Organizational Privacy Transformation: A case study from Critical Issues to Award Winning Success
|
|
- Nathan Whitehead
- 5 years ago
- Views:
Transcription
1 Organizational Privacy Transformation: A case study from Critical Issues to Award Winning Success Norine Primeau-Menzies VP Customer Services, Chief Privacy Officer May 2012
2 Agenda Overview of OTN Setting the Stage The Transformation The Outcome & Moving Forward Lessons Learned
3 OVERVIEW OF OTN
4 What is OTN? OTN is one of the largest Telemedicine networks in world >1200 sites We help deliver clinical care and professional education among health care providers and patients An independent, not-forprofit organization, funded by the Government of Ontario
5 What does OTN do? A collaborative health care enabler, OTN uses videoconferencing and store forward technology to extend and enhance access to clinical care and professional education among healthcare providers and patients. OTN has the capacity to bring healthcare to virtually any patient, anywhere at anytime
6 Who uses OTN? Physicians & Allied HCPs Healthcare Organizations & Network Partners Patients & Families In 2010/11, telemedicine supported health care delivery and education for over 390,000 people
7 OTN Utilization /12 > 158,000 events Clinical Educational Administrative *2006/2007 was a transition year--not all utilization data available /07* 2007/ / / /11
8 Privacy at OTN OTN protects all personal health information consistent with the requirements of the Personal Health Information Protection Act, Our primary role is a Health Information Network Provider (HINP) OTN also acts as an agent, handling PHI when facilitating scheduling services on behalf of our members (HICs)
9 OTN s Privacy Program - Our Mandate Foster a privacy culture at OTN to ensure that members and their patients have confidence that PHI is protected during a clinical encounter through the network Clinical videoconferencing Store and forward services Telehomecare Personal Videoconferencing
10 SETTING THE STAGE
11 Where OTN was 3 years ago Privacy identified as one of top three risks for the organization Privacy incidents and breaches were rising Network growth of >30% annually Company employee base doubling in 3 years and tripling in 5 years
12 2009/10 Status Reported 30 breaches 1 high, 7 medium rated risks OTN shares/ transmits a significant amount of PHI to facilitate activity 90,000 clinical events 60 health disciplines Mitigating these risks was paramount to the ongoing success of the network
13 THE TRANSFORMATION
14 Moving Forward with Privacy by Design Moving the Organization forward Proactive Not Reactive; Preventative not Remedial Privacy as a Default Setting Privacy Embedded into the Design Full Functionality Positive-Sum, not Zero-Sum End to End Security Full lifecycle protection Visibility and Transparency Keep it Open Respect for User Privacy Keep it User Centric
15 Moving the Organization Forward - The Plan Leveraged the sense of urgency Board/Senior Leadership awareness Lobbied to get privacy identified as a key priority in the corporate objectives of the operating plan Transformed the team to be seen as colleagues working with the team/departments Created a privacy scorecard to highlight critical areas (2008/09) Engaged all the staff across the organization
16 Proactive not Reactive; Preventative not Remedial Conducted analysis of three years of breaches Root cause analysis demonstrated 3 primary causes responsible for 87% of breaches: 1. Manual bridge programming 2. Faxing of patient referral information 3. Member/staff knowledge Developed a 2-year plan to address the issues Continued PIA process prior to new service launches
17 Issue #1 Automate Bridge Programming 21% of breaches The connection to bring together an event was manually programmed onto the bridge Volume growth (from 20 events a day to >200) Estimated 35,000 sites programmed into large events annually (2009/10) Developed a project to transition manual work to an automated solution Launched automated solution March 2010
18 Issue # 2 Member Best Practice Tool Kit 33% of breaches in 09/10 Survey and analysis of the OTN membership base Based on findings and analysis of 3 years of member breaches OTN developed and launched the Member Best Practice Tool Kit in July 2010 ( Maintenance strategy in place to keep current
19 Privacy Fact Sheet Example
20 Issue #3 Fax Over Internet Protocol (FOIP) 33% of all breaches OTN was using manual faxing as a secure means to transmit PHI for Referral Management (original solution built in 2001) OTN Launched Fax Over Internet Protocol (FOIP) in March 2011 FOIP eliminated manual transmission of 250,000+ faxes annually and was built into our scheduling service processes Note: OTN is currently developing an on-line portal that will use a secure ereferral form (expected to launch in 2012/13)
21 Privacy as a Default Setting Organizational commitment starting with the CEO and the Board Chief Privacy Officer leadership at a senior level Organizational awareness through training including project teams Partnership with business leads and the software development team in all projects
22 Privacy Embedded into the Design Embedding the privacy team into all OTN projects from the beginning Privacy Threshold assessment screening by project teams Automating the Privacy Impact Assessment process and outcomes monitoring within the organization
23 Privacy Embedded into the Design Privacy is part of all project teams at the conceptual stage Privacy facilitates reviews or PIA/LPSA work Work plans developed for project teams to address/mitigate risks and recommendations Risk tolerance: high/medium risks are addressed before project goes live Risks documented, monitored & tracked in privacy risk register and/or escalated to enterprise risk register
24 Full Functionality Positive-Sum, not Zero-Sum Relationship building is key Partnership/working together, compromising and coming up with solutions together that meet user, organizational and privacy needs Building team s visibility and credibility within the organization was important
25 End-to-end Security Full Lifecycle Protection Privacy & Security teams align goals and objectives to ensure maximum impact on the organization 1. Privacy and Security Lateral Committee Co-chaired by CPO and CIO Representation from across the organization 2. Privacy & Security Team relationships CPO/CIO work together Privacy Specialists/Corporate Security Officer work together Communicate on common issues; update each other on operating plans status etc.
26 Visibility and Transparency Keep it Open OTN Corporate Scorecard Effectiveness Area Area of Focus Measure 2010/11 Yearend Baseline (actual) Date Month Year to 2011/12 Target (preliminary) # % # % # % # % Privacy & Security Privacy Confirmed privacy breaches % 2 * 26 * 30 N/A On-target Status Comments or Reason for Variance (if required) Privacy Indicators shared with Senior Leadership Team Governance Scorecard Effectiveness Area Focus Measure Customer Service Excellence Privacy Confirmed privacy breaches (medium and high severity) 10/11 Baseline Privacy Indicators shared with the Board of Directors FY 2011/12 Targets FY 2011/12 (YTD) # % # % # % Status 4 N/A 0 N/A 4 N/A a Variance
27 April May June July Aug Sept Oct Nov Dec Jan Feb Mar Visibility and Transparency Keep it Open OTN Privacy Scorecard Quadrant Focus Indicator Q1 Q2 Q3 Q4 Year to Date Target Status Comments 1) Incident History 1. Incident management & identification of operational systemic improvements 2. Monitor & track incidents that result in non-compliance with PHIPA # of privacy investigations initiated monthly # of privacy investigations completed monthly % of privacy breaches compared to overall total events <0.05on target Avg turn around time (days) from initiation to response to individual requesting investigation on target Avg turn around time (days) from initiation to PI file closed n/a n/a n/a n/a n/a 6 45 dayson target # of investigations which resulted in non-compliance with PHIPA % of PI which resulted in non-compliance with PHIPA as a result of OTN 43% 0% 67% 0% 66 % 50 % 60 % % % % 33 % % % % % 0% 43 % 0% 67 % 0% #% of PI which resulted in non-compliance with PHIPA as a result member action 33% 0% % % 0% % % % # of PI assessed at low severity level # of PI assessed at medium severity level # of PI assessed at high severity level % 46% 50%on target 50 % 58% 50%on target 33 % 0% 0% 42% 50%on target
28 Visibility and Transparency Keep it Open Privacy Risk Register ID# Risk Description Source Document IPIA_01 The OTN has not adopted an organizationwide security policy and supporting procedures that describe the administrative, technical, and physical safeguards it employs to protect personal health information. OTN Integration PIA Sept 07 IPIA_02 The OTN does not have a consistent method of advising and training staff of their privacy and security responsibilities. OTN Integration PIA Sept 07 IPIA_03 OTN is not currently fulfilling all its health information network provider requirements. IPIA_05 The TSM patient registry search feature may enable unauthorized access to personal health information. OTN Integration PIA Sept 07 OTN Integration PIA Sept 07 Risk Rating High High High Risk Champion Risk Owner Status Update CIO and Corporate Security Officer Complete Update notes CPO and Privacy Specialist CPO and Privacy Specialist Complete Complete CIO and Corporate MediumSecurity Officer Complete Update notes.
29 Respect for User Privacy Keep it User Centric Respect the business owners and the need to develop services for our users compromise without losing integrity of privacy principles Incorporate business owners into the process of embedding privacy into the design, the PIA review and addressing findings Develop and deliver on-line privacy training
30 Staff On-line Training Module
31 OUTCOME & MOVING FORWARD
32 Outcome and Moving Forward Privacy breaches decreased.06% / event total in 09/10.05% in 10/11.02% in 11/12 Member awareness and resources 100% of staff trained Privacy embedded into our technology and process development Privacy Threshold Assessment Automate PIA process Automate privacy investigation process
33 Past Present Privacy Investigations/Breaches INCIDENTS BREACHES
34 IAPP HP Innovation Award 2011
35 Organizational Privacy by Design Ambassadorship In the fall of 2011, OTN was awarded an Organizational Privacy by Design Ambassadorship in recognition of it s effort to embed Privacy by Design principles into the infrastructure of the organization
36 LESSONS LEARNED
37 Lessons Learned Life is a million shades of grey and it s all about compromise Raising staff awareness in a meaningful way Leverage the bad Believe that people come to work every day to good work Be passionate about what you do!
38 Acknowledgements The success at OTN is a team effort Special acknowledgement to the Privacy Team who worked diligently over the past 3 years Sylvie Gaskin, Manager Privacy and Risk Michelle MacMillan, Privacy Specialist Crystal Olive, Privacy Operations Support
39 Thank you! For additional information please contact Norine Primeau-Menzies Or please visit
MNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationConnectingGTA Combined Back-End and Front-End Solution Privacy Impact Assessment (Executive Summary & Conclusion)
ConnectingGTA Combined Back-End and Front-End Solution Privacy Impact Assessment (Executive Summary & Conclusion) Privacy Office Document Identifier: n/a Version: 1.4 Owner: University Health Network 1
More informationMemorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program
Memorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program Purpose This Memorandum of Understanding (MOU) defines the terms of a joint ehealth
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationThe NIH Big Data to Knowledge Initiative: Raising the Prominence of Data
The NIH Big Data to Knowledge Initiative: Raising the Prominence of Data Michael F. Huerta, Ph.D. Associate Director, National Library of Medicine Director, Office of Health Information Programs Development
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationEHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites
EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR For Viewer Sites Agenda 1 Introduction and EHR Security Policies Background 2 EHR Security Policy Overview 3 EHR Security Policy Assessment
More informationTX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark
TX CIO Leadership Journey Texas CIOs Bowden Hight Texas Health and Human Services Commission Tim Jennings Texas Department of Transportation Mark Stone Texas A&M University System Moderator Anh Selissen
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More informationReady, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan
Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals
More informationPrivacy Policy Framework
ONTARIO TELEMEDICINE NETWORK Privacy Policy Framework Prepared with assistance from June 2015 Document Control The electronic version of this document is recognized as the only valid version. DOCUMENT
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationSTRATEGIC PLAN
STRATEGIC PLAN 2013-2018 In an era of growing demand for IT services, it is imperative that strong guiding principles are followed that will allow for the fulfillment of the Division of Information Technology
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationAudit and Compliance Committee - Agenda
Audit and Compliance Committee - Agenda Board of Trustees Audit and Compliance Committee April 17, 2018, 1:30 2:30 p.m. President s Board Room Conference Call-In Phone #1-800-442-5794, passcode 463796
More informationArchitecture and Standards Development Lifecycle
Architecture and Standards Development Lifecycle Architecture and Standards Branch Author: Architecture and Standards Branch Date Created: April 2, 2008 Last Update: July 22, 2008 Version: 1.0 ~ This Page
More informationDigital Service Management (DSM)
Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Securing, Managing and Improving the Online Services that Drive the Digital Enterprise itsm003 v.3.0 Agenda and Objectives
More informationInformation Technology (CCHIT): Report on Activities and Progress
Certification Commission for Healthcare Information Technology Certification Commission for Healthcare Information Technology (CCHIT): Report on Activities and Progress Mark Leavitt, MD, PhD Chair, CCHIT
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationDigital Service Management (DSM)
Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Managing, Improving and Securing an Enterprise Digital Service Portfolio itsm003 v.3.0 Agenda and Objectives What is
More informationSecurity Survey Executive Summary October 2008
A government technology Executive Survey Summary: HP Security Survey Executive Summary October 2008 Produced by: In Partnership With: Introduction Information is paramount to the survival of government
More informationPrivacy and Data Protection Policy
Privacy and Data Protection Policy Privacy Office Document ID: 00998 Version: 6.4 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016, ehealth Ontario All rights reserved
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is
More informationSecuring the User: Winning Hearts & Minds to Drive Secure Behavior
Securing the User: Winning Hearts & Minds to Drive Secure Behavior Thomas Skill, CIO University of Dayto Spencer Mott, CIO-CISO Amg Dawn Sherizad, product manager of security, Macy Eleanor Dallaway, Editor
More informationPersonal Health Information Privacy Policy
Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.3 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016, ehealth Ontario All rights
More informationPennsylvania s HIE Journey
Pennsylvania s HIE Journey Alix Goss, Executive Director Pennsylvania ehealth Partnership Authority William Buddy Gillespie Director Healthcare Solutions DSS What is HIE? Health Information Exchange puts
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationInformation Security Risk Strategies. By
Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationImplementing ITIL v3 Service Lifecycle
Implementing ITIL v3 Lifecycle WHITE PAPER introduction GSS INFOTECH IT services have become an integral means for conducting business for all sizes of businesses, private and public organizations, educational
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationehealth Community Consultation Task Group Recommendation Report 2010
ehealth Community Consultation Task Group Recommendation Report 2010 How do you eat an elephant?.one bite at a time! 1 Summary In undertaking the task of identifying the ehealth Needs of the community
More informationCommunity Development and Recreation Committee
STAFF REPORT ACTION REQUIRED CD13.8 Toronto Paramedic Services Open Data Date: June 3, 2016 To: From: Wards: Reference Number: Community Development and Recreation Committee Chief, Toronto Paramedic Services
More informationNew Provider Onboarding
New Provider Onboarding A comprehensive onboarding program represents a proactive retention strategy Why We Are Here Our Core Purpose To make lives better together through health and healing. Our Vision
More informationUniversity of Texas Arlington Data Governance Program Charter
University of Texas Arlington Data Governance Program Charter Document Version: 1.0 Version/Published Date: 11/2016 Table of Contents 1 INTRODUCTION... 3 1.1 PURPOSE OF THIS DOCUMENT... 3 1.2 SCOPE...
More informationSix Sigma in the datacenter drives a zero-defects culture
Six Sigma in the datacenter drives a zero-defects culture Situation Like many IT organizations, Microsoft IT wants to keep its global infrastructure available at all times. Scope, scale, and an environment
More informationAction Plan developed by Ordre des Comptables Professionnels Agréés d Haïti (OCPAH) BACKGROUND NOTE ON ACTION PLANS
BACKGROUND NOTE ON ACTION PLANS Action Plans are developed by IFAC members and associates to address policy matters identified through their responses to the IFAC Compliance Self-Assessment Questionnaires.
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationPrivacy Policy on the Responsibilities of Third Party Service Providers
Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016,
More informationehealth in Southwestern Ontario
ehealth in Southwestern Ontario Adding Value to the Healthcare System November 2, 2016 Prepared by: Michael Barrett, CEO, South West LHIN at the request of Ed Clark Page 1 Table of Contents Table of Contents
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationINSPIRE. User Screen Guide: MST, Administrative
INSPIRE User Screen Guide: MST, Administrative The EPISCenter is a project of the Prevention Research Center, College of Health and Human Development, Penn State University, and is funded by the Pennsylvania
More informationHuman Trafficking & Modern Day Slavery Northumbria Police Action Plan
Human Trafficking & Modern Day Slavery Northumbria Police Action Plan Prepare Reduce the harm caused by Modern Slavery, improved victim confidence and enhanced support Improve Force cohesion Development
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationAdopter s Site Support Guide
Adopter s Site Support Guide Provincial Client Registry Services Version: 1.0 Copyright Notice Copyright 2016, ehealth Ontario All rights reserved No part of this document may be reproduced in any form,
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationAvanade s Approach to Client Data Protection
White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success
More informationEntertaining & Effective Security Awareness Training
Entertaining & Effective Security Awareness Training www.digitaldefense.com Technology Isn t Enough Improve Security with a Fun Training Program that Works! Social engineering, system issues and employee
More informationANZPAA National Institute of Forensic Science BUSINESS PLAN
ANZPAA National Institute of Forensic Science BUSINESS PLAN 2018 19 OUR STRATEGIC INTENT PROMOTE AND FACILITATE EXCELLENCE IN FORENSIC SCIENCE The National Institute of Forensic Science is a directorate
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More informationMobile Technology and Clinical Telemedicine a System Perspective. Dr Rob Williams Ontario Telemedicine Network April 28, 2012
Mobile Technology and Clinical Telemedicine a System Perspective Dr Rob Williams Ontario Telemedicine Network April 28, 2012 Overview About OTN Mobile devices supporting OTN s clinical services Considerations
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationUpdate from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013
Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S
More informationINFORMATION TECHNOLOGY ONE-YEAR PLAN
INFORMATION TECHNOLOGY ONE-YEAR PLAN 2016-2017 Information and Communications Technology One-year Plan 2016-2017 The purpose of this document is to identify the activities being undertaken this year by
More informationTelehealth Workforce Offers Unique Competencies & Opportunities #245, February 23, 2017 Jay Weems, Vice-President, Operations, Avera ecare
Telehealth Workforce Offers Unique Competencies & Opportunities #245, February 23, 2017 Jay Weems, Vice-President, Operations, Avera ecare 1 Speaker Introduction Jay Weems Vice-President, Operations Avera
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationDon t Be the Next Headline! PHI and Cyber Security in Outsourced Services.
Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information
More information½Elements of a Profession ½Professionalism ½Introducing CIPS ½Becoming and I.S.P.
Agenda ½Elements of a Profession ½Professionalism ½Introducing CIPS ½Becoming and I.S.P. 1 Elements of a Profession Building a Profession How do we ensure our IT industry practitioners have the correct
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT AND BEST PRACTICES Heather Fields, JD, CHC, CCEP (414) 298-8166 hfields@reinhartlaw.com 1000 North Water Street, Suite 1700, Milwaukee, WI 53202 www.reinhartlaw.com 0 Agenda Role
More informationPrivacy By Design: Privacy smart from the start. Agenda. 1. About Deloitte. 2. Privacy Incidents Around the World. 3. Privacy Smart from the Start
Privacy By Design: Privacy smart from the start. 13 June 2012 Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Agenda 1. About Deloitte 2. Privacy Incidents Around the World 3. Privacy
More informationNational Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director
National Cyber Security Strategy - Qatar Michael Lewis, Deputy Director 2 Coordinating a National Approach to Cybersecurity ITU Pillars of Cybersecurity as a Reference Point providing the collected best
More informationITSM20F_Umang. Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0. Exin ITSM20F
ITSM20F_Umang Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0 http://www.gratisexam.com/ Exin ITSM20F IT Service Management Foundation based on ISO/IEC 20000 (ITSM20F.EN) Version:
More informationPrivacy by Design Brendon Lynch, Microsoft Trevor Hughes, IAPP
Privacy by Design Brendon Lynch, Microsoft Trevor Hughes, IAPP Session ID: ASEC-304 Session Classification: Privacy by Design What is it? Why now? Building it. Microsoft Example Getting Support. Where
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationFollow-up to Information Technology Security Audit
Follow-up to Information Technology Security Audit July 2004 Report Clearance Steps Follow-up process initiated September 2003 Report completed March 2004 Follow-up report approved by Departmental Audit
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationOperationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results
Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec
More informationConvergence of BCM and Information Security at Direct Energy
Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc
More informationONE Network. Privacy Impact Assessment Summary
ONE Network Privacy Impact Assessment Summary Copyright Notice Copyright 2012, ehealth Ontario All rights reserved Trademarks No part of this document may be reproduced in any form, including photocopying
More informationPOSITION DESCRIPTION
UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:
More informationEnsuring Privacy and Security of Health Information Exchange in Pennsylvania
Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania
More informationAudit Report. Chartered Management Institute (CMI)
Audit Report Chartered Management Institute (CMI) 10 October 2012 Note Restricted or commercially sensitive information gathered during SQA Accreditation monitoring activities is treated in the strictest
More informationIMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES
IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationCompliant. Secure. Dependable.
NAVIFY Cloud Security with the NAVIFY Tumor Board solution Compliant. Secure. Dependable. Trust that your oncology patients healthcare information stays protected. In the era of precision medicine, you
More informationManager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre
IDENTIFICATION Department Position Title Infrastructure Manager, Infrastructure Services Position Number Community Division/Region 32-11488 Yellowknife Technology Service Centre PURPOSE OF THE POSITION
More informationThe Mission of the Abu Dhabi Smart Solutions and Services Authority. Leading ADSSSA. By Michael J. Keegan
Perspective on Digital Transformation in Government with Her Excellency Dr. Rauda Al Saadi, Director General, Abu Dhabi Smart Solutions and Services Authority By Michael J. Keegan Today s digital economy
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationENTERPRISE ARCHITECTURE
ENTERPRISE ARCHITECTURE Executive Summary With more than $1 billion in information technology investments annually, the Commonwealth of Pennsylvania has evolved into the equivalent of a Fortune 20 organization,
More informationeplus Managed Services eplus. Where Technology Means More.
eplus Managed Services We Believe Managed Services Broker IT Innovation Superior IT Solutions IT Service Excellence Clear Business Outcomes Exceed Customer Expectations Customers tell us they need managed
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationDATA GOVERNANCE LEADS TO DATA QUALITY
DATA GOVERNANCE LEADS TO DATA QUALITY Trending. Kash Mehdi Senior Product Specialist and Instructor May 3, 2017 1 Collibra 2017 2017 Collibra Inc How Many of Your Reports Have Good Data Quality? What would
More informationCLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016
CLE Alabama Banking Law Update Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 Best Practices on Managing Cyber-Security Risks J.T. Malatesta III and Sarah S. Glover Maynard Cooper
More information