Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016
|
|
- Clarence Gordon Russell
- 5 years ago
- Views:
Transcription
1 Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016
2 Agenda Why Breaches Matter to the ITAM group The cost of breaches The cost of non-compliance Preventing a breach and staying compliant ITAM process maturity and risk mitigation Tools Templates, calculators, benchmarks, action plans 2
3 Purpose of this webinar Demonstrate the value IT Asset Management in setting up and managing programs that mitigate the risk of a data breach or being found out of compliance. 3
4 How Breaches Happen Lost devices Stolen devices Hackers Missing patches Anti-virus is out of date / not in place And many other ways 4
5 How Breaches Happen The Human Perspective Phishing s PHI posted on social media sites Personal devices used to conduct business Mistakes Intentional breaches 5
6 Breach Consequences Customer data loss leads to unhappy customers with potential financial and medical issues to settle Potential loss of customers Organization reputation in jeopardy Resources spent on investigating, stopping, sending notifications, & preventing future events Lost productivity time Money 6
7 Breach Consequences Office for Civil Rights (OCR) investigation Resolution agreement Corrective action plan Fines OCR enforcement Civil penalties Criminal penalties Phase 2 Audits in Covered Entities plus many Business Associates. 7
8 Willful Neglect The conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated 45 CFR s OCR must levy a mandatory minimum penalty whenever there is a finding of willful neglect Help avoid this by: Writing and implementing HIPAA P&Ps Completing a Security Risk Analysis Address identified risks If have not done what HIPAA requires = willful neglect 8
9 Reported Breaches Since 2011, 1672 breaches >500 reported to OCR: ~45% involved theft and/or loss ~29% involved unauthorized access/disclosure ~17% involved hacking/it incident Estimated cost to the health care industry in 2012: $7 billion Sources: 10/7/16 Third Annual Benchmark Study on Patient Privacy & Data Security study by The Ponemon Institute 9
10 Adult & Pediatric Dermatology Stolen unencrypted thumb drive Why? 10 $150,000 settlement Corrective action plan 6 facility organization in Concord, Mass Did not complete a security risk analysis Did not have breach notification P&Ps Did not provide training to workforce members Did not reasonably safeguard the thumb drive Source:
11 Advocate Health Care Reported three separate breaches: 4 stolen desktop computers Unauthorized third party accessed network of billing service vendor Laptop stolen from workforce member s car $5.55m settlement and corrective action plan Why? Did not complete a security risk analysis Did not have P&Ps to limit physical access to electronic information systems Did not have a BAA in place with billing vendor 11 Source: dvocate-health-care-settles-potential-hipaapenalties-555-million.html
12 Hospice of North Idaho Unencrypted laptop stolen 441 patients $50,000 settlement and a corrective action plan Why? Did not complete a security risk analysis Did not have P&Ps to address mobile device security Sources: Art Garcia, OCR 4/12/13 and 12
13 Preventing Breaches Follow HIPAA Implement administrative, physical, and technical safeguards that provide reasonable protections to the confidentiality, integrity, and availability of protected health information (PHI) and electronic protected health information ephi) 13
14 Preventing Breaches OCR HIPAA Hot Buttons Complete a security risk analysis Address risks Write and implement policies and procedures (P&Ps) Training 14
15 HIPAA Security Risk Analysis (SRA) (a)(1)(ii)(A) Risk analysis (Required): Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ephi held by the covered entity or business associate 15
16 Security Risk Analysis Review what controls your organization has in place to protect the confidentiality, integrity, and availability of ephi Review all HIPAA Security Rule requirements General rules Administrative safeguards Physical safeguards Technical safeguards Organizational requirements Policies and procedures & documentation requirements 16
17 Security Risk Analysis Determine what potential risks and vulnerabilities exist that may impact the confidentiality, integrity, and availability of ephi Threat sources Weaknesses Rank them Prioritize them 17
18 Preventing Breaches Write and implement a comprehensive set of privacy and security policies and procedures Have a privacy and security oversight committee 18
19 Preventing Breaches Strong technical controls Physical security controls Monitor controls Require reporting of potential and known privacy and security incidents and breaches Sanctions 19
20 What is the role of ITAM in preventing data breaches?
21 21 Uncoordinated ITAM is risky
22 Elements of a successful ITAM program Multi-stakeholder involvement Understanding of requirements and goals Comprehensive Policies and Procedures Tools to manage assets throughout their lifecycle Training and accountability of staff to implement processes Integrated solutions with providers Processes to evaluate and continually improve 22
23 Elements of an ITAM program Cost & Value Security & Reputation Convenience & Integration 23
24 How is your ITAM program?
25 Resource Investment ITAM/ITAD Process Maturity Model Chaotic No control over IT assets. No policies, procedures or tools. Isolated decision-making Individual Reactive Little control over assets. Limited policies and programs. Disparate lists of assets managed independently. Departmental Defined ITAM policies, procedures and repository in place. Data gathered centrally, but not validated. Minimal use of data in decision making. Cross Functional Business Process Maturity Proactive Control of assets. Policies, procedures and repository in place. Comprehensive, reliable and accurate data. Assurance controls work. ITAM improvement driven by audits. Organizational Strategic Fully integrated solution with continual business process improvements in place. ITAM is a strategic organizational element that adds value to organization Fully Integrated
26 Tools for your ITAM program Templates Security Policy Business Associates Agreement Calculators Benchmarks Action plans 26
27 For more information Neil Peters-Michaud, CEO (office) Visit our IAITAM website Download toolkit information Healthcare resources Register to win $50 Amazon gift card (enter by December 31 st ) 27
HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationDon t Be the Next Headline! PHI and Cyber Security in Outsourced Services.
Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information
More informationCore Elements of HIPAA The Privacy Rule establishes individuals privacy rights and addresses the use and disclosure of protected health information ( PHI ) by covered entities and business associates The
More informationHIPAA ( ) HIPAA 2017 Compliancy Group, LLC
855 85 HIPAA (855-854-4722) www.compliancygroup.com 1 Started in 2005 by HIPAA auditors & Compliance experts Market need for a total end client solution Created The Guard: cloud-based solution Compliance
More informationDON T GET STUNG BY A BREACH! WHAT'S NEW IN HIPAA PRIVACY AND SECURITY
DON T GET STUNG BY A BREACH! WHAT'S NEW IN HIPAA PRIVACY AND SECURITY Practice Areas: Healthcare Labor and Employment JASON YUNGTUM jyungtum@clinewilliams.com (402) 397 1700 Practice Areas: Healthcare
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is
More informationUpdate on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016
Update on HIPAA Administration and Enforcement Marissa Gordon-Nguyen, JD, MPH October 7, 2016 Updates Policy Development Breaches Enforcement Audit 2 POLICY DEVELOPMENT RECENTLY PUBLISHED: RIGHT OF ACCESS,
More informationA HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,
A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP, JD Director, HHS Office for Civil Rights Nicholas Heesters,
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationThe ABCs of HIPAA Security
The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute June 21, 2016 6/21/2016 1 1 Disclaimer
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationHIPAA Audit Don t just bet the odds Good luck is a residue of preparation. Jack Youngblood
HIPAA Audit Don t just bet the odds Good luck is a residue of preparation. Jack Youngblood Braun Tacon Process Architect / Auditor Owner: www.majorincidenthandling.com Winning Lotto.1 in 175 Million Attacked
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationHIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017
HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationHIPAA Security Rule: Annual Checkup. Matt Sorensen
HIPAA Security Rule: Annual Checkup Matt Sorensen Disclaimer This presentation is similar to any other legal education materials designed to provide general information on pertinent legal topics. The statements
More informationHIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED
HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Marissa Gordon-Nguyen Office for Civil Rights (OCR) U.S. Department of Health and Human Services June
More informationDavid C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017
David C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017 Privacy and security of patient information held by health care providers remains a concern of the federal government. More resources
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationHIPAA Compliance Officer Training By HITECH Compliance Associates. Building a Culture of Compliance
HIPAA Compliance Officer Training By HITECH Compliance Associates Building a Culture of Compliance Your Instructor Is Michael McCoy Nationally Recognized HIPAA Expert » Nothing contained herein should
More informationHIPAA Privacy, Security Lessons from 2016 and What's Next in 2017
HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017 Session 9, February 20, 2017 Deven McGraw, Deputy Director, Health Information Privacy HHS Office for Civil Rights 1 Speaker Introduction
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationLessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits
Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits Iliana L. Peters, J.D., LL.M. Senior Advisor for HIPAA Compliance and Enforcement OCR RULEMAKING UPDATE What s s Done?
