SlideShare una empresa de Scribd logo

Protect PHI & Manage Risk - HIPAA/HITECH Compliance

T
TownsendSecurity

View Webcast Now: http://bit.ly/QCKUs6 Would Your Organization Survive a Data Breach? The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually. Fortunately, if you are protecting your Personal Health Information (PHI) with proper encryption and key management, you are exempt from a breach notification. The question is, are you meeting HIPAA/HITECH standards? Join Patrick Townsend, Founder & CEO, for a 30-minute webcast (http://bit.ly/QCKUs6) and learn more about HIPAA/HITECH and what your company can do to avoid a data breach. Topics discussed will include: - Managing your risk of a data breach - Achieving breach notification safe harbor status - Encryption and key management best practices Additionally, Patrick discusses how Townsend Security has worked with partners across the globe to integrate encryption and key management in their technologies. View Webcast Now: http://bit.ly/QCKUs6

TecnologíaEconomía y finanzas
1 de 24
Protect PHI & Manage Risk: HIPAA/HITECH Compliance Townsend Security 724 Columbia Street NW, Suite 400 | Olympia, WA 98501 | 360.359.4400 | www.townsendsecurity.com
Webinar Presenter: Patrick Townsend ä Founder & CEO of Townsend Security ä Leading data security expert ä 30 years IT industry experience View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
THE ENCRYPTION COMPANY Broad experience in Over 2000 customers NIST Certified AES Encryption data security and worldwide data communication FIPS 140-2 Certified Strong presence in Key Management Leadership averages the Fortune 500 over 30 years IT Participating Organization experience Products in 40+ PCI Security Standards countries Council View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Partners View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Breaches Happen The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually according to a new study by the Ponemon Institute. Forty-one percent of healthcare executive surveyed attributed data breaches related to protected health information (PHI) to employee mistakes. View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Top 3 Healthcare Breaches of 2011 Tricare - 4.9 million records Unencrypted backup tapes were stolen from the parked car of an employee of a TRICARE business associate. Sutter Health - 4.2 million records Stolen computer contained a database for Sutter Physician Services, which provides billing and other administrative services for 21 Sutter units. Health Net - 1.9 million records Federal authorities plus at least four state agencies launched investigations of a breach affecting 1.9 million enrollees of Health Net, an insurance company. View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Blue Cross Blue Shield of Tennessee  Data breach in 2009 lost over 1 million PHI records  Spent nearly $17 million in investigation, notification, and protection efforts  Recent settlement with Department of Health and Human Services (HHS) added an additional $1.5 million (the maximum fine in one year) to settle potential violations View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
HIPAA/HITECH and Protecting PHI  HITECH Act builds on HIPAA data security standard  Many references to NIST standards for encryption and key management  Guidance on key management references NIST FIPS 140-2 and NIST Key Management Best Practices  Backdoor mandate for encryption and key management  Requirement for system logging View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
What is PHI?  HIPAA defines PHI as individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational or employment records  Examples: Name, address, email, birthdate, SSN, employee number, claim number, health plan beneficiary number View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Where Can PHI Be Stored?  Electronic Medical Records (EMR)  Health insurance companies that record healthcare claims  Databases such as Microsoft SQL Server and Oracle  Outside entity such as a service provider (financial, lab, etc.) View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Are You Gambling with $7.2 Million?  Average cost of a data breach is $214 per record or $7.2 million per breach  Direct costs include notification and legal defense  Indirect costs include loss of customer business and abnormal churn View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
What is Considered a Breach?  Unauthorized access to PHI  Loss or theft of:  Computer tapes  Hard drives  Unencrypted laptops  USB drives View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
How to Avoid Breach Notification  HIPAA/HITECH states encryption and destruction are the only safe harbors from breach notification  Encryption should be NIST certified to provably meet recommendations  Key management should be FIPS 140-2 certified  Note that HHS mandates FIPS 140-2 compliant solutions for itself View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Townsend Security Makes Compliance Easy  NIST-certified AES encryption for every major platform  FIPS 140-2 certified encryption key management  PGP encryption for IBM i and IBM z  System logging for IBM i  Healthcare customers include: Mayo Clinic, Blue Cross Blue Shield, ValueOptions, and more View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
NIST Certified AES Encryption  AES encryption for all major platforms  Provably compliant encryption  High-performance encryption to minimize hardware/software costs  Meets best practices for HIPAA/HITECH, PCI DSS, and more View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
FIPS 140-2 Certified Encryption Key Management  Affordable key manager manages keys through entire lifecycle  Built to be easy  Dual Control and Separation of Duties (NIST best practices & PCI DSS requirement)  High Availability through hardware redundancy and key mirroring  Works with all server platforms: SQL Server, Windows, Linux, UNIX, etc.  Works with all databases: SQL Server, Oracle, DB2, MySQL, etc.  In use by over 2,000 customers worldwide View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
PGP Encryption for IBM i and IBM z  De facto standard for securing data in motion  Part of comprehensive security plan  Ported PGP to IBM i and IBM z for PGP corporation  Partnered with Symantec to bring only commercial version of PGP to IBM i  FIPS 140-2 compliant View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Secure System Logging for the IBM i  Meets HIPAA section 3 around Log-in Monitoring  Meets HIPAA section 4 around Access Controls  Creates logs that ALL SIEM consoles can read  Uses SSL/TLS encryption due to secure delivery View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Beware of Non-Compliant Solutions  Non-standard encryption and key management  No Dual Control or Separation of Duties  Unsubstantiated claims (eg. “meets FIPS 140-2 standards”)  Proprietary or home-grown encryption  No independent assessment of source code  No direct NIST certification of products View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Partnering: ISVs, VARs, and OEMs Your customers expect you to protect their PHI. Compliance regulations require you to protect PHI.  Strong partner channel that is committed to partner success  Solutions built for integration  Value add to your technology View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Summary  PHI lives in many different places, in many different forms  Breaches happen and cost organizations millions  Encryption and key management are backdoor mandates to HIPAA/HITECH  System logging is a requirement of HIPAA/HITECH  Townsend Security is trusted by companies worldwide  Strong partner channel to help ease the burden of compliance for your customers View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
What You Can Do Today ENCRYPTION  Download free 30-day evaluation of all our products  Schedule technical overview with our Customer Success Manager KEY MANAGEMENT  Additional education in “Resources” section of our web site >> Learn More SYSTEM LOGGING www.townsendsecurity.com @townsendsecure PARTNER View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
Any Questions About Protecting PHI and Managing Risk? > Data Gets Out. Encrypt It. NIST-Certified Encryption | FIPS 140-2 Certified Key Management Contact Townsend Security: patrick.townsend@townsendsecurity.com www.townsendsecurity.com 800.357.1019 View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com

