View Webcast Now: http://bit.ly/QCKUs6
Would Your Organization Survive a Data Breach?
The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually. Fortunately, if you are protecting your Personal Health Information (PHI) with proper encryption and key management, you are exempt from a breach notification. The question is, are you meeting HIPAA/HITECH standards?
Join Patrick Townsend, Founder & CEO, for a 30-minute webcast (http://bit.ly/QCKUs6) and learn more about HIPAA/HITECH and what your company can do to avoid a data breach. Topics discussed will include:
- Managing your risk of a data breach
- Achieving breach notification safe harbor status
- Encryption and key management best practices
Additionally, Patrick discusses how Townsend Security has worked with partners across the globe to integrate encryption and key management in their technologies.
View Webcast Now: http://bit.ly/QCKUs6
1. Protect PHI & Manage Risk:
HIPAA/HITECH Compliance
Townsend Security
724 Columbia Street NW, Suite 400 | Olympia, WA 98501 | 360.359.4400 | www.townsendsecurity.com
2. Webinar Presenter: Patrick Townsend
ä Founder & CEO of Townsend Security
ä Leading data security expert
ä 30 years IT industry experience
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
3. THE ENCRYPTION COMPANY
Broad experience in Over 2000 customers NIST Certified AES Encryption
data security and worldwide
data communication FIPS 140-2 Certified
Strong presence in Key Management
Leadership averages the Fortune 500
over 30 years IT Participating Organization
experience Products in 40+ PCI Security Standards
countries Council
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
6. Breaches Happen
The frequency of data breaches in healthcare have increased
32% in the past year and cost an estimated $6.5 billion annually
according to a new study by the Ponemon Institute.
Forty-one percent of healthcare executive surveyed attributed
data breaches related to protected health information (PHI) to
employee mistakes.
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
7. Top 3 Healthcare Breaches of 2011
Tricare - 4.9 million records
Unencrypted backup tapes were stolen from the parked car of an employee of a
TRICARE business associate.
Sutter Health - 4.2 million records
Stolen computer contained a database for Sutter Physician Services, which
provides billing and other administrative services for 21 Sutter units.
Health Net - 1.9 million records
Federal authorities plus at least four state agencies launched investigations of a
breach affecting 1.9 million enrollees of Health Net, an insurance company.
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
8. Blue Cross Blue Shield of Tennessee
Data breach in 2009 lost over 1 million PHI records
Spent nearly $17 million in investigation, notification, and protection efforts
Recent settlement with Department of Health and Human Services (HHS) added an
additional $1.5 million (the maximum fine in one year) to settle potential violations
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
9. HIPAA/HITECH and Protecting PHI
HITECH Act builds on HIPAA data security standard
Many references to NIST standards for encryption and key management
Guidance on key management references NIST FIPS 140-2 and NIST Key
Management Best Practices
Backdoor mandate for encryption and key management
Requirement for system logging
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
10. What is PHI?
HIPAA defines PHI as individually identifiable health information
that is transmitted or maintained in any form or medium (electronic,
oral, or paper) by a covered entity or its business associates,
excluding certain educational or employment records
Examples: Name, address, email, birthdate, SSN, employee
number, claim number, health plan beneficiary number
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
11. Where Can PHI Be Stored?
Electronic Medical Records (EMR)
Health insurance companies that record healthcare claims
Databases such as Microsoft SQL Server and Oracle
Outside entity such as a service provider (financial, lab, etc.)
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
12. Are You Gambling with $7.2 Million?
Average cost of a data breach is $214 per record or $7.2 million per breach
Direct costs include notification and legal defense
Indirect costs include loss of customer business and abnormal churn
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
13. What is Considered a Breach?
Unauthorized access to PHI
Loss or theft of:
Computer tapes
Hard drives
Unencrypted laptops
USB drives
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
14. How to Avoid Breach Notification
HIPAA/HITECH states encryption and destruction are the only
safe harbors from breach notification
Encryption should be NIST certified to provably meet
recommendations
Key management should be FIPS 140-2 certified
Note that HHS mandates FIPS 140-2 compliant solutions for itself
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
15. Townsend Security Makes Compliance Easy
NIST-certified AES encryption for every major platform
FIPS 140-2 certified encryption key management
PGP encryption for IBM i and IBM z
System logging for IBM i
Healthcare customers include: Mayo Clinic, Blue Cross Blue
Shield, ValueOptions, and more
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
16. NIST Certified AES Encryption
AES encryption for all major platforms
Provably compliant encryption
High-performance encryption to minimize hardware/software costs
Meets best practices for HIPAA/HITECH, PCI DSS, and more
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
17. FIPS 140-2 Certified Encryption Key Management
Affordable key manager manages keys through entire lifecycle
Built to be easy
Dual Control and Separation of Duties (NIST best practices &
PCI DSS requirement)
High Availability through hardware redundancy and key mirroring
Works with all server platforms: SQL Server, Windows, Linux, UNIX, etc.
Works with all databases: SQL Server, Oracle, DB2, MySQL, etc.
In use by over 2,000 customers worldwide
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
18. PGP Encryption for IBM i and IBM z
De facto standard for securing data in motion
Part of comprehensive security plan
Ported PGP to IBM i and IBM z for PGP corporation
Partnered with Symantec to bring only commercial version of PGP to IBM i
FIPS 140-2 compliant
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
19. Secure System Logging for the IBM i
Meets HIPAA section 3 around Log-in Monitoring
Meets HIPAA section 4 around Access Controls
Creates logs that ALL SIEM consoles can read
Uses SSL/TLS encryption due to secure delivery
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
20. Beware of Non-Compliant Solutions
Non-standard encryption and key management
No Dual Control or Separation of Duties
Unsubstantiated claims (eg. “meets FIPS 140-2 standards”)
Proprietary or home-grown encryption
No independent assessment of source code
No direct NIST certification of products
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
21. Partnering: ISVs, VARs, and OEMs
Your customers expect you to protect their PHI.
Compliance regulations require you to protect PHI.
Strong partner channel that is committed to partner success
Solutions built for integration
Value add to your technology
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
22. Summary
PHI lives in many different places, in many different forms
Breaches happen and cost organizations millions
Encryption and key management are backdoor mandates to HIPAA/HITECH
System logging is a requirement of HIPAA/HITECH
Townsend Security is trusted by companies worldwide
Strong partner channel to help ease the burden of compliance for your customers
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
23. What You Can Do Today ENCRYPTION
Download free 30-day evaluation of all our products
Schedule technical overview with our Customer Success Manager
KEY MANAGEMENT
Additional education in “Resources” section of our web site
>> Learn More SYSTEM LOGGING
www.townsendsecurity.com
@townsendsecure
PARTNER
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com
24. Any Questions About Protecting PHI and Managing Risk?
> Data Gets Out. Encrypt It.
NIST-Certified Encryption | FIPS 140-2 Certified Key Management
Contact Townsend Security:
patrick.townsend@townsendsecurity.com
www.townsendsecurity.com
800.357.1019
View this webinar at http://bit.ly/QCKUs6 www.townsendsecurity.com