14th AMC Security & Privacy Conference June 12, 2018
|
|
- Pauline Small
- 5 years ago
- Views:
Transcription
1 Emerging Security & Privacy Issues Arising From the Proliferation of Devices in the Health Care Workplace 14th AMC Security & Privacy Conference June 12, 2018
2 SPEAKERS 2 Robert C. Van Arnam Partner & Chair, Intellectual Property Section and Co-Chair, Data Protection & Cybersecurity Practice Williams Mullen rvanarnam@williamsmullen.com Karen Pagliaro-Meyer Chief Privacy Officer Columbia University Medical Center kpagliaro@columbia.edu David J. Kuraguntla CEO GraftWorx dave@graftworx.com Dominic P. Madigan Partner, Health Care Section Williams Mullen dmadigan@williamsmullen.com 2
3 AGENDA 1. Overview of the rules pertaining to security and privacy issues for devices in the health care workplace 2. Issues faced by Columbia University Medical Center (CUMC) as an AMC pertaining to security and privacy issues arising from devices 3. Security/privacy issues recognized by GraftWorx, where those issues arise and how GraftWorx addresses those issues 4. Panel discussion 3 Please note: This presentation contains general, condensed summaries of actual legal matters, statutes and opinions for information purposes. It is not meant to be and should not be construed as legal advice. Individuals with particular needs on specific issues should retain the services of competent counsel. 3
4 RULES PERTAINING TO SECURITY AND PRIVACY ISSUES FOR DEVICES IN THE HEALTH CARE WORKPLACE Dominic P. Madigan Williams Mullen 4
5 SCOPE OF DEVICES > Definition of medical devices > The high tech medical devices and products, including: Implants Networked equipment Mobile medical devices Wearables Applications/software as medical device 5 5
6 FOLLOWING THE RULES > Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (HIPAA) > Food and Drug Administration (FDA) oversight/guidance > Federal Trade Commission (FTC) enforcement E.g., FTC and HHS developed website for mobile medical app developers to determine which laws under purview of FDA, FTC, or HHS (HIPAA) apply to them: > State laws and Attorney General enforcement > Employment laws employee monitoring using workplace equipment 6 6
7 HIPAA > Always a concern for covered entities (including providers); sometimes a concern for medical device companies, as business associates > Security Rule Risk analyses Administrative, technical, and physical standards National Institute for Standards and Technology (NIST) > Breach Notification Device company duty to notify covered entity Unless otherwise delegated, covered entity duty to notify individuals, HHS and potentially the media > Enforcement Lahey Hospital settlement 7 7
8 FDA > The FDA has regulatory oversight over medical devices since 1976; guidance published on scope of oversight for newer technology Stand Alone Software as a Medical Device (2016) Mobile Medical Applications (2015) General Wellness: Policy for Low Risk Devices (2015) > Has published numerous guidance documents related to medical devices and cybersecurity Premarket Submissions for Management of Cybersecurity (2013) Postmarket Management of Cybersecurity (2016) Cybersecurity for Medical Devices and Hospital Networks (2013) (safety communication) > Public notifications/recalls due to security flaws Hospira infusion pump warning (2013); Pacemaker recall (2017) 8 8
9 FTC > FTC Act, Section 5 Prohibits unfair or deceptive acts or practices (e.g. false or misleading claims) Enforcement for the failure to have reasonable and appropriate data security practices to protect consumer data Cause or likely to cause substantial injury to consumers that is neither reasonably avoidable nor outweighed by benefits to consumers or competition Accretive (2014); Practice Fusion (2016) > Breach Notification Rule (personal health records) > Office of National Coordinator at HHS (in coordination with FTC) Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA (2016) 9 9
10 STATE LAWS > State laws leading to Attorney General enforcement Data breach notification almost all states Most not healthcare specific Require at least notification; some require security measures Consumer protection laws Often intersect with data breaches and notification requirements Similar to FTC Act authority Example: Beth Israel Deaconess Medical Center (MA) (data breach); NY AG enforcement against 3 mobile health app developers (efficacy claims/privacy practices) 10 10
11 EMPLOYMENT ISSUES > Employee monitoring on workplace devices Computer/device usage Telephone/voic / Video surveillance/gps surveillance Future sociometric monitoring and microchipping > Federal and state laws impact employer and employee rights and responsibilities > Primary legal authorities: Electronic Communications Privacy Act of 1986 (ECPA) - 18 U.S.C et seq. Computer Fraud and Abuse Act 18 U.S. Code 1030 State Wiretapping and Privacy Laws State Computer Trespass Laws National Labor Relations Act 11 11
12 ISSUES FACED BY CUMC AS AN AMC PERTAINING TO SECURITY AND PRIVACY ISSUES ARISING FROM DEVICES Karen Pagliaro-Meyer Columbia University Medical Center 12
13 13 13
14 RESEARCH STUDIES AND WEARABLE DEVICES 14 > Research Subject Consent form is key document What information will be collected? Subjects provided with device for research purpose? Subjects personal device or research subject ID used for device? Where will the data be stored and how will it be used? What will happen to the data at the end of the research? Downside of fitness trackers and health apps is loss of privacy 14
15 PERSONAL DEVICES > Create, receive maintain or transmit PHI on personal devices Text messages, photos, person accounts Policies must agree to security policies to access PHI Education Mobile Device Management Sanctions > Departing workforce members > Social Media - Personal photos, audio and video recording in the workplace 15 15
16 OTHER ISSUES > New Devices When to Engage Information Security > Terms and conditions / Privacy / electronic agreements > Business Associate Agreements > Information Security Evaluations / Risk Assessments 16 16
17 OCR CYBERSECURITY NEWSLETTER OCTOBER 2017 > OCR also listed the following tips for ensuring mobile device security: Use a privacy screen to prevent people close by from reading information on your screen Use only secure Wi-Fi connections Use a secure Virtual Private Network (VPN) Reduce risks posed by third-party apps by prohibiting the downloading of third-party apps, using whitelisting to allow installation of only approved apps, securely separating ephi from apps, and verifying that apps only have the minimum necessary permissions required 17 17
18 OCR CYBERSECURITY NEWSLETTER OCTOBER 2017 > OCR also listed the following tips for ensuring mobile device security (continued): Securely delete all PHI stored on a mobile device before discarding or reusing the mobile device Covered entities and their business associates can greatly benefit from using mobile devices. However, organizations must also understand that potential risk factors will arise along with the convenience of quickly accessing data from anywhere. Implementing necessary and applicable policies and procedures for mobile device security, and then instilling those policies and procedures into regular workforce training will be essential for maintaining ephi security
19 SECURITY/PRIVACY ISSUES RECOGNIZED BY GRAFTWORX, WHERE THOSE ISSUES ARISE AND HOW GRAFTWORX ADDRESSES THOSE ISSUES David J. Kuraguntla GraftWorx 19
20 GRAFTWORX S VISION 20 20
21 GRAFTWORX S PLATFORM SCALABLE HARDWARE 21 21
22 CLINICALLY ACTIONABLE DATA FOR THE FUTURE 22 22
23 REMOTE MONITORING CREATES IMMENSE VALUE IN DIALYSIS 23 23
24 PRINCIPLES OF IOT SECURITY IN HEALTHCARE 24 24
25 GRAFTWORX SECURITY IMPLEMENTATION 25 25
26 PANEL DISCUSSION & QUESTIONS 26
Briefing on Report: Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA HL7 Mobile Health Workgroup
Briefing on Report: Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA HL7 Mobile Health Workgroup September 21, 2016 Devi Mehta, JD, MPH, Privacy Policy Analyst,
More informationMobile Health (mhealth) Applications in a Health Care Environment
Mobile Health (mhealth) Applications in a Health Care Environment Brandon Goulter, Facility Compliance Professional Steven Baruch, Senior Compliance Director Agenda Overview of Mobile Health Applications
More informationSecurity and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018
Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo University of Pennsylvania July 12, 2018 Overview of Research Tort and products liability for CPS Privacy and
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationMEDICAL APPS AND DEVICES THE CONVERGENCE OF FDA, FTC, AND STATE AND FEDERAL REGULATION
MEDICAL APPS AND DEVICES THE CONVERGENCE OF FDA, FTC, AND STATE AND FEDERAL REGULATION Todd L. Mayover, Senior Corporate Counsel, Thermo Fisher Scientific Barry H. Boise, Partner, Pepper Hamilton LLP Sharon
More informationThe Next Frontier in Medical Device Security
The Next Frontier in Medical Device Security Session #76, February 21, 2017 Denise Anderson, President, NH-ISAC Dr. Dale Nordenberg, Executive Director, MDISS 1 Speaker Introduction Denise Anderson, MBA
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationHealthcare Privacy and Security:
Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationDATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE
DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationU.S. Private-sector Privacy Certification
1 Page 1 of 5 U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US ) I. Introduction to the U.S. Privacy
More informationHIPAA For Assisted Living WALA iii
Table of Contents The Wisconsin Assisted Living Association... ix Mission... ix Vision... ix Values... ix Acknowledgments... ix Who Should Use This Manual... x How to Use This Manual... x Updates and Forms...
