Consumer Protection & System Security Update. Bill Jenkins and Cammie Blais

Similar documents
Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

Identity Theft: Enterprise-Wide Strategies for Prevention, Detection and Remediation

Data Breach Preparation and Response. April 21, 2017

Security and Privacy Governance Program Guidelines

MHBE Compliance Program SECOND QUARTER FY 2019 REPORT. TO MHBE BOARD OF TRUSTEES January 22, 2019

Red Flags/Identity Theft Prevention Policy: Purpose

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Health Care: Privacy & Security in a Digital Age

SAC PA Security Frameworks - FISMA and NIST

[DATA SYSTEM]: Privacy and Security October 2013

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Ouachita Baptist University. Identity Theft Policy and Program

Enabling Efficient, Consistent Certification and Accreditation Enterprise-Wide

THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.

Why you should adopt the NIST Cybersecurity Framework

Identity Theft Policies and Procedures

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Red Flags Program. Purpose

Compliance Program Design Lessons learned from a COSO framework

Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

Watson Developer Cloud Security Overview

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Education Network Security

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

Top Five Privacy and Data Security Issues for Nonprofit Organizations

Prevention of Identity Theft in Student Financial Transactions AP 5800

PPR TOKENS SALE PRIVACY POLICY. Last updated:

EU General Data Protection Regulation (GDPR) Achieving compliance

Laws and Regulations & Data Governance

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Why you MUST protect your customer data

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Better Privacy Through Identity Management:

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

What to do if your business is the victim of a data or security breach?

( Utility Name ) Identity Theft Prevention Program

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

New Guidance on Privacy Controls for the Federal Government

MNsure Privacy Program Strategic Plan FY

Keeping It Under Wraps: Personally Identifiable Information (PII)

DeMystifying Data Breaches and Information Security Compliance

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Policies and Procedures Date: February 28, 2012

IDENTITY THEFT PREVENTION Policy Statement

Regulation P & GLBA Training

Cybersecurity in Higher Ed

HIPAA Security and Privacy Policies & Procedures

Standard for Security of Information Technology Resources

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Red Flag Regulations

NIST Special Publication

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

This regulation outlines the policy and procedures for the implementation of wireless networking for the University Campus.

Data Security: Public Contracts and the Cloud

LCU Privacy Breach Response Plan

Security Breaches: How to Prepare and Respond

Privacy Notice: Volunteers of Turning Point Scotland

Seattle University Identity Theft Prevention Program. Purpose. Definitions

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

NYDFS Cybersecurity Regulations

Privacy Policy GENERAL

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Food Safety and Inspection Service:

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Post-Secondary Institution Data-Security Overview and Requirements

locuz.com SOC Services

Information Technology Security Plan Policy, Control, and Procedures Manual Detect: Anomalies and Events

Four Deadly Traps of Using Frameworks NIST Examples

Cyber Risks, Coverage, and the Board of Directors.

Mastering Data Privacy, Social Media, & Cyber Law

The Impact of Cybersecurity, Data Privacy and Social Media

Cyber Risks in the Boardroom Conference

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

ROADMAP TO DFARS COMPLIANCE

TEL2813/IS2820 Security Management

Computer Forensics US-CERT

Heavy Vehicle Cyber Security Bulletin

01.0 Policy Responsibilities and Oversight

Layer Security White Paper

Employee Security Awareness Training Program

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Managing Cybersecurity Risk

What Why Value Methods

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

PilieroMazza Webinar Preparing for NIST SP December 14, 2017

Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations

CAN-SPAM ACT RULEMAKING

Ohio Supercomputer Center

NATIONAL INSTITUTE OF FORENSIC SCIENCE

Putting It All Together:

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Red Flag Policy and Identity Theft Prevention Program

Wireless Network Policy and Procedures Version 1.5 Dated November 27, 2002

Emsi Privacy Shield Policy

Technical Trust Policy

Transcription:

Consumer Protection & System Security Update Bill Jenkins and Cammie Blais

Consumer Protection Goal: To act responsibly to protect consumers against deceptive, fraudulent or unfair practices. 2 2

Partners Colorado Division of Insurance Colorado Attorney General Department of Law Local Law Enforcement Consumer Advocates The Federal Trade Commission Health and Human Services Office of Inspector General Connect for Health Colorado 3 3

Customer Service Center Protections Organization-wide MARS-E/HIPAA compliance o Training o Secure environments o Internal controls o Identification badges o Motion sensors o Cameras o Staff background checks o Monitoring o Customer security protocols 4 4

Assistance Sites & Health Coverage Guides Certification Background checks for Health Coverage Guides Training specific to fraud, waste & abuse and related topics Internal controls Audit requirements Site visits for compliance and adherence to standards Identification badging Website lookup for association verification Conflict of interest standards 5 5

Agents/Brokers Certification process Requirement for background checks Training specific to fraud, waste & abuse and related topics State license requirements Website lookup for certified agents/brokers Fair Practice Standards 6 6

Fraud Reporting Capability Form available on website o http://connectforhealthco.com/connect/contact-us/report-suspected-fraud/ 7 Advised to contact local law enforcement if a crime is suspected FTC contact information to be added Routed to Appeals and Conflict Resolution staff and/or DOI for follow up and action 7

Appeals The Office of Conflict Resolution and Appeals allows consumers to contact an independent office that will respond to their concerns The office provides a medium for reporting an errant or wrongful action The Appeals staff have legal backgrounds Every consumer contact receives the same consideration and evaluation 8 8

9 System Security

Information Security and Privacy Program Remediation Incident Response Risk Management Gap Identification Compensating Controls Strategy Objectives and Requirements Roles and Responsibilities Business Model Direction Policies Procedures Standards Guidelines Evaluation Log Reviews Inspections Assessments Compliance Audits Implementation & Operations Education & Awareness Orientation Training Communication Planning 10 Administrative Controls Technical Controls Physical Controls 10

MARS-E Compliance Minimal Acceptable Risk Standards for Exchanges, a compilation of security and privacy requirements and regulations from various organizations and agencies, including: o o There are 19 risk control families within 3 classes (technical, operational, and management) These families, from the CMS taxonomical summary, include: FTI Safeguards (IRS Publication 1075) Access Control Awareness & Training Configuration Management Identification & Authentication Incident Response System & Communications Protection 11 11

Policies and Procedures In support of MARS-E compliance, Connect for Health Colorado implemented more than 2 dozen policies that addresses topics such as: System protection and integrity Security Planning PII Security Updates ongoing based on implementation experience 12 12

Technical Controls Update Defense in Layers o Network Firewalls o Web Application Firewalls o Database Activity Monitoring Roles and Accesses o Adapting to support business needs o Focus on minimizing access Logging o Supports Operational Analysis o Verifies Controls 13 13

Activity Highlights Training and Awareness o 900 Series o Follow Up Events o Training sustainment Awareness of other Marketplaces o Understanding their challenges o Learning Lessons Routine participation in operational meetings o Situational awareness and risk analysis Ongoing Security Testing and Incident Analysis o Quick response Tuning and Refining at All Levels 14 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback