Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst
|
|
- Deborah Watts
- 5 years ago
- Views:
Transcription
1 Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits
2 Outline Privacy and Security How Security and Privacy Relate Current State of Privacy and Security Drivers for Integration / Current Trends HITRUST Privacy Working Group State Laws NIST SP , Appendix J HIPAA Privacy Rule Next Steps Privacy Domain Implementation 2 Incorporating Privacy into the CSF: Approach and Benefits
3 How Security and Privacy Relate (i) Fair Information Practice Principles (FIPPs) Over the past 30 years, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" and the safeguards required to assure those practices are fair and provide adequate privacy protection. Privacy Principles have been established world wide: Health, Education and Welfare (HEW) - Fair Information Principles Organization for Economic Cooperation and Development (OECD) Guidelines Health Insurance Portability and Accountability Act (HIPAA) Privacy Office of the National Coordinator for Health Information Technology (ONC) Privacy Framework 3 Incorporating Privacy into the CSF: Approach and Benefits
4 How Security and Privacy Relate (ii) Top 10 most common principles include; 1. Openness / Transparency 2. Notice / Choice 3. Collection Limitation / Data Minimization 4. Specified Purposes 5. Data Integrity 6. Security Safeguards 7. Individuals Rights 8. Preventing Harm 9. Privacy-by-Design 10. Accountability. 4 Incorporating Privacy into the CSF: Approach and Benefits
5 How Security and Privacy Relate (iii) HIPAA Privacy Rule Safeguards A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure. 5 Incorporating Privacy into the CSF: Approach and Benefits
6 How Security and Privacy Relate (iv) HIPAA Security Rule Safeguards Administrative safeguards are administrative actions and policies, and procedures to manage the selection, development, implementation, and maintenance of security measures... Physical safeguards are physical measures, policies, and procedures to protect a covered entity s electronic information systems and related buildings and equipment... Technical safeguards means the technology and the policy and procedures for its use that protect electronic protected health information and control access to it. 6 Incorporating Privacy into the CSF: Approach and Benefits
7 7 Incorporating Privacy into the CSF: Approach and Benefits Current State & Trends
8 Current State of Privacy and Security Security functions are typically: Typically embedded within IT department Director or manager-level IT-centric Focused on controls based on security frameworks Not always responsible to a Board-level committee Privacy functions are typically: Stand-alone or embedded within compliance function VP or director-level Legal & Compliance-centric Focused on regulatory compliance Responsible to Board-level audit committee 8 Incorporating Privacy into the CSF: Approach and Benefits
9 Drivers for Integration Individual privacy is dependent upon security Separate functions are not always efficient Overlapping education, training & awareness programs Overlapping incident response applications and functions Overlapping security controls and privacy safeguards New requirements due to HITECH Increased collaboration is necessary to fulfill Breach Notification requirements. 9 Incorporating Privacy into the CSF: Approach and Benefits
10 Drivers for Integration - Current Trends Overlapping Programs Increased cooperation between traditionally siloed security and privacy functions Breach Notification Legislators beginning to supplement privacy / data breach legislation with complementary security legislation Federal Government Integrating privacy requirements into security control standard, NIST SP Incorporating Privacy into the CSF: Approach and Benefits
11 11 Incorporating Privacy into the CSF: Approach and Benefits Privacy Working Group
12 HITRUST Privacy Working Group (2012) Growing reliance on EHRs and interoperable HIEs Improve patient care, reduce errors, control costs Increased risk to patient information HITRUST will incorporate privacy requirements into CSF Ensure better alignment between security and privacy programs Ensure an integrated approach for protecting health information HITRUST Privacy Working Group Identify and document new CSF controls and/or enhancements Uniform and practical approach to implementing privacy controls Provide additional recommendations, e.g., assessment guidance 12 Incorporating Privacy into the CSF: Approach and Benefits
13 HITRUST Privacy Working Group (2014) State Law Challenges Variations exist regarding, but not limited to; breaches (including definition of a breach), authorizations, consents, access/amendment, restriction requests, who must comply and who the requirements apply to. States identified social security numbers and sensitive date, such as mental health, HIV/AIDs, drug and alcohol abuse/treatment as having increased privacy concerns and requirements. Results: HITRUST CSF to include references to and adhere to applicable state law, as required. 13 Incorporating Privacy into the CSF: Approach and Benefits
14 HITRUST Privacy Working Group (2014) NIST SP , Appendix J Provides a structured set of privacy controls for federal government Establishes a linkage and relationship between privacy and security controls Demonstrates the applicability of the NIST Risk Management Framework Promotes closer cooperation between privacy and security officials within the federal government Results: While NIST may present a uniform approach, it is not practical for universal healthcare industry implementation Privacy Working Group to revisit NIST , Appendix J, possibly add as level 2 or 3 requirement CSF controls 14 Incorporating Privacy into the CSF: Approach and Benefits
15 HITRUST Privacy Working Group (2014) HIPAA Privacy Rule Universally acceptable and applicable standards in the healthcare industry Includes Final Omnibus Rule Achieves a uniform and practical approach Utilizes OCR Audit Protocol as the basis for control language Results: HIPAA Privacy Rule requirements will be used as level 1 controls in the HITRUST CSF HITRUST CSF Level 1 compliance may now satisfy HIPAA Compliance with both the Privacy and Security Rule. 15 Incorporating Privacy into the CSF: Approach and Benefits
16 16 Incorporating Privacy into the CSF: Approach and Benefits Next Steps
17 Privacy Domain Implementation Privacy Domain HIPAA Privacy Rule requirements Implement/revise controls related to; Review existing controls that relate to Privacy NIST SP controls HIE requirements Achieves well-rounded Common Security Framework consistent with industry trends. 17 Incorporating Privacy into the CSF: Approach and Benefits
18 Questions? Kim Gray, Esq., Angela Holzworth Incorporating Privacy into the CSF: Approach and Benefits
Putting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationSECURETexas Health Information Privacy & Security Certification Program
Partners in Texas Health Informa3on Protec3on SECURETexas Health Information Privacy & Security Certification Program 2015 HITRUST, Frisco, TX. All Rights Reserved. Outline Introduction Background Benefits
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationEnsuring Privacy and Security of Health Information Exchange in Pennsylvania
Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania
More informationUpdate from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013
Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationGeneral Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant
General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More informationHITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.
HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationDATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE
DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationPennsylvania s HIE Journey
Pennsylvania s HIE Journey Alix Goss, Executive Director Pennsylvania ehealth Partnership Authority William Buddy Gillespie Director Healthcare Solutions DSS What is HIE? Health Information Exchange puts
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationThe ABCs of HIPAA Security
The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationCritical HIPAA Privacy & Security Crossover Areas
Critical HIPAA Privacy & Security Crossover Areas Presented by HIPAA Solutions, LC Peter MacKoul, JD Senior Privacy SME Ken Hughes Senior Security SME HIPAA Solutions, LC 2016 1 Critical HIPAA Privacy
More informationGovernment Privacy. Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer
IAPP Privacy Certification Certified Information Privacy Professional/Government (CIPP/G) Government Privacy Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer
More informationHIPAA Compliance is not a Cybersecurity Strategy
HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More informationExploring Emerging Cyber Attest Requirements
Exploring Emerging Cyber Attest Requirements With a focus on SOC for Cybersecurity ( Cyber Attest ) Introductions and Overview Audrey Katcher Partner, RubinBrown LLP AICPA volunteer: AICPA SOC2 Guide Working
More informationHIPAA For Assisted Living WALA iii
Table of Contents The Wisconsin Assisted Living Association... ix Mission... ix Vision... ix Values... ix Acknowledgments... ix Who Should Use This Manual... x How to Use This Manual... x Updates and Forms...
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationIntegrating HIPAA into Your Managed Care Compliance Program
Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,
More informationHIPAA COMPLIANCE AND DATA PROTECTION Page 1
HIPAA COMPLIANCE AND DATA PROTECTION info@resultstechnology.com 877.435.8877 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and RESULTS Cloud
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Chmura Orthodontics ( Practice ) understands the important of keeping your personal information private. Personal information includes: your name, postal address, e-mail address,
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationMobile Application Privacy Policy
Mobile Application Privacy Policy Introduction This mobile application is hosted and operated on behalf of your health plan. As such, some information collected through the mobile application may be considered
More informationBuilding Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust
Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust Jamie Danker Director, Senior Privacy Officer National Protection and Programs Directorate, U.S.