Recomendados

Networked Dynamic Systems: Identification, Controllability, and Randomness
Networked Dynamic Systems: Identification, Controllability, and RandomnessNetworked Dynamic Systems: Identification, Controllability, and Randomness
Networked Dynamic Systems: Identification, Controllability, and RandomnessMarzieh Nabi
 
หมวด
หมวดหมวด
หมวดkunpornhri
 
siggnos
siggnossiggnos
siggnossignosquitilipi
 
Digital PR for Trade Shows
Digital PR for Trade ShowsDigital PR for Trade Shows
Digital PR for Trade ShowsThe Trade Group
 
Q. leyes de los gases
Q. leyes de los gasesQ. leyes de los gases
Q. leyes de los gasesmkciencias
 
Network Identification via Node Knock-out
Network Identification via Node Knock-outNetwork Identification via Node Knock-out
Network Identification via Node Knock-outMarzieh Nabi
 
QReequn presentation
QReequn presentationQReequn presentation
QReequn presentationEvgeny Klimenko
 
Butterfly
ButterflyButterfly
Butterflyvenuavs
 

Recomendados

Networked Dynamic Systems: Identification, Controllability, and Randomness
Networked Dynamic Systems: Identification, Controllability, and RandomnessNetworked Dynamic Systems: Identification, Controllability, and Randomness
Networked Dynamic Systems: Identification, Controllability, and RandomnessMarzieh Nabi
 
หมวด
หมวดหมวด
หมวดkunpornhri
 
siggnos
siggnossiggnos
siggnossignosquitilipi
 
Digital PR for Trade Shows
Digital PR for Trade ShowsDigital PR for Trade Shows
Digital PR for Trade ShowsThe Trade Group
 
Q. leyes de los gases
Q. leyes de los gasesQ. leyes de los gases
Q. leyes de los gasesmkciencias
 
Network Identification via Node Knock-out
Network Identification via Node Knock-outNetwork Identification via Node Knock-out
Network Identification via Node Knock-outMarzieh Nabi
 
QReequn presentation
QReequn presentationQReequn presentation
QReequn presentationEvgeny Klimenko
 
Butterfly
ButterflyButterfly
Butterflyvenuavs
 
Struktur jantung dan peredaran darah dalam
Struktur jantung dan peredaran darah dalamStruktur jantung dan peredaran darah dalam
Struktur jantung dan peredaran darah dalamAsmira Aliens
 
How Dangerous Are Motorcycles, Really?
How Dangerous Are Motorcycles, Really?How Dangerous Are Motorcycles, Really?
How Dangerous Are Motorcycles, Really?TastyPlacement
 
השעה הפרטנית
השעה הפרטנית השעה הפרטנית
השעה הפרטנית Lea Patron
 
Visual Resume
Visual ResumeVisual Resume
Visual ResumeAlyManikowski
 
Pdf 1 presentacion 22-03-13 scdad eh-1
Pdf 1 presentacion 22-03-13 scdad eh-1Pdf 1 presentacion 22-03-13 scdad eh-1
Pdf 1 presentacion 22-03-13 scdad eh-1euskalemfyre
 
All
AllAll
AllIlyaDolgoff
 
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelse
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelseAROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelse
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelseAnders Rosenlund
 
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงาน
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงานใบงานที่ 3 ขอบข่ายและประเภทของโครงงาน
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงานNet'Net Zii
 
ISEA Paper 2011
ISEA Paper 2011ISEA Paper 2011
ISEA Paper 2011Julian Stadon
 
Daniel
DanielDaniel
Danieldanielmartinez01
 
まえばしシャッタークエスト Stage.0
まえばしシャッタークエスト Stage.0まえばしシャッタークエスト Stage.0
まえばしシャッタークエスト Stage.0Yo Fujisawa
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Más contenido relacionado

Destacado

Struktur jantung dan peredaran darah dalam
Struktur jantung dan peredaran darah dalamStruktur jantung dan peredaran darah dalam
Struktur jantung dan peredaran darah dalamAsmira Aliens
 
How Dangerous Are Motorcycles, Really?
How Dangerous Are Motorcycles, Really?How Dangerous Are Motorcycles, Really?
How Dangerous Are Motorcycles, Really?TastyPlacement
 
השעה הפרטנית
השעה הפרטנית השעה הפרטנית
השעה הפרטנית Lea Patron
 
Pdf 1 presentacion 22-03-13 scdad eh-1
Pdf 1 presentacion 22-03-13 scdad eh-1Pdf 1 presentacion 22-03-13 scdad eh-1
Pdf 1 presentacion 22-03-13 scdad eh-1euskalemfyre
 
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelse
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelseAROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelse
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelseAnders Rosenlund
 
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงาน
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงานใบงานที่ 3 ขอบข่ายและประเภทของโครงงาน
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงานNet'Net Zii
 
まえばしシャッタークエスト Stage.0
まえばしシャッタークエスト Stage.0まえばしシャッタークエスト Stage.0
まえばしシャッタークエスト Stage.0Yo Fujisawa
 

Destacado (11)

Struktur jantung dan peredaran darah dalam
Struktur jantung dan peredaran darah dalamStruktur jantung dan peredaran darah dalam
Struktur jantung dan peredaran darah dalam
 
How Dangerous Are Motorcycles, Really?
How Dangerous Are Motorcycles, Really?How Dangerous Are Motorcycles, Really?
How Dangerous Are Motorcycles, Really?
 
