HCISPP HealthCare Information Security and Privacy Practitioner

Size: px
Start display at page:

Download "HCISPP HealthCare Information Security and Privacy Practitioner"

Transcription

1 HCISPP HealthCare Information Security and Privacy Practitioner

2 William Buddy Gillespie, HCISPP Global Academic Instructor (ISC)² Former Healthcare CIO Chair Advocacy Committee, 2

3 Healthcare Information Security and Privacy Practitioner (HCISPP) Introduction & Background HCISPP & (ISC)² Why HCISPP and Who? Why Get Certified? HCISPP Domain(s) Overview Exam Overview Questions & Discussion 3

4 Overview This introductory session to the certification training course for HCISPPs provides an overview of the course objectives and content. Take away an overall perspective of the key areas of knowledge consisting of the six domains which cover: Healthcare Environment Regulatory Environment Privacy and Security in Healthcare Information Governance and Risk Management Information Risk Assessment Third Party Risk Management Learn that the purpose of the HCISPP certification is to confirm a foundational level of performance tasks, knowledge, and abilities relating to the security and privacy of health care information 4

5 Introduction The HCISPP Common Book of Knowledge (CBK) and certification is unique from the perspective that it is designed to specifically address the privacy and security of Protected Health Information (PHI) encompassing both the regulatory requirements and appropriate solutions. 5

6 Introduction Healthcare Information Security and Privacy Practitioners (HCISPPs) are at the forefront of protecting patient health information. These are the practitioners whose foundational knowledge and experience unite healthcare information security and privacy best practices and techniques under one credential to protect organizations and sensitive patient data against emerging threats and breaches. Backed by (ISC)², a global not-for-profit organization that delivers the gold standard for information security certifications, the HCISPP credential confirms a practitioner s core knowledge and experience in security and privacy controls for personal health information. 6

7 The HCISPP Certification HealthCare Information Security and Privacy Practitioner (HCISPP) Foundational global standard Bridging the gap between security and privacy Backed by (ISC)² - International Information Systems Security Certification Consortium Global, not for profit, member-driven organization 7

8 CompTIA RHIA HCISPP HIMSS CAHMS and CPHIMS CPHIT 8

9 Salary Survey (ISC)² Certs Make Top of Cert Mag Salary Survey With U.S. and world salaries combined from Certification Magazine s Salary Survey, (ISC)² certs have four out of the top five. CSSLP, CAP, HCISPP, CISSP and concentrations - ISSAP, ISSEP and ISSMP, all made the list within the top 35. 9

10 Who is (ISC)²? Established in 1989 Not-for-profit consortium of information security industry leaders Global leaders in certifying and educating information security professionals throughout their careers Offered the first information technology-related credentials to be accredited to ANSI/ISO/IEC Standard Global standard for information security (ISC)² CBK, a compendium of information security topics Board of Directors Top information security leaders worldwide Over 100,000 certified professionals in more than 135 countries Produce the only Global Information Security Workforce Study 10

11 Why HCISPP? Healthcare sector is one of the largest and fastest growing employers in the world But sector is dealing with increasingly complex Health Information Technology (HIT) environment Massive migration to electronic health records (EHR) Mandated exchange of EHR with other health providers New security challenges with use of mobile devices, migration to cloud Making matters worse: Oversight agencies doling out harsh penalties for information breaches and failure to maintain reasonable and appropriate safeguards Result: Privacy and security of personal health information has become a globally recognized headline issue and priority 11

12 Why HCISPP? In spite of privacy & security focus: Human error remains largest contributor to health information breaches! Healthcare organization now recognize the criticality of mitigating risk through improved hiring and training practices to ensure their security and privacy practitioners are qualified This industry needs a credentialing program to validate a practitioner s core knowledge, skills, and qualifications to protect and keep secure vital healthcare information. HCISPP aims to do just that! 12

13 Why become an HCISPP? Validate your experience, skills, and commitment to privacy as a healthcare practitioner. Demonstrate your qualifications to implement, manage, or assess the appropriate security and privacy controls for your healthcare organization. Advance your career with the only certification that establishes your foundational practitioner knowledge, experience, and competency in health information security and privacy best practices 13

14 Who are HCISPPs? HCISPPs are the practitioners whose foundational knowledge and experience unite healthcare information security and privacy best practices and techniques under one credential to protect organizations and sensitive patient data from emerging threats and breaches. 14

15 HCISPP Candidates Compliance Officer Information Security Manager Privacy Officer Compliance Auditor Risk Analyst Medical Records Supervisor Information Technology Manager Privacy & Security Consultant Health Information Manager Business Associates 15

16 Experience Requirements Minimum of two years of cumulative experience in one domain in the HCISPP CBK. One of the two year experience requirement must be in healthcare. Domain 1: The Healthcare Industry Domain 2: Regulatory Environment in Healthcare Domain 3: Privacy and Security in Healthcare Domain 4: Information Governance and Risk Management Domain 5: Information Risk Assessment Domain 6: Third Party Risk Assessment 16

17 Member Benefits Continuing Education Network with Infosec Experts Discounts Infosecurity Professional Magazine Free Tools and Reports Volunteer Opportunities 17

18 HCISPP COMMON BODY OF KNOWLEDGE (CBK) DOMAIN(S) OVERVIEW

19 HCISPP Six Domains Healthcare Industry understand the diversity of the healthcare industry; types of technologies & information flows that require various levels of protection; and how healthcare info is exchanged Regulatory Environment understand relevant legal and regulatory requirements related to health information, including trans-border data exchange, to help ensure policies and procedures are compliant Privacy and Security in Healthcare basic understanding of security and privacy concepts and principles; relationship of security and privacy; and types of information requiring protection 19

20 HCISPP Six Domains Information Governance and Risk Management understand how organizations manage information risk through governance Information Risk Assessment understand risk assessment concepts and be able to participate in risk assessment practices and procedures Third Party Risk Management help manage 3rd party relationships and determine when additional security & privacy assurances needed 20

21 Healthcare Industry Domain Objectives Identify the different types of health care organizations Identify the various health care information technologies Define the different aspects of health insurance, including processing claims, coding, billing, and reimbursement Describe the regulatory environment with regard to security, privacy, and oversight Explain the processes of clinical research and the requirements for public health reporting Describe the management of health care records Identify external third-party requirements Explain the Foundational Health Data Management Processes 21

22 Healthcare Industry Domain Six Modules Types of Organizations in the Health Care Sector Health Information Technology (HIT) Health Payment Models Operations External Third Party Foundational Health Data Management Processes 22

23 Regulatory Environment Domain Objectives Identify and interpret all applicable regulations related to the health care information industry Describe the international regulations and controls pertaining to the health care industry Identify policies, procedures, and standards needed for the internal organization based on new information security and privacy policies and procedures Describe the health care industry compliance frameworks Identify the different risk-based decision processes Define the health care information industry environment code of ethics and reasons for compliance 23

24 Regulatory Environment Domain Six Modules Identify Applicable Regulations International Regulations and Controls Compare International Practices Against New Policies and Procedures Compliance Frameworks Responses for Risk-Based Decision Making Understand and Comply with Code of Ethics/Conduct in a Health Information Environment 24

25 Privacy and Security Domain Objectives Describe basic objectives of security based on confidentiality, integrity, and availability Provide definitions and concepts of generally used security terms Describe the general privacy principles as defined by the health care industry Compare and contrast the relationship between security and privacy Define the different categories of sensitive data 25

26 Privacy and Security Domain Objectives Describe the unrelated nature of health care data handling implications Define terms specific to security and privacy for the health care industry 26

27 Privacy and Security Domain Five Modules Security Objectives General Security Definitions/Concepts General Privacy Principles The Relationship Between Privacy and Security The Disparate Nature of Sensitive Data and Handling Implications 27

28 Information Governance & Risk Domain Objectives Define security and privacy with regard to information and governance and their structures List and describe risk management methodologies Describe the risk management life cycle Explain the risk management activities that are specific to the health care industry 28

29 Information Governance & Risk Domain Four Modules Security and Privacy Governance Basic Risk Management Methodology Information Risk Management Life Cycles Participate in Risk Management Activities 29

30 Information Risk Assessment Domain Objectives Describe the risk assessment processes, procedures, and concepts as they relate to the health care industry Use organizational risk frameworks to identify the control assessment procedures Based on the organizational role, participate in the risk assessment Identify ways to mitigate and reduce gaps in information risk 30

31 Information Risk Assessment Domain Four Modules Risk Assessment Identify Control Assessment Procedures Within Organizational Risk Frameworks Participate in Risk Assessment Consistent with Role in Organization Participate in Efforts to Remediate Gaps 31

32 Third-Party Risk Management Domain Objectives Define what constitutes a third party within the health care industry Define processes for maintaining third-party health care organizations Describe the management standards and best practices for engaging with third parties in the health care industry Identify the required third-party assessments Define the role regarding the supporting activities for third-party assessments 32

33 Third-Party Risk Management Domain Objectives Identify messaging requirements for responding to security and privacy incidents Describe the connectivity requirements for third parties Describe responsibilities in the promotional awareness of all third-party requirements Identify requirements for participation in remediation efforts Describe the process for responding to third-party events regarding security and privacy 33

34 Third-Party Risk Management Domain Ten Modules The Definition of Third Parties in Health Care Context Maintain a List of Third-Party Organizations Engaging with Third Parties to Enhance Compliance Determine When Third-Party Assessment Is Required Support Third-Party Assessments and Audits Respond to Notifications of Security/Privacy Events 34

35 Third-Party Risk Management Domain Ten Modules Support Establishment of Third-Party Connectivity Promote Awareness of Third-Party Program Requirements Participate in Remediation Efforts Respond to Third-Party Requests Regarding Privacy/Security Events 35

36 Examples of Healthcare Oversight Penalties In August, 2013, U.S. Health & Human Services (HHS) Office for Civil Rights (OCR) settled with a New York-based non-profit managed care plan for $1.2 million after the entity admitted to inadvertently disclosed PHI of more than 300,000 individuals. In March, 2012, a health plan provider in Tennessee agreed to pay HHS $1.5 million for failure to implement appropriate administrative safeguards to adequately protect information. Settlement also required the health plan to review, revise, and maintain its Privacy and Security policies and procedures, to conduct regular and robust trainings for all [pertinent] employees 36

37 Largest HIPAA Settlement to Date Two New York-based hospitals paid out $4.8 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) for failing to secure thousands of patients electronic protected health information (ephi) held on their network Read more on the OCR website 37

38

39 HCISPP EXAM PROCESS & STUDY TIPS

40 Summary of Certification Process Obtain the required experience Register for 3-day Pre-Cert Prep Course at Harrisburg University Study for the exam Register for the exam Pass the exam Applicant Endorsement Form Maintain the certification 40

41 The HCISPP Exam 125 Multiple Choice Questions Always provided four possible answer Three hours to complete Required score of 700 points out of a possible 1000 Schedule at any Pearson Vue Center worldwide 41

42 Create a Study Plan Set a goal: schedule your exam date Attend the Official (ISC)² Prep-Course training at Harrisburg University May 16, 17 and 18th Read the Official (ISC)² textbook Study the HCISPP Flash Cards Take advantage of (ISC)² s free study resources (exam outline) 42

43 Official HCISPP (ISC)² Prep-Course Up-to-date courseware Taught by an authorized (ISC)² GAP instructor Student handbook Collaboration with classmates Real-world learning activities and scenarios Interactive and engaging learning techniques Fun! 43

44 3-Day Intensive HCISPP Prep- Course at Harrisburg University DATES: May 16-18, 2016 TIME: 8:30 am 4:30 pm LOCATION: Harrisburg University, 326 Market Street, Harrisburg, PA REGISTRATION: Early-bird rate: $1, Register early and save! Valid until April 15, Regular rate after April 15: $1, Registration includes lunch, discount code for the exam, course materials and practice exam. Learn more and register online at: 44

45 QUESTIONS? THANK YOU FOR ATTENDING!

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES (ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES (ISC)² Continuing Professional Education credits (CPEs) Policies & Guidelines (rev. 4-08) (ISC) 2. All contents and marks are the

More information

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES (ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES (ISC)² Continuing Professional Education credits (CPEs) Policies & Guidelines (rev. 3-09) (ISC) 2. All contents and marks are the

More information

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative

More information

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing

More information

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements

More information

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS Good IT governance is a key element of a well-performing enterprise. Enterprises need qualified information

More information

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

E-guide CISSP Prep: 4 Steps to Achieve Your Certification CISSP Prep: 4 Steps to Achieve Your Certification Practice for the exam and keep your skills sharp : Thank you for downloading our CISSP certification guide. Aside from this handy PDF, you can also access

More information

Professional Evaluation and Certification Board Frequently Asked Questions

Professional Evaluation and Certification Board Frequently Asked Questions Professional Evaluation and Certification Board Frequently Asked Questions 1. About PECB... 2 2. General... 2 3. PECB Official Training Courses... 4 4. Course Registration... 5 5. Certification... 5 6.

More information

GUIDELINES FOR SUBMITTING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS

GUIDELINES FOR SUBMITTING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS GUIDELINES FOR SUBMITTING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS (ISC) 2 CISSP Recertification Guidelines (rev. 8-06) Page 1 of 16 CONTENTS Introduction... 3 CPE Record Keeping... 4 CPE Credit

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

CyberVista Certify cybervista.net

CyberVista Certify cybervista.net ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify CyberVista offers the industry s most comprehensive cybersecurity training

More information

ISSP Sustainability Professional Certifications UPDATE: November 20, 2017

ISSP Sustainability Professional Certifications UPDATE: November 20, 2017 ISSP Sustainability Professional Certifications UPDATE: November 20, 2017 Certification Overview ISSP-SA Exam ISSP-CSP Exam Credential Maintenance Education Partners Program Next Steps Get Involved! Maureen

More information

Certification Exam Outline Effective Date: September 2013

Certification Exam Outline Effective Date: September 2013 Certification Exam Outline Effective Date: September 2013 About CAP The Certified Authorization Professional (CAP) is an information security practitioner who champions system security commensurate with

More information

Working with investment professionals

Working with investment professionals Working with investment professionals www.uksip.org UKSIP is a member society of UKSIP - its four defining characteristics Professional excellence in its core activities These activities are: Support and

More information

Policy. Policy Information. Purpose. Scope. Background

Policy. Policy Information. Purpose. Scope. Background Background Congress enacted HIPAA Privacy & Security Compliance Policy Policy Information Policy Owner: (TBD Possibly HIPAA Privacy and Security Official or Executive Director of University Ethics and

More information

Personnel Certification

Personnel Certification Personnel Certification Facilitating the Growth of a Global Economy Roy A. Swift, Ph.D. Senior Director, Personnel Credentialing Accreditation Programs American National Standards Institute Building a

More information

ISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

ISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard Certification Exam Outline Effective Date: March 2018 About CISSP-ISSEP The Information Systems Security Engineering Professional (ISSEP) is a CISSP who specializes in the practical application of systems

More information

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania

More information

Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS

Reasons to Become CISSP Certified. Keith A. Watson, CISSP CERIAS Reasons to Become CISSP Certified Keith A. Watson, CISSP CERIAS Overview Certification review Organizational needs Individual needs Get paid more! See the world! CISSP requirements Common Body of Knowledge

More information

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide

More information

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually SALARY $49.72 - $72.54 Hourly $3,977.88 - $5,803.27 Biweekly $8,618.75 - $12,573.75 Monthly $103,425.00 - $150,885.00 Annually ISSUE DATE: 03/21/18 THE POSITION DIRECTOR OF CYBER SECURITY OPEN TO THE PUBLIC

More information

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely

More information

Putting It All Together:

Putting It All Together: Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,

More information

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017 HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting

More information

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San

More information

What Makes PMI Certifications Stand Apart?

What Makes PMI Certifications Stand Apart? What Makes PMI Certifications Stand Apart? Many certifications exist for managers that claim to offer practitioners and organizations a number of benefits. So, why are PMI certifications unique? PMI certifications

More information

THE INSTITUTE OF CERTIFIED MANAGERS.

THE INSTITUTE OF CERTIFIED MANAGERS. THE INSTITUTE OF CERTIFIED MANAGERS Update on ICRM Certifications and Specialty Designations: What They Are and How to Pursue Them mjanicik14@comcast.net September 6, 2017 at DGI JJJOHN Records Management

More information

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations

More information

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION PROFILE The Fiduciary and Investment Risk Management Association, Inc. (FIRMA ) is the leading provider of fiduciary and investment risk management education and networking to the fiduciary and investment

More information

Handbook December 2018

Handbook December 2018 Handbook December 2018 Table of Contents About this Handbook... 3 The EEP Program... 3 Objectives... 3 Benefits... 3 Education Provider Requirements... 4 Fees... 4 Features... 5 Benefits... 6 Application

More information

Horizon Health Care, Inc.

Horizon Health Care, Inc. Customer Success Story Horizon Health Care, Inc. Comprehensive Security Risk Analysis Helps FQHC Achieve Meaningful Use and Safeguard PHI. Page 2 of 6 Horizon Health Care, Inc. Comprehensive Security Risk

More information

ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure

ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure Get a Management-level overview of Service Design to advance in your Career Course Name : ITIL SD Version : INVL_ITILSD_BR_02_033_1.2

More information

ISACA Enterprise. Solutions and Resources

ISACA Enterprise. Solutions and Resources ISACA Enterprise Solutions and Resources About ISACA Global association serving 140,000 members and certification holders Members in 180+ countries; 210+ chapters worldwide Developed and maintains the

More information

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization

More information

(ISC) 2 Continuing Professional Education (CPE) Handbook

(ISC) 2 Continuing Professional Education (CPE) Handbook Inspiring a Safe and Secure Cyber World (ISC) 2 Continuing Professional Education (CPE) Handbook Contents How to Use the (ISC) 2 CPE Handbook... 3 Candidate and Member Services... 3 Overview... 4 CPE Requirements...

More information

PRODUCT SAFETY PROFESSIONAL CERTIFICATION PROGRAM DETAILS. Overview

PRODUCT SAFETY PROFESSIONAL CERTIFICATION PROGRAM DETAILS. Overview Overview PRODUCT SAFETY PROFESSIONAL CERTIFICATION PROGRAM DETAILS The Product Safety Professional Certification Program at the Richard A. Chaifetz School of Business focuses on the theoretical as well

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, Looking Back at 2011

HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, Looking Back at 2011 HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, 2012 Phyllis F. Granade The Granade Law Firm Atlanta, GA (678) 705 2507 pgranade@granadelaw.com www.granadelaw.com Looking

More information

HIPAA ( ) HIPAA 2017 Compliancy Group, LLC

HIPAA ( ) HIPAA 2017 Compliancy Group, LLC 855 85 HIPAA (855-854-4722) www.compliancygroup.com 1 Started in 2005 by HIPAA auditors & Compliance experts Market need for a total end client solution Created The Guard: cloud-based solution Compliance

More information

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity and Hospitals: A Board Perspective Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,

More information

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements

More information

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information

More information

ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure

ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure ITIL Intermediate Continual Service Improvement (CSI) Certification Boot Camp - Brochure Gain Knowledge to Align IT Services to Business Needs US Course Name : CISSP Version : INVL_CISSP_BR_02_089_1.2

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec

More information

Syllabus for HIMT 450 Healthcare Information and Technology Standards

Syllabus for HIMT 450 Healthcare Information and Technology Standards Syllabus for HIMT 450 Healthcare Information and Technology Standards Course Description Healthcare is the fastest growing employment sector in the United States. The ways in which healthcare is given

More information

GUIDELINES FOR SUBMITING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS

GUIDELINES FOR SUBMITING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS GUIDELINES FOR SUBMITING CONTINUING PROFESSIONAL EDUCATION (CPE) CREDITS (ISC) 2 CISSP Recertification Guidelines Page 1 of 14 CONTENTS Introduction... 3 CPE Record Keeping... 4 CPE Credit Requirements...

More information

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย แนวทางการพ ฒนา Information Security Professional ในประเทศไทย โดย Thailand Information Security Association (TISA) Agenda 1) Global Information Security Professional Situation 2) Current Thailand Information

More information

ISSP Sustainability Professional Credentials UPDATE: March 20, 2019

ISSP Sustainability Professional Credentials UPDATE: March 20, 2019 ISSP Sustainability Professional Credentials UPDATE: March 20, 2019 Why get credentialed? Who do we credential? ISSP-SA ISSP-CSP Credential Maintenance Next steps Stephen Dworkin Certification Manager,

More information

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers 2017 PORT SECURITY SEMINAR & EXPO ISACA/CISM Information Security Management Training for Security Directors/Managers Agenda Introduction ISACA Information security vs. cybersecurity CISM certification

More information

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation

More information

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American

More information

Building the Cybersecurity Workforce. November 2017

Building the Cybersecurity Workforce. November 2017 Building the Cybersecurity Workforce November 2017 Our Global Footprint Measuring Kaplan University s Educational Impact For every career path +1MM students annually served Facilities in 30+ countries

More information

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS. When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of

More information

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,

More information

An Employer Guide to AMT Certification

An Employer Guide to AMT Certification An Employer Guide to AMT Certification Why Certification Is Important AS AN EMPLOYER, you want to hire qualified personnel to ensure that your patients get the best care possible. AMT shares in this goal

More information

Mobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference

Mobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference Mobile Technology meets HIPAA Compliance Tuesday, May 2, 2017 MT HIMSS Conference Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare

More information

Audit and Compliance Committee - Agenda

Audit and Compliance Committee - Agenda Audit and Compliance Committee - Agenda Board of Trustees Audit and Compliance Committee April 17, 2018, 1:30 2:30 p.m. President s Board Room Conference Call-In Phone #1-800-442-5794, passcode 463796

More information

Article II - Standards Section V - Continuing Education Requirements

Article II - Standards Section V - Continuing Education Requirements Article II - Standards Section V - Continuing Education Requirements 2.5.1 CONTINUING PROFESSIONAL EDUCATION Internal auditors are responsible for maintaining their knowledge and skills. They should update

More information

HIPAA Privacy, Security and Breach Notification

HIPAA Privacy, Security and Breach Notification HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance

More information

Application for Certification

Application for Certification Application for Certification Requirements to Become a Certified Information Security Manager To become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade on the

More information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,

More information

IIA EXAM - IIA-CGAP. Certified Government Auditing Professional. Buy Full Product.

IIA EXAM - IIA-CGAP. Certified Government Auditing Professional. Buy Full Product. IIA EXAM - IIA-CGAP Certified Government Auditing Professional Buy Full Product http://www.examskey.com/iia-cgap.html Examskey IIA IIA-CGAP exam demo product is here for you to test the quality of the

More information

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0 Practitioner Certificate in Business Continuity Management (PCBCM) Course Description 10 th December, 2015 Version 2.0 Course The Practitioner Certificate in Business Continuity Management (PCBCM) course

More information

HIPAA Federal Security Rule H I P A A

HIPAA Federal Security Rule H I P A A H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created

More information

RISK MANAGEMENT Education and Certification

RISK MANAGEMENT Education and Certification RISK MANAGEMENT Education and Certification aba.com/risked 1-800-BANKERS A new type of risk management professional is now in demand one that can demonstrate a thorough understanding of the complexities

More information

University of Wisconsin-Madison Policy and Procedure

University of Wisconsin-Madison Policy and Procedure Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish

More information

ON-DEMAND TRAINING FOR PROFESSIONALS

ON-DEMAND TRAINING FOR PROFESSIONALS FACT SHEET ON-DEMAND TRAINING FOR PROFESSIONALS REP ID : 3871 GET PMP CERTIFIED. GROW IN YOUR CAREER GreyCampus offers four day Classroom Training Program on Project Management Professional (PMP ) Certification

More information

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost

More information

SECURETexas Health Information Privacy & Security Certification Program

SECURETexas Health Information Privacy & Security Certification Program Partners in Texas Health Informa3on Protec3on SECURETexas Health Information Privacy & Security Certification Program 2015 HITRUST, Frisco, TX. All Rights Reserved. Outline Introduction Background Benefits

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is

More information

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Are your authentication, access, and audit paradigms up to date? Table of Contents Synopsis...1

More information

HIPAA & Privacy Compliance Update

HIPAA & Privacy Compliance Update HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com

More information

The Relationship Between HIPAA Compliance and Business Associates

The Relationship Between HIPAA Compliance and Business Associates The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach

More information

HIPAA Compliance & Privacy What You Need to Know Now

HIPAA  Compliance & Privacy What You Need to Know Now HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry

More information

HIPAA-HITECH: Privacy & Security Updates for 2015

HIPAA-HITECH: Privacy & Security Updates for 2015 South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site

More information

HIPAA / HITECH Overview of Capabilities and Protected Health Information

HIPAA / HITECH Overview of Capabilities and Protected Health Information HIPAA / HITECH Overview of Capabilities and Protected Health Information August 2017 Rev 1.8.9 2017 DragonFly Athletics, LLC 2017, DragonFly Athletics, LLC. or its affiliates. All rights reserved. Notices

More information

Career Paths In Cybersecurity

Career Paths In Cybersecurity Career Paths In Cybersecurity Introductions Rob Ashcraft Sr. Technical Advisor 26-yrs in Information Technology 14-yrs in Information Security Held positions as Technician, IT Management, IT Sales Double

More information

DAVID J BEHINFAR, JD., LLM., CHC, CHRC, CCEP, HCISPP, CIPP/US P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT

DAVID J BEHINFAR, JD., LLM., CHC, CHRC, CCEP, HCISPP, CIPP/US P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT APRIL 7, 2019 David Behinfar, Chief Privacy Officer University of North Carolina Health Katherine Georger, Associate

More information

Cloud Security Certification CCSP Certified Cloud Security Professional

Cloud Security Certification CCSP Certified Cloud Security Professional Cloud Security Certification CCSP Certified Cloud Security Professional Course code: 10006308 Prove You re on the Forefront of Cloud Security In the ever-changing world of the cloud, you face unique security

More information

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits

More information

All Aboard the HIPAA Omnibus An Auditor s Perspective

All Aboard the HIPAA Omnibus An Auditor s Perspective All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes

More information

Pennsylvania s HIE Journey

Pennsylvania s HIE Journey Pennsylvania s HIE Journey Alix Goss, Executive Director Pennsylvania ehealth Partnership Authority William Buddy Gillespie Director Healthcare Solutions DSS What is HIE? Health Information Exchange puts

More information

The simplified guide to. HIPAA compliance

The simplified guide to. HIPAA compliance The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act

More information

Security Program Design:

Security Program Design: Security Program Design: A Critical Infrastructure Protection Model Experience, Dedication, and Leadership July 17-18, 2013 Toronto, Ontario CAN in Security EDUCATION Earn up to 16 CPEs Are you confident

More information

CCHI Community of Certified Interpreters: An open conversation on training and education, job growth and career path

CCHI Community of Certified Interpreters: An open conversation on training and education, job growth and career path CCHI Community of Certified Interpreters: An open conversation on training and education, job growth and career path Natalya Mytareva, MA, CoreCHI CCHI Managing Director May 2, 2015 www.cchicertification.org

More information

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016 How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are

More information

HIPAA Security. An Ounce of Prevention is Worth a Pound of Cure

HIPAA Security. An Ounce of Prevention is Worth a Pound of Cure HIPAA Security An Ounce of Prevention is Worth a Pound of Cure Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Paul R. Hales, Attorney at Law Subject Matter Expert

More information

Information Technology (CCHIT): Report on Activities and Progress

Information Technology (CCHIT): Report on Activities and Progress Certification Commission for Healthcare Information Technology Certification Commission for Healthcare Information Technology (CCHIT): Report on Activities and Progress Mark Leavitt, MD, PhD Chair, CCHIT

More information

Training and Certifying Security Testers Beyond Penetration Testing

Training and Certifying Security Testers Beyond Penetration Testing Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status

More information

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)

More information

Certified information Systems Security Professional(CISSP) Bootcamp

Certified information Systems Security Professional(CISSP) Bootcamp Certified information Systems Security Professional(CISSP) Bootcamp Length: 5 days Format: Bootcamp Time: Day About This Course Official CISSP training draws from a comprehensive, up-to-date, global common

More information

Healthcare Privacy and Security:

Healthcare Privacy and Security: Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association

More information

FRM TRAINING Our National Industrial Training Authority registration Number is NITA/TRN/1261.

FRM TRAINING Our National Industrial Training Authority registration Number is NITA/TRN/1261. FRM TRAINING The demand for financial risk managers has never been higher than now since the global financial crisis of 2007-2009. The interconnectedness of global financial system and the rapid evolution

More information

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,

More information

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

How icims Supports. Your Readiness for the European Union General Data Protection Regulation How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection

More information

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018 GLOBAL ICT CAPACITY BUILDING SYMPOSIUM ITU CBS SANTO DOMINGO 2018 Digital Capacity Building: Role of the University 18 20 June 2018 Santo Domingo, Dominican Republic Dr. Nizar Ben Neji Faculty of Sciences

More information

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014 Computer Security Incident Response Plan Name of Approver: Mary Ann Blair Date of Approval: 23-FEB-2014 Date of Review: 31-MAY-2016 Effective Date: 23-FEB-2014 Name of Reviewer: John Lerchey Table of Contents

More information

3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/

3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/ Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite

More information

How to Become a CMA (Certified Management Accountant) May 10, 2017

How to Become a CMA (Certified Management Accountant) May 10, 2017 How to Become a CMA (Certified Management Accountant) May 10, 2017 Today s Moderator Featured Presenter Agenda The CMA Designation Institute of Management Accountants (IMA) Why get a CMA? CMA Requirements

More information