More informationHIPAA Security. An Ounce of Prevention is Worth a Pound of Cure
HIPAA Security An Ounce of Prevention is Worth a Pound of Cure Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Paul R. Hales, Attorney at Law Subject Matter Expert
More informationOverview of Presentation
A HIPAA Security Incident and Investigation. It Can Happen to You. Sandra a L. Sessoms, RN, CPHQ, CHC Interim Vice President, System Compliance West Penn Allegheny Health System Robert R. Michalski, CHC
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationHIPAA-HITECH: Privacy & Security Updates for 2015
South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site
More informationEmerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor
Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2.
More informationTopics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth
Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2.
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationMobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference
Mobile Technology meets HIPAA Compliance Tuesday, May 2, 2017 MT HIMSS Conference Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare
More informationAMCs and. Does the new law apply to my organization?
AMCs and Does the new law apply to my organization? Panelists: David Holtzman VP Compliance Strategies, CynergisTek Karen Pagliaro-Meyer Chief Privacy Officer, Columbia University Medical Center Lynn Rohland
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationThe ABCs of HIPAA Security
The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield
More informationWhen the Other Brother Steps Up: State Privacy Enforcement Actions
When the Other Brother Steps Up: State Privacy Enforcement Actions Healthcare Enforcement Compliance Conference November 6, 2018 Washington, DC Blaine Kerr, CISA, CHPC Chief Privacy Officer Jackson Health
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationDAVID J BEHINFAR, JD., LLM., CHC, CHRC, CCEP, HCISPP, CIPP/US P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT
P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT APRIL 7, 2019 David Behinfar, Chief Privacy Officer University of North Carolina Health Katherine Georger, Associate
More informationHIPAA Security Manual
2010 HIPAA Security Manual Revised with HITECH ACT Amendments Authored by J. Kevin West, Esq. 2010 HALL, FARLEY, OBERRECHT & BLANTON, P.A. DISCLAIMER This Manual is designed to set forth general policies
More informationData Privacy & Protection
Data Privacy & Protection March 10, 2016 Data Breach Notification and Cybersecurity Developments in 2016 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US This
More informationConnected Medical Devices
Connected Medical Devices How to Reduce Risks Inherent in an Internet of Things that Can Help or Harm Laura Clark Fey, Esq., Principal, Fey LLC Agenda Overview of the Internet of Things for Healthcare
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationAddressing the elephant in the operating room: a look at medical device security programs
Addressing the elephant in the operating room: a look at medical device security programs Ernst & Young LLP Presenters Michael Davis Healthcare Leader Baltimore +1 410 783 3740 michael.davis@ey.com Esther
More informationWASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information
WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7 Appropriate Methods of Communicating Protected Health Information Statement of Policy Washington University and its member organizations (collectively, Washington
More informationHMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING. Created By:
HMIS (HOMELESS MANAGEMENT INFORMATION SYSTEM) SECURITY AWARENESS TRAINING Created By: Overview The purpose of this presentation is to emphasize the importance of security when using HMIS. Client information
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationWEBSITE TERMS OF USE
WEBSITE TERMS OF USE Effective Date: April 14, 2018 Welcome to the Center for Behavioral Sciences, Inc. ( CBS ) website! CBS, Inc. maintains this website ( Website ) for your personal information, education
More informationand Privacy HIPAA-Compliance Checklist
Email and Privacy HIPAA-Compliance Checklist TBHI Checklist Copyright 2017 Telebehavioral Health Institute All rights reserved. Telebehavioral Health Institute www.telehealth.org No part of this publication
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Marissa Gordon-Nguyen Office for Civil Rights (OCR) U.S. Department of Health and Human Services June
More informationInto the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule
Into the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule The Twenty-Second National HIPAA Summit Healthcare Privacy and Security After HITECH and Health Reform Rebecca Williams,
More informationMEDICAL DEVICE CYBERSECURITY: FDA APPROACH
MEDICAL DEVICE CYBERSECURITY: FDA APPROACH CYBERMED SUMMIT JUNE 9TH, 2017 SUZANNE B. SCHWARTZ, MD, MBA ASSOCIATE DIRECTOR FOR SCIENCE & STRATEGIC PARTNERSHIPS CENTER FOR DEVICES AND RADIOLOGICAL HEALTH
More informationMobile Technology meets HIPAA Compliance Tuesday, March 28, 2017
Mobile Technology meets HIPAA Compliance Tuesday, March 28, 2017 Welcome Thank you for spending your valuable time with us today. This webinar will be recorded for your convenience. A copy of today s presentation
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationMedical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.
Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations
More informationBYOD (Bring Your Own Device): Employee-owned Technology in the Workplace
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org The information
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationData Privacy and Cybersecurity
Data Privacy and Cybersecurity Key Contacts Timothy C. Blank Boston +1 617 728 7154 Dr. Olaf Fasshauer National Munich +49 89 21 21 63 28 Joshua H. Rawson New York +1 212 698 3862 Translate Page In an
More informationHCISPP HealthCare Information Security and Privacy Practitioner
HCISPP HealthCare Information Security and Privacy Practitioner William Buddy Gillespie, HCISPP Global Academic Instructor (ISC)² Former Healthcare CIO Chair Advocacy Committee, CPAHIMSS budgill@aol.com
More informationSECURETexas Health Information Privacy & Security Certification Program
Partners in Texas Health Informa3on Protec3on SECURETexas Health Information Privacy & Security Certification Program 2015 HITRUST, Frisco, TX. All Rights Reserved. Outline Introduction Background Benefits
More informationDOD Medical Device Cybersecurity Considerations
Enedina Guerrero, Acting Chief, Incident Mgmt. Section, Cyber Security Ops Branch 2015 Defense Health Information Technology Symposium DOD Medical Device Cybersecurity Considerations 1 DHA Vision A joint,
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationSECTION/OWNER: CCO CONTRACTORS
Policy/Procedures POLICY NO: UOP ACO-COMP-005 SANCTION PROCESS- SECTION/OWNER: CCO CONTRACTORS EFFECTIVE DATE: 01/01/2017 DATE TO QIC: 01/15/2017 DATE TO BOARD: 01/31/2017 1.0 PURPOSE This policy is to
More informationBreach Notification Assessment Tool
Breach Notification Assessment Tool December 2006 Information and Privacy Commissioner of Ontario David Loukidelis Commissioner Ann Cavoukian, Ph.D. Commissioner This document is for general information
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationKey Developments in the Regulation of Software and Digital Health: New Guidance, Initiatives, and Enforcement
Key Developments in the Regulation of Software and Digital Health: New Guidance, Initiatives, and Enforcement June 2015 Marian J. Lee 202.887.3732 MJLee@gibsondunn.com The Digital Health Opportunity Market
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy
UCOP ITS Systemwide CISO Office Systemwide IT Policy Revision History Date: By: Contact Information: Description: 08/16/17 Robert Smith robert.smith@ucop.edu Initial version, CISO approved Classification
More informationencrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information
More informationWebsite Privacy Policy
Website Privacy Policy Village Emergency Center Privacy Policy Updated: 1/22/18. PLEASE READ THIS PRIVACY POLICY (Privacy Policy) CAREFULLY. By accessing and using this website, you agree to be bound by
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationPolicies & Medical Disclaimer
Policies & Medical Disclaimer Money Back Guarantee Heather Woodruff Nutrition proudly stands behind its programs. To help you feel comfortable we offer a Money-Back Guarantee* If you are not absolutely
More informationHousecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009
Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009 Privacy Policy Intent: We recognize that privacy is an important issue, so we design and operate our services with
More informationIntegrating HIPAA into Your Managed Care Compliance Program
Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,
More information8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID
Billing & Reimbursement Revenue Cycle Management 8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID Billing and Reimbursement for Physician Offices, Ambulatory Surgery Centers and Hospitals Billings & Reimbursements
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More information79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90
th OREGON LEGISLATIVE ASSEMBLY-- Regular Session Senate Bill 0 Printed pursuant to Senate Interim Rule. by order of the President of the Senate in conformance with presession filing rules, indicating neither
More informationHospital Council of Western Pennsylvania. June 21, 2012
Updates on OCR s HIPAA Enforcement and Regulations Hospital Council of Western Pennsylvania June 21, 2012 Topics HIPAA Privacy and Security Rule Enforcement HITECH Breach Notification OCR Audit Program
More informationInvestigating Insider Threats
Investigating Insider Threats February 9, 2016 Jonathan Gannon, AT&T Brenda Morris, Booz Allen Hamilton Benjamin Powell, WilmerHale 1 Panelist Biographies Jonathan Gannon, AT&T, Executive Director & Senior
More informationMobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services
Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the
More informationTerms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule.
Medical Privacy Version 2018.03.26 Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a Covered Entity
More informationCompliance & HIPAA Annual Education
Compliance & HIPAA Annual Education 1 The purpose of this education is to UPDATE The purpose and of this education REFRESH is to UPDATE your and REFRESH understanding understanding of: of: Aultman s Compliance
More informationTop Five Privacy and Data Security Issues for Nonprofit Organizations
Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY
More informationGetting Your Privacy House in Order
Getting Your Privacy House in Order Lisa J. Sotto Ewa Abrams Victoria King Partner Associate General Counsel Global Privacy Officer Hunton & Williams LLP Tiffany & Co. UPS (212) 309-1223 (212) 230-5351
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationDepartment of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY
Department of Veterans Affairs VA DIRECTIVE 6502.3 Washington, DC 20420 Transmittal Sheet WEB PAGE PRIVACY POLICY 1. REASON FOR ISSUE: To establish policy for the Department of Veterans Affairs (VA) for
More informationData Use and Reciprocal Support Agreement (DURSA) Overview
Data Use and Reciprocal Support Agreement (DURSA) Overview 1 Steve Gravely, Troutman Sanders LLP Jennifer Rosas, ehealth Exchange Director January 12, 2017 Introduction Steve Gravely Partner and Healthcare
More informationBoerner Consulting, LLC Reinhart Boerner Van Deuren s.c.
Catherine M. Boerner, Boerner Consulting LLC Heather Fields, 1 Discuss any aggregate results of the desk audits Explore the Sample(s) Requested and Inquire of Management requests for the full on-site audits
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationPrivacy Policy on the Responsibilities of Third Party Service Providers
Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016,
More informationPOSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS
POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, 2017 14TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS 1 Fact vs. Myth Let s Play: Fact vs. Myth The FDA is the federal entity
More informationHIPAA Highlights and Impact to your Telehealth Program. Wednesday, Sept 27, 2017
HIPAA Highlights and Impact to your Telehealth Program Wednesday, Sept 27, 2017 Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare
More informationDATA PROTECTION LAWS OF THE WORLD. United States
DATA PROTECTION LAWS OF THE WORLD United States Downloaded: 10 December 2017 UNITED STATES Last modified 25 January 2017 LAW The United States has about 20 sector specific or medium-specific national privacy
More informationSpeakers. Shellie Zavatsky Director of Internal Audit at Hurley Medical Center. Trent Long Director of Managed Privacy Services at FairWarning, Inc
View the Replay Speakers Shellie Zavatsky Director of Internal Audit at Hurley Medical Center Trent Long Director of Managed Privacy Services at FairWarning, Inc Agenda What are the new advanced threats
More informationPolicy. Policy Information. Purpose. Scope. Background
Background Congress enacted HIPAA Privacy & Security Compliance Policy Policy Information Policy Owner: (TBD Possibly HIPAA Privacy and Security Official or Executive Director of University Ethics and
More informationNew Frontiers In HIPAA & Privacy Enforcement:
2013 100 th Annual Meeting New Frontiers In HIPAA & Privacy Enforcement: State Courts, FTC, and OIG Victoria L. Vance Edward E. Taber 1. Dramatic Increase In Breaches Dramatic Increase In Breaches Dramatic
More informationHIPAA and HIPAA Compliance with PHI/PII in Research
HIPAA and HIPAA Compliance with PHI/PII in Research HIPAA Compliance Federal Regulations-Enforced by Office of Civil Rights State Regulations-Texas Administrative Codes Institutional Policies-UTHSA HOPs/IRB
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More information