השעה הפרטנית
השעה הפרטנית השעה הפרטנית
השעה הפרטנית
 
Visual Resume
Visual ResumeVisual Resume
Visual Resume
 
Pdf 1 presentacion 22-03-13 scdad eh-1
Pdf 1 presentacion 22-03-13 scdad eh-1Pdf 1 presentacion 22-03-13 scdad eh-1
Pdf 1 presentacion 22-03-13 scdad eh-1
 
All
AllAll
All
 
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelse
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelseAROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelse
AROS KURSER - 7 tips til at øge værdien af medarbejdernes efteruddannelse
 
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงาน
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงานใบงานที่ 3 ขอบข่ายและประเภทของโครงงาน
ใบงานที่ 3 ขอบข่ายและประเภทของโครงงาน
 
ISEA Paper 2011
ISEA Paper 2011ISEA Paper 2011
ISEA Paper 2011
 
Daniel
DanielDaniel
Daniel
 
まえばしシャッタークエスト Stage.0
まえばしシャッタークエスト Stage.0まえばしシャッタークエスト Stage.0
まえばしシャッタークエスト Stage.0
 

Último

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Último (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Protect PHI & Manage Risk - HIPAA/HITECH Compliance

  • 1. Protect PHI & Manage Risk: HIPAA/HITECH Compliance Townsend Security 724 Columbia Street NW, Suite 400 | Olympia, WA 98501 | 360.359.4400 | www.townsendsecurity.com
  • 2. Webinar Presenter: Patrick Townsend ä Founder & CEO of Townsend Security ä Leading data security expert ä 30 years IT industry experience View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 3. THE ENCRYPTION COMPANY Broad experience in Over 2000 customers NIST Certified AES Encryption data security and worldwide data communication FIPS 140-2 Certified Strong presence in Key Management Leadership averages the Fortune 500 over 30 years IT Participating Organization experience Products in 40+ PCI Security Standards countries Council View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 4. View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 5. Partners View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 6. Breaches Happen The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually according to a new study by the Ponemon Institute. Forty-one percent of healthcare executive surveyed attributed data breaches related to protected health information (PHI) to employee mistakes. View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 7. Top 3 Healthcare Breaches of 2011 Tricare - 4.9 million records Unencrypted backup tapes were stolen from the parked car of an employee of a TRICARE business associate. Sutter Health - 4.2 million records Stolen computer contained a database for Sutter Physician Services, which provides billing and other administrative services for 21 Sutter units. Health Net - 1.9 million records Federal authorities plus at least four state agencies launched investigations of a breach affecting 1.9 million enrollees of Health Net, an insurance company. View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 8. Blue Cross Blue Shield of Tennessee  Data breach in 2009 lost over 1 million PHI records  Spent nearly $17 million in investigation, notification, and protection efforts  Recent settlement with Department of Health and Human Services (HHS) added an additional $1.5 million (the maximum fine in one year) to settle potential violations View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 9. HIPAA/HITECH and Protecting PHI  HITECH Act builds on HIPAA data security standard  Many references to NIST standards for encryption and key management  Guidance on key management references NIST FIPS 140-2 and NIST Key Management Best Practices  Backdoor mandate for encryption and key management  Requirement for system logging View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 10. What is PHI?  HIPAA defines PHI as individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational or employment records  Examples: Name, address, email, birthdate, SSN, employee number, claim number, health plan beneficiary number View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 11. Where Can PHI Be Stored?  Electronic Medical Records (EMR)  Health insurance companies that record healthcare claims  Databases such as Microsoft SQL Server and Oracle  Outside entity such as a service provider (financial, lab, etc.) View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 12. Are You Gambling with $7.2 Million?  Average cost of a data breach is $214 per record or $7.2 million per breach  Direct costs include notification and legal defense  Indirect costs include loss of customer business and abnormal churn View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 13. What is Considered a Breach?  Unauthorized access to PHI  Loss or theft of:  Computer tapes  Hard drives  Unencrypted laptops  USB drives View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 14. How to Avoid Breach Notification  HIPAA/HITECH states encryption and destruction are the only safe harbors from breach notification  Encryption should be NIST certified to provably meet recommendations  Key management should be FIPS 140-2 certified  Note that HHS mandates FIPS 140-2 compliant solutions for itself View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 15. Townsend Security Makes Compliance Easy  NIST-certified AES encryption for every major platform  FIPS 140-2 certified encryption key management  PGP encryption for IBM i and IBM z  System logging for IBM i  Healthcare customers include: Mayo Clinic, Blue Cross Blue Shield, ValueOptions, and more View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 16. NIST Certified AES Encryption  AES encryption for all major platforms  Provably compliant encryption  High-performance encryption to minimize hardware/software costs  Meets best practices for HIPAA/HITECH, PCI DSS, and more View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 17. FIPS 140-2 Certified Encryption Key Management  Affordable key manager manages keys through entire lifecycle  Built to be easy  Dual Control and Separation of Duties (NIST best practices & PCI DSS requirement)  High Availability through hardware redundancy and key mirroring  Works with all server platforms: SQL Server, Windows, Linux, UNIX, etc.  Works with all databases: SQL Server, Oracle, DB2, MySQL, etc.  In use by over 2,000 customers worldwide View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 18. PGP Encryption for IBM i and IBM z  De facto standard for securing data in motion  Part of comprehensive security plan  Ported PGP to IBM i and IBM z for PGP corporation  Partnered with Symantec to bring only commercial version of PGP to IBM i  FIPS 140-2 compliant View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 19. Secure System Logging for the IBM i  Meets HIPAA section 3 around Log-in Monitoring  Meets HIPAA section 4 around Access Controls  Creates logs that ALL SIEM consoles can read  Uses SSL/TLS encryption due to secure delivery View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 20. Beware of Non-Compliant Solutions  Non-standard encryption and key management  No Dual Control or Separation of Duties  Unsubstantiated claims (eg. “meets FIPS 140-2 standards”)  Proprietary or home-grown encryption  No independent assessment of source code  No direct NIST certification of products View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 21. Partnering: ISVs, VARs, and OEMs Your customers expect you to protect their PHI. Compliance regulations require you to protect PHI.  Strong partner channel that is committed to partner success  Solutions built for integration  Value add to your technology View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 22. Summary  PHI lives in many different places, in many different forms  Breaches happen and cost organizations millions  Encryption and key management are backdoor mandates to HIPAA/HITECH  System logging is a requirement of HIPAA/HITECH  Townsend Security is trusted by companies worldwide  Strong partner channel to help ease the burden of compliance for your customers View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 23. What You Can Do Today ENCRYPTION  Download free 30-day evaluation of all our products  Schedule technical overview with our Customer Success Manager KEY MANAGEMENT  Additional education in “Resources” section of our web site >> Learn More SYSTEM LOGGING www.townsendsecurity.com @townsendsecure PARTNER View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
  • 24. Any Questions About Protecting PHI and Managing Risk? > Data Gets Out. Encrypt It. NIST-Certified Encryption | FIPS 140-2 Certified Key Management Contact Townsend Security: patrick.townsend@townsendsecurity.com www.townsendsecurity.com 800.357.1019 View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com