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More information2017 RIMS CYBER SURVEY
2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationRemote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act
Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Are your authentication, access, and audit paradigms up to date? Table of Contents Synopsis...1
More informationHow to Ensure Continuous Compliance?
How to Ensure Continuous Compliance? Episode I: HIPAA Compliance 101 Speaker: Danny Murphy Sr. Sales Engineer, Netwrix Corporation Danny.Murphy@netwrix.com +44 (0) 203 588 3023 ext 2202 Agenda Compliance
More informationLessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits
Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits Iliana L. Peters, J.D., LL.M. Senior Advisor for HIPAA Compliance and Enforcement OCR RULEMAKING UPDATE What s s Done?
More informationProtecting PHI in the Cloud. Session #47, February 20, 2017 Kurt J. Long, Founder & CEO, FairWarning, Inc.
Protecting PHI in the Cloud Session #47, February 20, 2017 Kurt J. Long, Founder & CEO, FairWarning, Inc. 1 Speaker Introduction Kurt J. Long Founder & CEO FairWarning, Inc. 2 Conflict of Interest Kurt
More informationHow To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation
How To Establish A Compliance Program Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda High level requirements A written program A sample structure Elements of the program Create
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More information[DATA SYSTEM]: Privacy and Security October 2013
Data Storage, Privacy, and Security [DATA SYSTEM]: Privacy and Security October 2013 Following is a description of the technical and physical safeguards [data system operator] uses to protect the privacy
More informationIntroduction to the HITRUST CSF. Version 8.1
Version 8.1 February 2017 Contents Executive Summary.... 3 Organization of the HITRUST CSF.... 3 Practical Action Plan for Implementing the HITRUST CSF... 4 Introduction.... 5 Organization of the HITRUST
More informationOperationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results
Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec
More informationImplementing and Enforcing the HIPAA Security Rule
Implementing and Enforcing the HIPAA Security Rule John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions, Inc. Introductions Final Security Rule How we
More informationHousecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009
Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009 Privacy Policy Intent: We recognize that privacy is an important issue, so we design and operate our services with
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationIT Security in a Meaningful Use Era C&SO HIMSS Meeting
CSOHIMSS 2011 Slide 1 October 21, 2011 October 21, 2011 IT Security in a Meaningful Use Era C&SO HIMSS Meeting Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Task Force
More informationNot Just Another Day of HIPAA
Not Just Another Day of HIPAA Presented by: Patti Klingel, PhD, CPHQ, CRM, CHC Director of Corporate Compliance & Organizational Ethics United Church Homes, Inc. Disclosure I have no vested interest in
More informationHIPAA-HITECH: Privacy & Security Updates for 2015
South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationIntroduction to the HITRUST CSF. Version 9.1
Introduction to the HITRUST CSF Version 9.1 February 2018 Contents Executive Summary.... 3 Organization of the HITRUST CSF... 3 Practical Action Plan for Implementing the HITRUST CSF... 4 Introduction....
More informationSteffanie Hall, RHIA HIM Director/Privacy Officer 1201 West 12 th Emporia, Kansas ext
JOINT NOTICE OF PRIVACY PRACTICES NEWMAN REGIONAL HEALTH, NEWMAN REGIONAL HEALTH MEDICAL PARTNERS, HOSPICE, NEWMAN PHYSICAL THERAPY, COMMUNITY WELLNESS AND MEMBERS OF THE NEWMAN REGIONAL HEALTH ORGANIZED
More informationFederal Breach Notification Decision Tree and Tools
Federal Breach Notification and Tools Disclaimer This document is copyright 2009 by the Long Term Care Consortium (LTCC). These materials may be reproduced and used only by long-term health care providers
More informationPrivacy Policy on the Responsibilities of Third Party Service Providers
Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2016,
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationMeasuring Cybersecurity Readiness: The Cybersecurity Maturity Model
Measuring Cybersecurity Readiness: The Cybersecurity Maturity Model NCHICA Cybersecurity Thought Leader Forum Richard Roberts, CISO & Director of Technology Strategy 757.213.6875 www.divurgent.com What
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationHCISPP HealthCare Information Security and Privacy Practitioner
HCISPP HealthCare Information Security and Privacy Practitioner William Buddy Gillespie, HCISPP Global Academic Instructor (ISC)² Former Healthcare CIO Chair Advocacy Committee, CPAHIMSS budgill@aol.com
More informationOverview of Presentation
A HIPAA Security Incident and Investigation. It Can Happen to You. Sandra a L. Sessoms, RN, CPHQ, CHC Interim Vice President, System Compliance West Penn Allegheny Health System Robert R. Michalski, CHC
More informationHIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED
HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within
More informationHealth Information Privacy Education in Healthcare Organizations
Health Information Privacy Education in Healthcare Organizations Standards and Guidance from ISO/TC215 Health Informatics Deborah K. Green, MBA, RHIA EVP/Chief Innovation and Global Services Officer American
More informationGetting OCR Audit-Ready in 7 Steps:
Getting OCR Audit-Ready in 7 Steps: Kimberly B. Holmes, Esq. Senior Vice President & Counsel Cyber Insurance, Liability & Emerging Risks March 28, 2017 Remember first of all Pursuant to the HIPAA Security
More informationWhip Your Incident Response Program into Shape
Whip Your Incident Response Program into Shape 1 Agenda Introductions Understand requirements behind an incident response program (IRP). Identify the different components of an effective IRP. Learn how
More informationSocial Security Number Protection Policy.
Privacy HIPAA Notice of Privacy Practices. Website Privacy Policy. Social Security Number Protection Policy. HIPAA Notice of Privacy Practices: To read more about our privacy practices regarding health
More informationSecuring IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates
Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Ruby Raley, Director Healthcare Solutions Axway Agenda Topics: Using risk assessments to improve
More informationHIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES. Audit Report October 29, 2010
HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES Audit Report 10-52 October 29, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationIncident Response: Are You Ready?
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More information(c) Apgar & Associates, LLC
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy
UCOP ITS Systemwide CISO Office Systemwide IT Policy Revision History Date: By: Contact Information: Description: 08/16/17 Robert Smith robert.smith@ucop.edu Initial version, CISO approved Classification
More informationThe Future of HITRUST
The Future of HITRUST Henry Vynalek, Director, HIE & IT Operations and Security Officer Mike Wells, Director of Security, Director of Engineering The Ohio Health Information Partnership (CliniSync) Henry
More informationData Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)
Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001) Speakers: James T. McIntyre Partner McIntyre & Lemon, PLLC Janice Ochenkowski International Director
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationApplying ISO and NIST to Address Compliance Mandates The Four Laws of Information Security
Applying ISO 27000 and NIST to Address Compliance Mandates The Four Laws of Information Security Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, FBI InfraGard Challenges PHI Is
More informationHIPAA Risk Assessment: Been There... Should ve Done It the First Time
HIPAA Risk Assessment: Been There... Should ve Done It the First Time April 20 & 21, 2012 David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec 1 Agenda 1 2 3 4 5 A little background... Well, a
More informationSecurity Awareness Compliance Requirements. Updated: 11 October, 2017
Security Awareness Compliance Requirements Updated: 11 October, 2017 Executive Summary The purpose of this document is to identify different standards and regulations that require security awareness programs.
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationDAVID J BEHINFAR, JD., LLM., CHC, CHRC, CCEP, HCISPP, CIPP/US P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT
P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT APRIL 7, 2019 David Behinfar, Chief Privacy Officer University of North Carolina Health Katherine Georger, Associate
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationData Recovery Policy
Data Recovery Policy The Marketware, Inc. Contingency Plan establishes procedures to recover Marketware, Inc. following a disruption resulting from a disaster. This Disaster Recovery Policy is maintained
More information