workers to access business applications are ones they own themselves, including laptops, smartphones, and tablets. IT organizations

More information

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips

More information

2016 Survey: A Pulse on Mobility in Healthcare

2016 Survey: A Pulse on Mobility in Healthcare 2016 Survey: A Pulse on Mobility in Healthcare Introduction Mobile Trends in Healthcare Mobility in Healthcare Top Motivation for Implementing a Mobile Solution Impact of Mobility on Patient Experience

More information

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016 HIPAA Faux Pas Lauren Gluck Physician s Computer Company User s Conference 2016 Goals of this course Overview of HIPAA and Protected Health Information Define HIPAA s Minimum Necessary Rule Properly de-identifying

More information

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT DATASHEET SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT Silver level EMM Enterprise Mobility Management for Corporate-owned and BYOD devices BlackBerry Enterprise Service 10 is a powerful device,

More information

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013 Securing Wireless Mobile Devices Lamaris Davis East Carolina University 11/15/2013 Attract As more employees prefer to use mobile devices in the workplace, organizations are starting to adopt the Bring

More information

The simplified guide to. HIPAA compliance

The simplified guide to. HIPAA compliance The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act

More information

The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management

The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management The bring your own device (BYOD) trend in the workplace is at an all-time high, and according

More information

ips.insight.com/healthcare Identifying mobile security challenges in healthcare

ips.insight.com/healthcare Identifying mobile security challenges in healthcare ips.insight.com/healthcare Identifying mobile security challenges in healthcare Mobile device adoption is soaring in healthcare environments. Healthcare is one of the fastest-growing industries in the

More information

Mobile Security / Mobile Payments

Mobile Security / Mobile Payments Mobile Security / Mobile Payments Leslie K. Lambert CISSP, CISM, CISA, CRISC, CIPP/US, CIPP/G VP, Chief Information Security Officer Juniper Networks Professional Techniques - Session T23 MOBILE SECURITY

More information

ENCRYPTION: ADDRESSABLE OR A DE FACTO REQUIREMENT?

ENCRYPTION: ADDRESSABLE OR A DE FACTO REQUIREMENT? ENCRYPTION: ADDRESSABLE OR A DE FACTO REQUIREMENT? Jonathan Carroll, MBA, CISSP AVP Enterprise IT Operations Information Security Officer University of Connecticut Why Are We Talking About This? Data breaches

More information

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,

More information

Security and Privacy Breach Notification

Security and Privacy Breach Notification Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains

More information

The Unseen Leak: Faxing in the era of SOX, Gramm-Leach Bliley/PIPEDA and HIPAA

The Unseen Leak: Faxing in the era of SOX, Gramm-Leach Bliley/PIPEDA and HIPAA The Unseen Leak: Faxing in the era of SOX, Gramm-Leach Bliley/PIPEDA and HIPAA December 12, 2006 1 Agenda Introduction Overview of SOX, GLB, PIPEDA and HIPAA Traditional Fax Risk Factors The Solution:

More information

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide Implementing Your BYOD Mobility Strategy An IT Checklist and Guide 2012 Enterproid IBYOD: 120221 Content 1. Overview... 1 2. The BYOD Checklist... 1 2.1 Application Choice... 1 2.2 Installation and Configuration...

More information

Mobile devices boon or curse

Mobile devices boon or curse Mobile devices boon or curse Oliver Ng - Director of Training Kishor Sonawane - India Lead Security Compass Consulting & Training Consumerization According to Apple s chief operating officer, 65 percent

More information

Mobile Technology meets HIPAA Compliance Tuesday, March 28, 2017

Mobile Technology meets HIPAA Compliance Tuesday, March 28, 2017 Mobile Technology meets HIPAA Compliance Tuesday, March 28, 2017 Welcome Thank you for spending your valuable time with us today. This webinar will be recorded for your convenience. A copy of today s presentation

More information

Mobile Device Management: A Real Need for the Mobile World

Mobile Device Management: A Real Need for the Mobile World Mobile Device Management: A Real Need for the Mobile World In today s modern workplace, employees are utilizing a variety of mobile devices both in and out of the office. Gone are the days when employees

More information

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our

More information

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes Effective Date: 01/01/2014 Page 1 of 7 REVISION HISTORY Revision No. Revision Date Authors Description of Changes 1.0 11/04/2013 CISO Populate Into Standard Template APPROVED BY This Policy is established

More information

Managing BYOD Networks

Managing BYOD Networks Managing BYOD Networks SPS-2013 Raghu Iyer raghu.iyer@nevisnetworks.com 1 What is BYOD Bring Your Own Device Are you allowing a Rogue? SPS-2013 Raghu Iyer raghu.iyer@nvisnetworks.com 2 Why BYOD Increased

More information

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security

More information

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Elements of a Swift (and Effective) Response to a HIPAA Security Breach Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information

More information

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision

More information

CSci530 Final Exam. Fall 2011

CSci530 Final Exam. Fall 2011 CSci530 Final Exam Fall 2011 Instructions: Show all work. No electronic devices are allowed. This exam is open book, open notes. You have 120 minutes to complete the exam. Please prepare your answers on

More information

White Paper. Enabling Mobile Users and Staying Compliant. How Healthcare Organizations Manage Both

White Paper. Enabling Mobile Users and Staying Compliant. How Healthcare Organizations Manage Both Enabling Mobile Users and Staying Compliant How Healthcare Organizations Manage Both Enabling Mobile Users and Staying Compliant: How Healthcare Organizations Manage Both Operating in a regulated industry,

More information

Office 365 Buyers Guide: Best Practices for Securing Office 365

Office 365 Buyers Guide: Best Practices for Securing Office 365 Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.

More information

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today White Paper As enterprises mobilize business processes, more and more sensitive data passes through and resides on mobile devices.

More information

Bring Your Own Device Policy

Bring Your Own Device Policy Bring Your Own Device Policy 2015 City of Glasgow College Charity Number: SCO 36198 Page 1 of 9 Table of Contents 1. Introduction... 3 2. Purpose and Aims... 4 3. Scope... 4 4. Policy Statement... 5 4.1

More information

White Paper Securing and protecting enterprise data on mobile devices

White Paper Securing and protecting enterprise data on mobile devices Securing and protecting enterprise data on mobile devices Use cases in mobile Securing and protecting enterprise data, especially in a mobile world, is a complex problem that can be easily solved. Organizations

More information

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017 HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting

More information

HIPAA and HIPAA Compliance with PHI/PII in Research

HIPAA and HIPAA Compliance with PHI/PII in Research HIPAA and HIPAA Compliance with PHI/PII in Research HIPAA Compliance Federal Regulations-Enforced by Office of Civil Rights State Regulations-Texas Administrative Codes Institutional Policies-UTHSA HOPs/IRB

More information

Security Audit What Why

Security Audit What Why What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,

More information

Choosing the Right Solution for Strategic Deployment of Encryption

Choosing the Right Solution for Strategic Deployment of  Encryption Choosing the Right Solution for Strategic Deployment of Email Encryption White Paper: Enterprise Email Encryption Email Protection Buyer s Guide Choosing the Right Solution for Strategic Deployment of

More information

HELPFUL TIPS: MOBILE DEVICE SECURITY

HELPFUL TIPS: MOBILE DEVICE SECURITY HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information

More information

2014 SCCE Compliance & Ethics Institute. Session 506 Bring Your Own Device(BYOD)

2014 SCCE Compliance & Ethics Institute. Session 506 Bring Your Own Device(BYOD) 2014 SCCE Compliance & Ethics Institute Tuesday, September 16, 2014 (11:00 12:00 AM) Session 506 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks,

More information

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida 2014 SCCE Compliance & Ethics Institute Tuesday, September 16, 2014 (11:00 12:00 AM) Session 506 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks,

More information

What is Cybersecurity?

What is Cybersecurity? What is Cybersecurity? Protection against unauthorized access to or use of assets via electronic means Not limited to what we think of as Hacking : Fraud Prevention Misuse of Appropriate Access Important

More information

Five Tips to Mastering Enterprise Mobility

Five Tips to Mastering Enterprise Mobility Five Tips to Mastering Enterprise Mobility Table of Contents Introduction Tip 1: Assess Your Environment Tip 2: Review Security Protocols Tip 3: Be Smart About BYOD Tip 4: Consider Customized Mobility

More information

Cloud Communications for Healthcare

Cloud Communications for Healthcare Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization

More information

Mobility, Security Concerns, and Avoidance

Mobility, Security Concerns, and Avoidance By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to

More information

Compliance in 5 Steps

Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

Trend Micro Guide and solution to help embrace Consumerization and BYOD. James Walker EMEA Product Marketing Manager 26 September 2012

Trend Micro Guide and solution to help embrace Consumerization and BYOD. James Walker EMEA Product Marketing Manager 26 September 2012 Trend Micro Guide and solution to help embrace Consumerization and BYOD James Walker EMEA Product Marketing Manager 26 September 2012 Agenda Consumerization What is it? What should I do? Mobile Security

More information

HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER

HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER Researchers Must Ensure... Electronic Protected Health Information (ephi) in their possession or under their control is secured from unauthorized

More information

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018 DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information

More information

CIPHERPOST PRO. A Profitable, Essential Value-Add for Office 365

CIPHERPOST PRO. A Profitable, Essential Value-Add for Office 365 CIPHERPOST PRO A Profitable, Essential Value-Add for Office 365 Table of Contents Introduction 03 The move to the cloud 04 Address the concerns, embrace 05 the benefits Trust the cloud: Email security

More information

2016 BITGLASS, INC. mobile. solution brief

2016 BITGLASS, INC. mobile. solution brief mobile solution brief BYOD Security has been a constant challenge for many enterprises. Stories of failed MDM deployments are rampant, with firms struggling achieve meaningful adoption. According to the

More information

Information Technology Standards

Information Technology Standards Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this

More information

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing WHITE PAPER Endpoint Security and the Case For Automated Sandboxing A World of Constant Threat We live in a world of constant threat. Every hour of every day in every country around the globe hackers are

More information

8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID

8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID Billing & Reimbursement Revenue Cycle Management 8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID Billing and Reimbursement for Physician Offices, Ambulatory Surgery Centers and Hospitals Billings & Reimbursements

More information

Bring Your Own TVH. Kalman Tiboldi CBIO

Bring Your Own TVH. Kalman Tiboldi CBIO Bring Your Own Device @ TVH Kalman Tiboldi CBIO TVH OVERVIEW PARTS & ACCESSORIES DIVISION EQUIPMENT DIVISION RENTAL DIVISION SERVICE & REPAIR DIVISION 450.000 SKU s 16 mil cross ref. 100.000m² warehouse

More information

Mobile Devices prioritize User Experience

Mobile Devices prioritize User Experience Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile

More information

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created

More information

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities

More information

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS July 2018 WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS JUST WHAT THE DOCTOR ORDERED... PROTECT PATIENT DATA, CLINICAL RESEARCH AND CRITICAL INFRASTRUCTURE HEALTHCARE S KEY TO DEFEATING IOT CYBERATTACKS

More information

It s About the Data, Stupid.

It s About the Data, Stupid. Next Presentation Begins at 16:40 It s About the Data, Stupid. Salo Fajer, Chief Technology Officer It s About the Data, Stupid. Salo Fajer, Chief Technology Officer First, allow me to explain my session

More information

Data Compromise Notice Procedure Summary and Guide

Data Compromise Notice Procedure Summary and Guide Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or

More information

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting

More information

white paper SMS Authentication: 10 Things to Know Before You Buy

white paper SMS Authentication: 10 Things to Know Before You Buy white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling

More information

Cyber Security Issues

Cyber Security Issues RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare

More information

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost

More information

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA) Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA) Introduction: Welcome to Honesty and Confidentiality Lesson Three: The False Claims Act is an important part

More information

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155 THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION Session #155 David Forrestall, CISSP CISA SecurIT360 SPEAKERS Carl Scaffidi, CISSP, ISSAP, CEH, CISM Director of Information Security Baker Donelson AGENDA

More information

HIPAA Federal Security Rule H I P A A

HIPAA Federal Security Rule H I P A A H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created

More information

The essential guide to creating a School Bring Your Own Device Policy. (BYOD)

The essential guide to creating a School Bring Your Own Device Policy. (BYOD) The essential guide to creating a School Bring Your Own Device Policy. (BYOD) Contents Introduction.... 3 Considerations when creating a BYOD policy.... 3 General Guidelines for use (Acceptable Use Policy)....

More information

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,

More information