More information3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/
Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite
More informationWHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty
WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches
More informationDATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE
DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationEnforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance
Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Iliana Peters, JD, LLM, HHS Office for Civil Rights Kevin
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationHIPAA Compliance Assessment Module
Quick Start Guide HIPAA Compliance Assessment Module Instructions to Perform a HIPAA Compliance Assessment Performing a HIPAA Compliance Assessment 2 HIPAA Compliance Assessment Overview 2 What You Will
More informationHospital Council of Western Pennsylvania. June 21, 2012
Updates on OCR s HIPAA Enforcement and Regulations Hospital Council of Western Pennsylvania June 21, 2012 Topics HIPAA Privacy and Security Rule Enforcement HITECH Breach Notification OCR Audit Program
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Wandah Hardy, RN BSN, MPA Equal Opportunity Specialist/Investigator Office for Civil Rights (OCR)
More informationSecurity Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer
Security Rule for IT Staffs J. T. Ash University of Hawaii System HIPAA Compliance Officer jtash@hawaii.edu hipaa@hawaii.edu Disclaimer HIPAA is a TEAM SPORT and everyone has a role in protecting protected
More informationHIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER
HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER Researchers Must Ensure... Electronic Protected Health Information (ephi) in their possession or under their control is secured from unauthorized
More informationBuilding a Complete Program around Data Loss Prevention
To download today s materials (depending on your browser): www.experis.us/materials1108 or www.experis.us/materials1108.pdf Building a Complete Program around Data Loss Prevention Tuesday, November 8,
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationSecurity Lessons Learned from HIPAA Enforcement
Security Lessons Learned from HIPAA Enforcement Presentation to HealthSec 12 August 7, 2012 Adam H. Greene, J.D., M.P.H. Partner, Davis Wright Tremaine Enforcement of the Security Rule HIPAA Security Rule
More informationHIPAA-HITECH: Privacy & Security Updates for 2015
South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site
More informationHIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, Looking Back at 2011
HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, 2012 Phyllis F. Granade The Granade Law Firm Atlanta, GA (678) 705 2507 pgranade@granadelaw.com www.granadelaw.com Looking
More informationENCRYPTION: ADDRESSABLE OR A DE FACTO REQUIREMENT?
ENCRYPTION: ADDRESSABLE OR A DE FACTO REQUIREMENT? Jonathan Carroll, MBA, CISSP AVP Enterprise IT Operations Information Security Officer University of Connecticut Why Are We Talking About This? Data breaches
More informationHIPAA Compliance & Privacy What You Need to Know Now
HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry
More informationHIPAA & IT THE HIPAA SECURITY RULE AND THE ROLE OF THE IT PROFESSIONAL DOES YOUR IT PROVIDER UNDERSTAND THEIR ROLE AND ARE THEY COMPLIANT?
HIPAA & IT THE HIPAA SECURITY RULE AND THE ROLE OF THE IT PROFESSIONAL DOES YOUR IT PROVIDER UNDERSTAND THEIR ROLE AND ARE THEY COMPLIANT? Are You a Covered Entity Or a Business Associate to a Covered
More informationIntegrating HIPAA into Your Managed Care Compliance Program
Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,
More informationEncrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.
Encrypting PHI for HIPAA Compliance on IBM i HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Introductions Bob Luebbe, CISSP
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationHIPAA Security & Privacy
HIPAA Security & Privacy New Omnibus Regulations Prepared by Keith Weiner for New York State HIMSS Omnibus Rule Released on January 25, 2013, the final 563 page Omnibus Rule is the largest sweeping change
More informationmhealth SECURITY: STATS AND SOLUTIONS
mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed
More informationSecuring IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates
Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Ruby Raley, Director Healthcare Solutions Axway Agenda Topics: Using risk assessments to improve
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationCloud Communications for Healthcare
Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationHIPAA AND SECURITY. For Healthcare Organizations
HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationDETAILED POLICY STATEMENT
Applies To: HSC Responsible Office: HSC Information Security Office Revised: New 12/2010 Title: HSC-200 Security and Management of HSC IT Resources Policy POLICY STATEMENT The University of New Mexico
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationClearwater HIPAA Security Assessment Software. Demonstration
Clearwater HIPAA Security Assessment Software Demonstration Bob Chaput 615-656-4299 or 800-704-3394 bob.chaput@clearwatercompliance.com Clearwater Compliance LLC 1 About HIPAA-HITECH Compliance 1. We are
More informationHIPAA 101: What All Doctors NEED To Know
HIPAA 101: What All Doctors NEED To Know 1 HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy
More informationHIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016
HIPAA Faux Pas Lauren Gluck Physician s Computer Company User s Conference 2016 Goals of this course Overview of HIPAA and Protected Health Information Define HIPAA s Minimum Necessary Rule Properly de-identifying
More informationMobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference
Mobile Technology meets HIPAA Compliance Tuesday, May 2, 2017 MT HIMSS Conference Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationHIPAA Security. An Ounce of Prevention is Worth a Pound of Cure
HIPAA Security An Ounce of Prevention is Worth a Pound of Cure Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Paul R. Hales, Attorney at Law Subject Matter Expert
More informationBoerner Consulting, LLC Reinhart Boerner Van Deuren s.c.
Catherine M. Boerner, Boerner Consulting LLC Heather Fields, 1 Discuss any aggregate results of the desk audits Explore the Sample(s) Requested and Inquire of Management requests for the full on-site audits
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationIf a HIPAA Breach Happens, Are You Ready?
If a HIPAA Breach Happens, Are You Ready? Greg Vetter Director, Healthcare Consulting McGladrey Caron Cullen Sr. VP & Chief Compliance Officer Affinity Health Plan Topics If a breach happens, are you ready?
More informationBusiness White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data
Business White Paper Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Page 2 of 7 Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Table of Contents Page 2
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationHIPAA Highlights and Impact to your Telehealth Program. Wednesday, Sept 27, 2017
HIPAA Highlights and Impact to your Telehealth Program Wednesday, Sept 27, 2017 Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationThe Security Risk Analysis Requirement for MIPS Transcript from Live Webinar
The Security Risk Analysis Requirement for MIPS Transcript from Live Webinar Tuesday, August 8, 2017 Shanen: Good afternoon and welcome to today's webinar, The Security Risk Analysis Requirement for MIPS.
More informationHIPAA/HITECH Privacy & Security Checklist Assessment HIPAA PRIVACY RULE
164.502 Develop "minimum necessary" policies for: HIPAA PRIVACY RULE 164.514 - Uses 15 Exempts disclosure for the purpose of treatment from the minimum necessary standard. Page references for - Routine
More informationHIPAA Tips and Advice for Your. Medical Practice
HIPAA Tips and Advice for Your Ericka L. Adler Medical Practice Rachel V. Rose WHY Header HIPAA PATIENT and Medical PORTALS? Practices HIPAA Basics Who is a covered entity? What is PHI? When can you disclose
More informationPCI DSS Compliance for Healthcare
PCI DSS Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 7 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationHIPAA SECURITY RISK ASSESSMENT
HIPAA SECURITY RISK ASSESSMENT AT 30,000 FEET JOHN HARMON COO - FRSECURE AGENDA Introduction / FRSecure Overview Information Security Defined Risk Assessments Technical Assessments People Assessments Suggested
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationHIPAA Cloud Computing Guidance
HIPAA Cloud Computing Guidance Adam Greene, JD, MPH Partner Rebecca Williams, BSN, JD Partner Nature is a mutable cloud which is always and never the same Ralph Waldo Emerson 2 Agenda A few historical
More informationencrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information
More informationCyber Security Issues
RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare
More informationNot Just Another Day of HIPAA
Not Just Another Day of HIPAA Presented by: Patti Klingel, PhD, CPHQ, CRM, CHC Director of Corporate Compliance & Organizational Ethics United Church Homes, Inc. Disclosure I have no vested interest in
More information