Protecting Health Information

Similar documents
Health Insurance Portability and Accountability Act (HIPAA) Security Requirements for Mobile Healthcare Solutions

Securing Today s Mobile Workforce

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Securing Health Data in a BYOD World

Mobile Security using IBM Endpoint Manager Mobile Device Management

HIPAA & Privacy Compliance Update

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

October 2016 Issue 07/16

HIPAA Compliance & Privacy What You Need to Know Now

The Future of Mobile Device Management

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Mobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference

The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions

Bring Your Own Device (BYOD) Best Practices & Technologies

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

MDM is Calling: Does Your Business Have an Answer? arrival. Here To Go. Lunch Dinner. continue. Riiinnggg. Dec. 12

Securing Institutional Data in a Mobile World

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

NMHC HIPAA Security Training Version

Best practices with BYOD. Title. Prepared by: Paul Dalton, Security Consultant

Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Compliance & HIPAA Annual Education

Enterprise Mobile Management (EMM) Policies

Securing Corporate Data on Mobile Devices

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

HIPAA AND SECURITY. For Healthcare Organizations

BYOD Secure Zoning Between Enterprise and Personal Data on Mobile Devices. 14 November 2013 Rozana Rusli Meling Mudin

Securing Office 365 with MobileIron

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

2013 InterWorks, Page 1

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

2016 Survey: A Pulse on Mobility in Healthcare

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

The simplified guide to. HIPAA compliance

The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management

ips.insight.com/healthcare Identifying mobile security challenges in healthcare

Mobile Security / Mobile Payments

ENCRYPTION: ADDRESSABLE OR A DE FACTO REQUIREMENT?

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Security and Privacy Breach Notification

The Unseen Leak: Faxing in the era of SOX, Gramm-Leach Bliley/PIPEDA and HIPAA

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Mobile devices boon or curse

Mobile Technology meets HIPAA Compliance Tuesday, March 28, 2017

Mobile Device Management: A Real Need for the Mobile World

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

Managing BYOD Networks

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

CSci530 Final Exam. Fall 2011

White Paper. Enabling Mobile Users and Staying Compliant. How Healthcare Organizations Manage Both

Office 365 Buyers Guide: Best Practices for Securing Office 365

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Bring Your Own Device Policy

White Paper Securing and protecting enterprise data on mobile devices

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA and HIPAA Compliance with PHI/PII in Research

Security Audit What Why

Choosing the Right Solution for Strategic Deployment of Encryption

HELPFUL TIPS: MOBILE DEVICE SECURITY

2014 SCCE Compliance & Ethics Institute. Session 506 Bring Your Own Device(BYOD)

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

What is Cybersecurity?

Five Tips to Mastering Enterprise Mobility

Cloud Communications for Healthcare

Mobility, Security Concerns, and Avoidance

Compliance in 5 Steps

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Trend Micro Guide and solution to help embrace Consumerization and BYOD. James Walker EMEA Product Marketing Manager 26 September 2012

HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

CIPHERPOST PRO. A Profitable, Essential Value-Add for Office 365

2016 BITGLASS, INC. mobile. solution brief

Information Technology Standards

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID

Bring Your Own TVH. Kalman Tiboldi CBIO

Mobile Devices prioritize User Experience

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

It s About the Data, Stupid.

Data Compromise Notice Procedure Summary and Guide

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

white paper SMS Authentication: 10 Things to Know Before You Buy

Cyber Security Issues

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

HIPAA Federal Security Rule H I P A A

The essential guide to creating a School Bring Your Own Device Policy. (BYOD)

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Transcription:

Agenda Protecting Health Information BRONSON HEALTHCARE GROUP INFORMATION TECHNOLOGY SECURITY ENGINEERING MICHAEL SMITH Personal device usage with sensitive data Mobile devices and BYOD Secure messaging Corporate security measures / breach prevention Enterprise security systems User education and security awareness Questions Posttest Objectives Describe concerns with the use of personal devices in the exchange of patient health information. Explain security measures used to prevent security breaches related to health information. List initiatives to increase healthcare workers awareness of security concerns. BYOD - Personal Devices BYOD - Personal Devices BYOD Bring Your Own Device. Organizational approach to allow and support personal devices in the corporate environment. Gartner Inc. predicts that almost 40% of organizations will rely exclusively on BYOD in 2016, and 85 percent will have some kind of BYOD program in place by 2020. BYOD hardware comprised of smartphones, tablet PCs and notebooks. Device population typically consists of Google Android smartphones, Apple iphones / ipads, Blackberry devices and Microsoft Windows smartphones. 1

BYOD Driving Forces BYOD - Challenges Allows customers a wide choice of device selection as opposed to company provided / approved devices. Substantial cost savings to organizations that do not provide mobile devices to user populations. Takes advantage of newer devices and cutting edge features. Giving users a choice in device selection which promotes a much higher adoption rate and user satisfaction. High risk approach due to limited control of devices by Information Technology. Difficulties balancing security and ease of use. Ongoing support issues due to a lack of consistency and conformity on devices. Personally installed apps or utilities can compromise the integrity of a device s security. Mobile device carriers each have proprietary releases of (Android) operating systems which creates functionality and encryption issues. Mobile Device Management Mobile Device Management MDM Mobile Device Management. Security software used to monitor, manage and secure mobile devices that are deployed across multiple service providers and operating systems. Policies applied on personal devices to address security issues without being overly intrusive or hindering the user experience. Corporate provided apps are housed in a secure location that is segregated from the rest of the phone. Provides near-instant remote wipe capabilities to remove all data from a lost or stolen device. Encrypts the entire device requiring a passcode to decrypt and access data. Secure Messaging Secure Messaging Breaches can occur when PHI is sent in an unencrypted manner or to the wrong recipient. Once PHI is sent the owner loses control of but maintains responsibility for it. Secure Messaging solutions provide a HIPAA compliant method for sending and receiving PHI between mobile devices. Encrypts text messages, pictures, videos and office documents. Stores sensitive data in an encrypted, password protected and segregated area of the device referred to as a container or locker. Messages can be revoked / returned to sender without requiring recipient approval. 2

Protected Health Information Protected Health Information Medical records are worth much more than that of any other stolen personal data on the black market. The average cost of a data breach for a lost or stolen record is $158. Healthcare organizations have an average cost of $360 per record. Stolen data can include names, social security numbers, birth dates, policy numbers, diagnosis codes, prescription histories and billing information. Data is used to commit Medicare fraud, illegally file false claims and obtain drugs or medical equipment to be resold for large profits. Privacy and security firms found that unplanned downtime at healthcare organizations may cost an average of $7,900 a minute. 61% of healthcare organizations reported some form of security incident in 2015. These security events cost U.S. hospitals an estimated $1.6 billion each year. Data Loss Prevention (DLP) A system for ensuring end users do not send PHI or financial information outside the corporate network. Antivirus, Antimalware Detects, blocks or quarantines malicious / unwanted infections. Sandboxing Executes untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites without risking harm to the corporate network. Content Filtering Filters, records and secures both regular and encrypted internet traffic. Intrusion Prevention System (IPS) monitors a network for malicious activities such as security threats or policy violations. Security Information and Event Management (SIEM) Provides real-time analysis of security alerts generated by hardware and applications. Removable media encryption Encrypted USB storage devices (thumb drives) requiring complex password to decrypt and access data. Virtual Private Networks (VPN) Secure solution for remote access to corporate network resources. Full Disk Encryption (FDE) Protects all data stored on laptops, desktops, phones and tablets with secure encryption. 3

User Awareness and Training User Awareness and Training Require annual review and signature of Acceptable Use and Electronic Communication Policies by end user population. New hire orientation introduces and reinforces security practices and end user responsibility for new employees. Security handbooks available at numerous locations and events as well as electronically. Single point of contact to report ALL security-related incidents or questions (IT Support Center). Minimum working requirements for end users to include annual coursework and training with safeguarding, transmitting and managing PHI and financial data. Security awareness training use mock scenarios to test user awareness. The results can be used for counseling, raising awareness and training. Questions What is your organization doing to protect PHI on mobile devices? What other initiatives could your organization take to raise security awareness? Questions? 4

Posttest All of the following are challenges with the use of personal devices in healthcare except: A) Obtaining technical Support B) Cost savings to the organization C) Personal apps compromising security D) Limited control of devices 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback