Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

Similar documents
Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

mhealth SECURITY: STATS AND SOLUTIONS

How Managed File Transfer Addresses HIPAA Requirements for ephi

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

DeMystifying Data Breaches and Information Security Compliance

ips.insight.com/healthcare Identifying mobile security challenges in healthcare

Data Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.

HIPAA AND SECURITY. For Healthcare Organizations

HIPAA Compliance & Privacy What You Need to Know Now

Security Audit What Why

Healthcare HIPAA and Cybersecurity Update

HIPAA & Privacy Compliance Update

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

Understanding the Impact of Data Privacy January 2012

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Cloud Communications for Healthcare

HIPAA 2017 Compliancy Group, LLC

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

Oracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Tracking and Reporting

Preparing for a Breach October 14, 2016

Cybersecurity and Nonprofit

2017 Results. Revealing the New State of IBM i Security: The Good, the Bad, and the Downright Ugly

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Putting It All Together:

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Compliance in 5 Steps

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

Cyber Security Risk Management and Identity Theft

What is HIPPA/PCI? Understanding HIPAA. Understanding PCI DSS

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Avanade s Approach to Client Data Protection

Why you MUST protect your customer data

Data Compromise Notice Procedure Summary and Guide

Executive Insights. Protecting data, securing systems

HIPAA Federal Security Rule H I P A A

Combating Cyber Risk in the Supply Chain

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

Vendor Security Questionnaire

Cybersecurity The Evolving Landscape

Hacking and Cyber Espionage

Protecting Your Data in the Cloud. Ulf Mattsson Chief Technology Officer ulf.mattsson [at] protegrity.com

Cyber Risks in the Boardroom Conference

Cybersecurity Auditing in an Unsecure World

Identity Theft and Data Breach. How to protect yourself?

Are You Avoiding These Top 10 File Transfer Risks?

PCI DSS Compliance for Healthcare

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

ISACA West Florida Chapter - Cybersecurity Event

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

HIPAA ( ) HIPAA 2017 Compliancy Group, LLC

Cybersecurity and Hospitals: A Board Perspective

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Teradata and Protegrity High-Value Protection for High-Value Data

Applying ISO and NIST to Address Compliance Mandates The Four Laws of Information Security

Cyber Insurance: What is your bank doing to manage risk? presented by

HIPAA Compliance Checklist

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

The Data Breach: How to Stay Defensible Before, During & After the Incident

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

New! Checklist for HIPAA & HITECH Compliance Pabrai

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

Managing Cybersecurity Risk

Cyber Security Issues

Healthcare Privacy and Security:

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

HIPAA 101: What All Doctors NEED To Know

Dissecting Data Breaches. What Keeps Going Wrong?

Data Security for Mass Notification in Government WHAT YOU NEED TO KNOW ABOUT PROTECTING CITIZEN DATA

The Relationship Between HIPAA Compliance and Business Associates

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

Cybersecurity for Service Providers

Digital Health Cyber Security Centre

SHS Annual Information Privacy and Security Training

Best Practices in HIPAA Security Risk Assessments

Security industry overview December 2016

Privacy & Information Security Protocol: Breach Notification & Mitigation

Introduction to Ethical Hacking. Chapter 1

The simplified guide to. HIPAA compliance

Entertaining & Effective Security Awareness Training

Incident Response Table Tops

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

Getting over Ransomware - Plan your Strategy for more Advanced Threats

01.0 Policy Responsibilities and Oversight

The Impact of Cybersecurity, Data Privacy and Social Media

Transcription:

Encrypting PHI for HIPAA Compliance on IBM i HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners.

Introductions Bob Luebbe, CISSP Chief Architect

Today s Agenda Cybersecurity Threats to PHI data Overview of HIPAA Requirements Why Is Encryption Important? Encryption on IBM i Simplified Encrypting data at rest Encrypting data in transit Questions & Answers

UP NEXT... Cybersecurity Threats to PHI Data

Cybersecurity Threats to PHI Data Nearly 90% of healthcare organizations have experienced a data breach in the past 2 years 45% percent have had more than 5 data breaches in the past 2 years Source: Ponemon Institute s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Cybersecurity Threats to PHI Data Protected Health Information (PHI) is more valuable than credit card numbers. Social security numbers, account numbers, and medical device serial number can t easily be changed PHI can be used to commit identity theft and insurance fraud On the black market, demand for PHI is high

Cybersecurity Threats to PHI Data Total cost of data breaches to the just the healthcare industry: $6.2 billion per year Incident response Class action lawsuits HIPAA fines Number of records breached: 113 million in 2015 (a 10x increase over 2014!)

UP NEXT... Overview of HIPAA Requirements

Overview of HIPAA Requirements Health Insurance Portability and Accountability Act applies to: Health plans Healthcare providers Healthcare clearing houses (organizations that process health info, including billing services) Business associates Some subcontractors of business associates

Overview of HIPAA Requirements Fines for non-compliance can reach millions of dollars Breach notification is required when unsecured PHI is exposed: Individuals affected Media outlets Government Customer lawsuits

Overview of HIPAA Requirements Conduct a vulnerability assessment Regularly review audit logs and access reports Guard against malware Limit data access to only authorized persons and programs Protect PHI from improper changes Encrypt PHI whenever appropriate

UP NEXT... Encryption of PHI Data

Why Is Encryption Important? Encrypted data is considered secured and does not fall under the requirements to notify of a data breach. Encrypted data isn t useful to criminals. Multiple layers of defense There are weak points on every system. Even though you have implemented other security solutions and have configured your system properly, there are ways for hackers to get to your data (phishing, malware, etc.). The only way to have secured data is to encrypt your data. This is the last layer of defense.

Encryption Overview Encryption is the process of encoding information to protect it from unauthorized access Encryption hides the meaning of the message, but not its existence. Data is encrypted using an encryption algorithm and a key. The output is called Ciphertext. The quick brown fox jumped over the lazy dog. Œ \ËKä BBY ý\åê Ñ C Ÿ^{F+rÀJ [1]Ï(54Y3s3s874s Encryption Plaintext (before) Ciphertext (after)

UP NEXT... Encryption on IBM i Simplified

ENCRYPT Encryption on IBM i Simplified Protect confidential information in IBM i database fields and IFS files including PCI, PII and PHI data. 1234 New Data (Insert/Update) Through Authorization Lists, users can be granted access to the fully decrypted field values, restricted to the masked values or can be completely denied access. r3vs#45zt!j9*k93 DB2 AUTO ENCODING/DECODING Key Management AES Encryption READS Auditing FULL DECRYPTION MASKED/PARTIAL DECRYPTION FULL ENCRYPTION Security Policies 1234 1**4 **** User A User B User C

Encryption on IBM i Simplified Crypto Complete demo

Encryption on IBM i Simplified IBM i, Linux, AIX MFT

Encryption on IBM i Simplified GoAnywhere demo

Next Steps If you need additional help navigating HIPAA requirements: Download How IT Pros Can Navigate HIPAA Compliance from HelpSystems.com Request a compliance assessment from HelpSystems Perform a Database scan for unprotected data

Questions?

Thank you for your time! Please visit www.linomasoftware.com to access: Free Trials Product Details and Brochures White Papers and Webinars Case Studies

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback