SlideShare una empresa de Scribd logo

HIPAA HITECH Express Security Privacy Webinar

Compliancy Group
Compliancy Group

For more information or to see more webinars visit www.compliancy-group.com

Educación
1 de 28
A SIMPLIFIED BLUEPRINT FOR END TO END HEALTH IT RISK MANAGEMENT Security & Privacy Compliance Readiness HIPAA HITECH Express The Compliancy Group Blueprint for Compliance Readiness Copyright QI Partners HIPAAHITECHExpress.com 2012
Todays Speakers Eric Hummel has experience in IT and Security dating back more than 40 years, Eric has provided compliance oversight and security subject matter expertise to CISOs of 3 major Federal agencies, most recently the Department of Health and Human Services. As CEO of QI Partners, he is the principal architect and co-founder of the HIPAA HITECH Express and has developed the IT Security Process Library, one of its core elements. Susan Pretnar is currently President of KeySys Health, LLC, a woman owned healthcare consulting and technology company based in Birmingham, Alabama. She has more than 30 years experience in IT, Health Information Exchange development and implementation, Medicare operations management and various project management opportunities provided the expertise needed to develop and deliver solutions focused on major healthcare challenges; achieving Meaningful Use, and compliance with the HIPAA Security Rule. Robert Zimmerman has over 25 years of experience in financial and technology risk management in the public and commercial sectors. Robert has developed multiple successful risk management services including: Project Risk Management; PCI and FISMA compliance: and most recently Cloud Governance and HIPAA/HITECH Security and Privacy. As co-founder of the HIPAA HITECH Express his focus is on developing innovative and efficient approaches to mitigating and preventing the myriad of risks from the growth of Health IT. Copyright QI Partners HIPAAHITECHExpress.com 2012 2
AGENDA Reaching Your Goal: Protecting PHI Simplified Approach to Security Privacy Readiness Some Lessons Learned and Best Practices Open Forum Copyright QI Partners HIPAAHITECHExpress.com 2012 3
Data Breaches are More Prevalent than You think 2012 HIMSS Analytics Report 27% of respondents said they had a data breach 69% reported experiencing more than one breach 79% said breach caused by employee What are likely factors for a Breach? Lack of staff attention Mobile Devices storing PHI Health Information Sharing 81% resulted in time and productivity loss 78% diminished brand or reputation 75% loss of patient goodwill Copyright QI Partners HIPAAHITECHExpress.com 2012 4
Data Breaches are Costly Phoenix Cardiac Surgery agreed to pay HHS $100,000 and take corrective actions to protect patient information. Complaint that the practice "was posting clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible," according to an HHS news release. The civil rights office's investigation also found that the practice "had implemented few policies and procedures to comply with the HIPAA privacy and security rules and had limited safeguards in place to protect patients' electronic protected OCR Director Leon Rodriguez said in the statement. "We hope that healthcare providers pay careful attention to this resolution agreement and understand that the HIPAA privacy and security rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity." Copyright QI Partners HIPAAHITECHExpress.com 2012 5
How Do We Value PHI? More healthcare organizations would invest in security if.. Understood privacy expectations of their patients Understood increasing costs of class action law suits Understood statistical probability of a data breach PHI Value Estimator free from ANSI Estimates a potential cost of a data breach to an organization Provides a methodology for determining an appropriate investment to reduce probability of a breach Conduct Risk Assessment Determine Security Readiness Assess the Relevance of a Cost Determine the Impact Calculate the Total Cost of a Breach Copyright QI Partners HIPAAHITECHExpress.com 2012 6
Amazingly Easy While sale of information takes place in underground forums, it is surprisingly easy to join Experts say PII of over 40 Million Americans is being bought and sold online Competing prices, additional services, money back guarantees Like any commodity market data is priced by value; does it belong to a real person, is it in demand, how commercial is it Medical data is worth 5 times the value of a Social Security # Copyright QI Partners HIPAAHITECHExpress.com 2012 7
We can Blame Hackers. But just as there will always be software vulnerabilities there will always be hackers. The real question is how do we stop them. So What Can We Do to Simply, Effectively, and Efficiently Copyright QI Partners HIPAAHITECHExpress.com 2012 8
Simply, Effectively, and Efficiently Protect PHI
Reaching Our Goals: Walking Backwards Organization Goals Be secure, stay secure Be compliant, stay secure No breaches Spend next to nothing The best way to move toward all of these is to implement a Risk Management Program To do this we might: 1. Hire a consultant to design and build a custom RM program 2. Implement pre-existing security Risk Management solution and develop in-house capability for security management 3. Implement pieces of the security program ad-hoc 4. Cross our fingers Copyright QI Partners HIPAAHITECHExpress.com 2012 10
Risk Management Program Control Activities Administrative Risk Assessment Operational Program Technical Policies Procedures Plans Monitoring, Risk Risk Assignments Analysis Management Mitigation Schedules Domains People Document Processes -ation Technology Copyright QI Partners HIPAAHITECHExpress.com 2012 11
HIPAA HITECH Express Security Risk Management Process Pre- Rapid Risk Rapid Risk Assessment Analysis Remediation Rapid Risk Analysis builds prioritized workplan Risk Risk Monitoring, Assessment Management Analysis Inventory of the enterprise Complete policy templates Standardized procedures implement the policies Risk Reporting Reporting and Dashboards Outcome is Risk Management Copyright QI Partners HIPAAHITECHExpress.com 2012 12
Common Pitfalls to Avoid Reactive solutions Half solutions Point solutions Point-in-time solutions Lack of strategic goals and objectives Improper use of expertise Failure to implement review and verification Copyright QI Partners HIPAAHITECHExpress.com 2012 13
Simplified Approach, Rapid Results
Do You Have Basic Security in Place? Website of Gawker was hacked in 2011 Turned Out over 3,000 Gawker users had the Password 123456 Over 2,000 used password as the Password Simple Password Requirements could have prevented this Access Security Can Go a Long Way in Securing the Organization Copyright QI Partners HIPAAHITECHExpress.com 2012 15
A Simplified Approach to Security Privacy Compliance Rapid Risk Assessment Complete, Simple, Practical Guided, prioritized questionnaire that identifies critical risks and gaps Rapid Remediation Guided, Standard, Auditable Automated workflow and policy library to quickly and completely remediate risks and gaps On-Going Monitoring Repeatable, Documented, Compliant Effectively and efficiently manage the compliance, audit and incident response process Copyright QI Partners HIPAAHITECHExpress.com 2012 16
Simplified Risk Analysis Drives Remediation and Compliance Activities 1   Does your organization have the following documentation?   ☐ Security Policies ☐ Security Procedures (e.g. Implementation of policies)   2   Does your organization have an inventory of all systems and applications that ☐ Yes ☐ No   collect, process, store or transmit ePHI?   3   Is all ePHI present on workstations & mobile devices encrypted?   ☐ Yes ☐ No   4   Do all employees and temporary users of PHI undergo security training at least ☐ Yes ☐ No   annually?   Copyright QI Partners HIPAAHITECHExpress.com 2012 17
Mitigation Map Drives Remediation and Ongoing Compliance Example HIPAA Citation 164.308(a)(3)(ii)(A) HIPAA Reference Workforce Security appropriate access and supervision of PHI data Gap Controls that ensure workforce members obtain only the access required to perform their day to day duties is not in place. Thus, unauthorized access to PHI is possible. Mitigation Define a set of roles for staff to be assigned Recommendation Assign each user to one or more roles Train administrative staff in role and access management Workflow Type System Access Policies and Procedures Training Audit Evidence Access Controls Policy Required Security Awareness Training Curriculum Logs of Access and Training attendance Copyright QI Partners HIPAAHITECHExpress.com 2012 18
End to End Security & Privacy: Compliant, Secure, Auditable Process generates evidence required to manage and audit. No fire drills. Copyright QI Partners HIPAAHITECHExpress.com 2012 19
Increase PHI Security Check that risk assessments are up to date Make sure senior managers are supportive of risk mitigation strategies Review existing compliance programs and staff training Ensure vigilant implementation of security and privacy procedures Conduct regular internal compliance audits Develop a plan for prompt response to breach incidents Copyright QI Partners HIPAAHITECHExpress.com 2012 20
The Yin and Yang of Security Can we Implement Better Security, Enhance Privacy and Improve Productivity? YES! Minimize the productivity impact of security by making it as transparent as possible While security controls stop people from doing bad things, these same controls can enforce best practice There is great potential in using data on what people are doing to improve productivity Copyright QI Partners HIPAAHITECHExpress.com 2012 21
Lessons Learned, Best Practices Drive Effective Security
Unaware - Uninformed $ Spent on Security - Too small to quantify Employees not Technology - Both accidental and deliberate actors in breach incidents Everyday Security Needed - Develop Patient & Provider Expectations - Greater access to personal health info, but protected Copyright QI Partners HIPAAHITECHExpress.com 2012 23
Security Best Practices High Tech + Low Tech Policies and Procedures beyond defined - Implemented and monitored for effectiveness BAs and SLAs - Define accountabilities and responsibilities for mutual processes Breach Recovery Logs, Logs, Logs - Why & how did it happen, who was affected know where to look to protect your brand Invest in Technology - Cloud solutions expanding rapidly - Mobile devices greatly expand possibilities safeguards are available Engage and Empower Patients benefits of eHealth for all Risk Management Program not a one time event - Ongoing business function needing time & $$ Copyright QI Partners HIPAAHITECHExpress.com 2012 24
Balancing Security, Compliance and Productivity Set security as an organization goal Utilize Training so everyone knows the basic rules Ensure management understands the risks associated with unsecured systems Communicate to the organization clearly Make sure everyone knows their roles and responsibilities Copyright QI Partners HIPAAHITECHExpress.com 2012 25
The Risk Averted Francis Bacon British author and Statesman Copyright QI Partners HIPAAHITECHExpress.com 2012 26
QUESTIONS
HIPAA HITECH Express Blueprint for Compliance Readiness The HIPAA HITECH Express Team can assist you reduce the complexity, confusion and guesswork of meeting the HIPAA security and privacy rules. Our solution walks you through the security and privacy compliance process, saving time, money and reducing risk. The HIPAA HITECH Express Team has done it before. We have extensive experience implementing risk based cost effective regulatory compliance and information security and privacy solutions. For more information on HIPAA/HITECH Express contact: Robert Zimmerman Eric Hummel rzimmerman@inforistec.com eric.hummel@qedsec.com 301-802-1925 703-980-3378 Copyright QI Partners HIPAAHITECHExpress.com 2012 28

Recomendados

Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2Flaskdata.io
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security StrategyDonald Tabone
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
 

Recomendados

Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2Flaskdata.io
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security StrategyDonald Tabone
 
Implementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiImplementing Business Aligned Security Strategy Dane Warren Li
Implementing Business Aligned Security Strategy Dane Warren LiDaneWarren
 
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupEXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupFeroot
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
AURISEG CONSULTING PRIVATE LIMITED
AURISEG CONSULTING PRIVATE LIMITED AURISEG CONSULTING PRIVATE LIMITED
AURISEG CONSULTING PRIVATE LIMITED Srinivasan M.S
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governancedigitallibrary
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014Aladdin Dandis
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcementsupportc2go
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012mrpchcchpc
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014Aladdin Dandis
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin, Inc.
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA AuditSecurityMetrics
 

Más contenido relacionado

La actualidad más candente

EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupEXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupFeroot
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
AURISEG CONSULTING PRIVATE LIMITED
AURISEG CONSULTING PRIVATE LIMITED AURISEG CONSULTING PRIVATE LIMITED
AURISEG CONSULTING PRIVATE LIMITED Srinivasan M.S
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governancedigitallibrary
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcementsupportc2go
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012mrpchcchpc
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 

La actualidad más candente (20)

EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec GroupEXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 
AURISEG CONSULTING PRIVATE LIMITED
AURISEG CONSULTING PRIVATE LIMITED AURISEG CONSULTING PRIVATE LIMITED
AURISEG CONSULTING PRIVATE LIMITED
 
Developing Metrics for Information Security Governance
Developing Metrics for Information Security GovernanceDeveloping Metrics for Information Security Governance
Developing Metrics for Information Security Governance
 
Ch3 cism 2014
Ch3 cism 2014Ch3 cism 2014
Ch3 cism 2014
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
 
SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012SEMHIMA Presentation Final 06052012
SEMHIMA Presentation Final 06052012
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best Practices
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk Managment
 

Similar a HIPAA HITECH Express Security Privacy Webinar

Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin, Inc.
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA AuditSecurityMetrics
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurancemindleaftechnologies
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterprisePerficient, Inc.
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersAndrew Ames
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Anton Chuvakin
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...HPCC Systems
 
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Redspin, Inc.
 
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Redspin, Inc.
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk AssessmentMarc St-Pierre
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
 
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 

Similar a HIPAA HITECH Express Security Privacy Webinar (20)

Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
 
Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
 
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
 
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk Assessment
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Agiliance Wp Hipaa
Agiliance Wp HipaaAgiliance Wp Hipaa
Agiliance Wp Hipaa
 
Agiliance HIPAA Whitepaper
Agiliance HIPAA WhitepaperAgiliance HIPAA Whitepaper
Agiliance HIPAA Whitepaper
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 

Más de Compliancy Group

HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016Compliancy Group
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud Compliancy Group
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Compliancy Group
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...Compliancy Group
 
How to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsHow to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsCompliancy Group
 
Preparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practicePreparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practiceCompliancy Group
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...Compliancy Group
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA AuditCompliancy Group
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...Compliancy Group
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...Compliancy Group
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceCompliancy Group
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeCompliancy Group
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDCompliancy Group
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityCompliancy Group
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Compliancy Group
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingCompliancy Group
 

Más de Compliancy Group (20)

HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
 
How to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 auditsHow to prepare for OCR's upcoming phase 2 audits
How to prepare for OCR's upcoming phase 2 audits
 
Preparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practicePreparing for the unexpected in your medical practice
Preparing for the unexpected in your medical practice
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
 
How to Survive a HIPAA Audit
How to Survive a HIPAA AuditHow to Survive a HIPAA Audit
How to Survive a HIPAA Audit
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
 
Meaningful Use vs HIPAA
Meaningful Use vs HIPAAMeaningful Use vs HIPAA
Meaningful Use vs HIPAA
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...How to Increase Your Profits Using Patient Payments on File, Recurring and On...
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDHIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
 
What you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperabilityWhat you need to know about Meaningful Use 2 & interoperability
What you need to know about Meaningful Use 2 & interoperability
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10Just the Facts- Meaningful Use Stage 2 & ICD 10
Just the Facts- Meaningful Use Stage 2 & ICD 10
 
Is Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for AuditingIs Your EHR Safe? New Technologies for Auditing
Is Your EHR Safe? New Technologies for Auditing
 

Último

Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 

Último (20)

Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 

HIPAA HITECH Express Security Privacy Webinar

  • 1. A SIMPLIFIED BLUEPRINT FOR END TO END HEALTH IT RISK MANAGEMENT Security & Privacy Compliance Readiness HIPAA HITECH Express The Compliancy Group Blueprint for Compliance Readiness Copyright QI Partners HIPAAHITECHExpress.com 2012
  • 2. Todays Speakers Eric Hummel has experience in IT and Security dating back more than 40 years, Eric has provided compliance oversight and security subject matter expertise to CISOs of 3 major Federal agencies, most recently the Department of Health and Human Services. As CEO of QI Partners, he is the principal architect and co-founder of the HIPAA HITECH Express and has developed the IT Security Process Library, one of its core elements. Susan Pretnar is currently President of KeySys Health, LLC, a woman owned healthcare consulting and technology company based in Birmingham, Alabama. She has more than 30 years experience in IT, Health Information Exchange development and implementation, Medicare operations management and various project management opportunities provided the expertise needed to develop and deliver solutions focused on major healthcare challenges; achieving Meaningful Use, and compliance with the HIPAA Security Rule. Robert Zimmerman has over 25 years of experience in financial and technology risk management in the public and commercial sectors. Robert has developed multiple successful risk management services including: Project Risk Management; PCI and FISMA compliance: and most recently Cloud Governance and HIPAA/HITECH Security and Privacy. As co-founder of the HIPAA HITECH Express his focus is on developing innovative and efficient approaches to mitigating and preventing the myriad of risks from the growth of Health IT. Copyright QI Partners HIPAAHITECHExpress.com 2012 2
  • 3. AGENDA Reaching Your Goal: Protecting PHI Simplified Approach to Security Privacy Readiness Some Lessons Learned and Best Practices Open Forum Copyright QI Partners HIPAAHITECHExpress.com 2012 3
  • 4. Data Breaches are More Prevalent than You think 2012 HIMSS Analytics Report 27% of respondents said they had a data breach 69% reported experiencing more than one breach 79% said breach caused by employee What are likely factors for a Breach? Lack of staff attention Mobile Devices storing PHI Health Information Sharing 81% resulted in time and productivity loss 78% diminished brand or reputation 75% loss of patient goodwill Copyright QI Partners HIPAAHITECHExpress.com 2012 4
  • 5. Data Breaches are Costly Phoenix Cardiac Surgery agreed to pay HHS $100,000 and take corrective actions to protect patient information. Complaint that the practice "was posting clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible," according to an HHS news release. The civil rights office's investigation also found that the practice "had implemented few policies and procedures to comply with the HIPAA privacy and security rules and had limited safeguards in place to protect patients' electronic protected OCR Director Leon Rodriguez said in the statement. "We hope that healthcare providers pay careful attention to this resolution agreement and understand that the HIPAA privacy and security rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity." Copyright QI Partners HIPAAHITECHExpress.com 2012 5
  • 6. How Do We Value PHI? More healthcare organizations would invest in security if.. Understood privacy expectations of their patients Understood increasing costs of class action law suits Understood statistical probability of a data breach PHI Value Estimator free from ANSI Estimates a potential cost of a data breach to an organization Provides a methodology for determining an appropriate investment to reduce probability of a breach Conduct Risk Assessment Determine Security Readiness Assess the Relevance of a Cost Determine the Impact Calculate the Total Cost of a Breach Copyright QI Partners HIPAAHITECHExpress.com 2012 6
  • 7. Amazingly Easy While sale of information takes place in underground forums, it is surprisingly easy to join Experts say PII of over 40 Million Americans is being bought and sold online Competing prices, additional services, money back guarantees Like any commodity market data is priced by value; does it belong to a real person, is it in demand, how commercial is it Medical data is worth 5 times the value of a Social Security # Copyright QI Partners HIPAAHITECHExpress.com 2012 7
  • 8. We can Blame Hackers. But just as there will always be software vulnerabilities there will always be hackers. The real question is how do we stop them. So What Can We Do to Simply, Effectively, and Efficiently Copyright QI Partners HIPAAHITECHExpress.com 2012 8
  • 9. Simply, Effectively, and Efficiently Protect PHI
  • 10. Reaching Our Goals: Walking Backwards Organization Goals Be secure, stay secure Be compliant, stay secure No breaches Spend next to nothing The best way to move toward all of these is to implement a Risk Management Program To do this we might: 1. Hire a consultant to design and build a custom RM program 2. Implement pre-existing security Risk Management solution and develop in-house capability for security management 3. Implement pieces of the security program ad-hoc 4. Cross our fingers Copyright QI Partners HIPAAHITECHExpress.com 2012 10
  • 11. Risk Management Program Control Activities Administrative Risk Assessment Operational Program Technical Policies Procedures Plans Monitoring, Risk Risk Assignments Analysis Management Mitigation Schedules Domains People Document Processes -ation Technology Copyright QI Partners HIPAAHITECHExpress.com 2012 11
  • 12. HIPAA HITECH Express Security Risk Management Process Pre- Rapid Risk Rapid Risk Assessment Analysis Remediation Rapid Risk Analysis builds prioritized workplan Risk Risk Monitoring, Assessment Management Analysis Inventory of the enterprise Complete policy templates Standardized procedures implement the policies Risk Reporting Reporting and Dashboards Outcome is Risk Management Copyright QI Partners HIPAAHITECHExpress.com 2012 12
  • 13. Common Pitfalls to Avoid Reactive solutions Half solutions Point solutions Point-in-time solutions Lack of strategic goals and objectives Improper use of expertise Failure to implement review and verification Copyright QI Partners HIPAAHITECHExpress.com 2012 13
  • 15. Do You Have Basic Security in Place? Website of Gawker was hacked in 2011 Turned Out over 3,000 Gawker users had the Password 123456 Over 2,000 used password as the Password Simple Password Requirements could have prevented this Access Security Can Go a Long Way in Securing the Organization Copyright QI Partners HIPAAHITECHExpress.com 2012 15
  • 16. A Simplified Approach to Security Privacy Compliance Rapid Risk Assessment Complete, Simple, Practical Guided, prioritized questionnaire that identifies critical risks and gaps Rapid Remediation Guided, Standard, Auditable Automated workflow and policy library to quickly and completely remediate risks and gaps On-Going Monitoring Repeatable, Documented, Compliant Effectively and efficiently manage the compliance, audit and incident response process Copyright QI Partners HIPAAHITECHExpress.com 2012 16
  • 17. Simplified Risk Analysis Drives Remediation and Compliance Activities 1   Does your organization have the following documentation?   ☐ Security Policies ☐ Security Procedures (e.g. Implementation of policies)   2   Does your organization have an inventory of all systems and applications that ☐ Yes ☐ No   collect, process, store or transmit ePHI?   3   Is all ePHI present on workstations & mobile devices encrypted?   ☐ Yes ☐ No   4   Do all employees and temporary users of PHI undergo security training at least ☐ Yes ☐ No   annually?   Copyright QI Partners HIPAAHITECHExpress.com 2012 17
  • 18. Mitigation Map Drives Remediation and Ongoing Compliance Example HIPAA Citation 164.308(a)(3)(ii)(A) HIPAA Reference Workforce Security appropriate access and supervision of PHI data Gap Controls that ensure workforce members obtain only the access required to perform their day to day duties is not in place. Thus, unauthorized access to PHI is possible. Mitigation Define a set of roles for staff to be assigned Recommendation Assign each user to one or more roles Train administrative staff in role and access management Workflow Type System Access Policies and Procedures Training Audit Evidence Access Controls Policy Required Security Awareness Training Curriculum Logs of Access and Training attendance Copyright QI Partners HIPAAHITECHExpress.com 2012 18
  • 19. End to End Security & Privacy: Compliant, Secure, Auditable Process generates evidence required to manage and audit. No fire drills. Copyright QI Partners HIPAAHITECHExpress.com 2012 19
  • 20. Increase PHI Security Check that risk assessments are up to date Make sure senior managers are supportive of risk mitigation strategies Review existing compliance programs and staff training Ensure vigilant implementation of security and privacy procedures Conduct regular internal compliance audits Develop a plan for prompt response to breach incidents Copyright QI Partners HIPAAHITECHExpress.com 2012 20
  • 21. The Yin and Yang of Security Can we Implement Better Security, Enhance Privacy and Improve Productivity? YES! Minimize the productivity impact of security by making it as transparent as possible While security controls stop people from doing bad things, these same controls can enforce best practice There is great potential in using data on what people are doing to improve productivity Copyright QI Partners HIPAAHITECHExpress.com 2012 21
  • 22. Lessons Learned, Best Practices Drive Effective Security
  • 23. Unaware - Uninformed $ Spent on Security - Too small to quantify Employees not Technology - Both accidental and deliberate actors in breach incidents Everyday Security Needed - Develop Patient & Provider Expectations - Greater access to personal health info, but protected Copyright QI Partners HIPAAHITECHExpress.com 2012 23
  • 24. Security Best Practices High Tech + Low Tech Policies and Procedures beyond defined - Implemented and monitored for effectiveness BAs and SLAs - Define accountabilities and responsibilities for mutual processes Breach Recovery Logs, Logs, Logs - Why & how did it happen, who was affected know where to look to protect your brand Invest in Technology - Cloud solutions expanding rapidly - Mobile devices greatly expand possibilities safeguards are available Engage and Empower Patients benefits of eHealth for all Risk Management Program not a one time event - Ongoing business function needing time & $$ Copyright QI Partners HIPAAHITECHExpress.com 2012 24
  • 25. Balancing Security, Compliance and Productivity Set security as an organization goal Utilize Training so everyone knows the basic rules Ensure management understands the risks associated with unsecured systems Communicate to the organization clearly Make sure everyone knows their roles and responsibilities Copyright QI Partners HIPAAHITECHExpress.com 2012 25
  • 26. The Risk Averted Francis Bacon British author and Statesman Copyright QI Partners HIPAAHITECHExpress.com 2012 26
  • 28. HIPAA HITECH Express Blueprint for Compliance Readiness The HIPAA HITECH Express Team can assist you reduce the complexity, confusion and guesswork of meeting the HIPAA security and privacy rules. Our solution walks you through the security and privacy compliance process, saving time, money and reducing risk. The HIPAA HITECH Express Team has done it before. We have extensive experience implementing risk based cost effective regulatory compliance and information security and privacy solutions. For more information on HIPAA/HITECH Express contact: Robert Zimmerman Eric Hummel rzimmerman@inforistec.com eric.hummel@qedsec.com 301-802-1925 703-980-3378 Copyright QI Partners HIPAAHITECHExpress.com 2012 28