SlideShare una empresa de Scribd logo

Physician Office Presentation

Descargar como PPTX, PDF
F
franbodh

Training slide show for staff awareness

1 de 18
Securing Data at a Physician’s Practice A guide to keeping your healthcare data safe and secure
Agenda 1 Common terms 2 Why we need to secure data in Healthcare 3 Where to start 4 Security Awareness Program 5 Password discussion 6 Keep your data safe – data protection 101 7 More recommendations – data protection 102
Common terms You will recognize these terms when they come across your desk •Password A string of characters used to authenticate yourself (usually) to a computer - Used to authenticate (user name is used for identification). - Can also use a PIN# (after a password has been entered.) •Encryption A way to transform plain text into unreadable material. - Purpose is to hide the plain text from non-authorized agents/readers - Need a key to encrypt and decrypt the message •HIE / Remote Access / Patient Portal This is the main way SJH make our data available to Offices and Physicians - Health Information Exchange – This is the recommended way to connect to our database - Netilla - Patient Portal •ePHI Electronic Protected Health Information Any PHI created, stored or transmitted elctronically •Phishing Method for hackers to gather information about you - email containing links - websites containing links •Social Engineering Manipulation of people to get information from them or to get them to perform certain actions. - Many ways
Data A little of everything Should be classified: secret, confidential, private Data and public – depending on the classification, it may require to be encrypted … This is where the data is being moved from in motion - 1 closet to another - 1 computer to another - From the file closet to the consult room - Etc… This is where the data is stored - In a file closet At rest - In the main file server - On the computer desktop - In the computer memory - Etc… Your Logo
Why we need to secure data in Healthcare So many reasons, so little time … If you haven’t, act now! Government regulation Your patient data is under attack 1 HIPAA – Health Insurance Portability and 2 Healthcare Data is extremely valuable. Accountability Act. But it is vulnerable – It is just sitting there. HITECH – Health Information Technology It cannot defend itself so you have to for Economic and Clinical Heath is part of protect it. ARRA of 2009 (American Recovery and Physical risks Reinvestment Act) – Also called HIPAA Software risks with teeth because it implements Latest trend - Blackmail enforcement. Loss of business – Financial consequences Reputation 3 Data is extremely important to medicine – 4 You could lose the trust of the patients Chart, computer records, … You could lose the trust of the physicians Medical Identity Theft Reputation of the office is key You may have to close the office during an investigation Loss of income for employees if office is closed Your Logo
Physical Safety is important Take care of your equipment! Your Logo
Physical Risks Again, there are so many risks • Fire • Floods • Equipment Failure • Theft • … Your Logo
Other Technical Risks More risks !!!! • Hacking • Phishing • Viruses and Malware • Blackmail • Misconfiguration • … Your Logo
Where to start Why not with the weakest link? Weakest link, you said ??? 3 Google – Many Definitions: In Information Security, employees 1 are the weakest link. Why? Social Engineering: “art of manipulating people into performing actions of divulging confidential information.” People want to trust each others “act of manipulating a person to accomplish goals that may or may not be in the target’s This is a characteristic that we all 2 have. We want to trust others. This best interest. is where “Social Engineering” comes This translates into deception either over the in. phone, in person, via a computer or any other ways. It includes obtaining information, Necessary steps gaining access or getting the target to take Background checks certain actions. 4 Good Policies and Procedures Information Security Awareness Program Doctors must lead by example Password – complex and change regularly (3 months) Access codes should be changed when an employee leaves (recover keys ...) Your Logo
Security Awareness Program Teach any chance you get Starts with the Hiring Process Repeat every year Teachable moments 1 It starts during the Hiring 2 Repeat the program every 3 tEvery chance you get, process. You should have year and document that you reinforce the training and a section of your GEO did. the concepts. Look for dedicated to Information Test the employees those “moments”. Security. Keep it simple Use what is readily Make everyone sign an available on the web – agreement to keep userID Google Information Security and PASSWORD awareness confidential Be creative with passwords (more later) Your Logo
Passwords Complexity can be bad! Your Logo
Passwords Don’t like them but that is all we have right now. Why we do not like them (can be shared too easily …) ✓ 1 ✓ 2 Change your password regularly ✓ 3 Do not reuse or use the same password for multiple apps ✓ 4 Complexity while required should be used with caution ✓ 5 Components, rules and examples of complex passwords ✓ 6 Passwords alternatives – tokens … ✓ 7 Use these recommendations for home (personal accounts) Your Logo
Security vs. Usability This is always a struggle! Your Logo
Keep your data safe and secure Data Protection 101 Do not leave paper charts, USB, CDs etc … laying around the office 1 Use complex passwords to authenticate to the computer system 2 3 Do not use generic accounts (no accountability). A patient could ask to see a log of who had access to his data Review access and privileges regularly (privilege transfer …) at least once a year and audit yourself. 4 Know where your data is (map it) and classify it if you can (ePhi is classified as confidential by default) Consider 5 data flows (data in transit) Back up your data – you may need to restore it in the event of a disaster or even data corruption. Review your 6 backup strategy (When, What …). Test your backups – restore a randomly chosen file once a month. 7 Encrypt your data – if necessary. This means during transit and when it is stored in a location you do not control (USB key, CD, cloud, …) Your Logo
More recommendations Data Protection 102 Use an Information Security Professional or at least an IT Professional. They have the experience and should 1 guarantee their work. Ask for references and Healthcare experience. Incorporate Redundancy and Fault Tolerance in your designs (computers, servers, networks – wired and wireless) 2 so that you always have a safe and secure access to your data. 3 Think about BYOD – secure access, easily stolen, encryption is necessary … Do a DRP test yearly. Get with a local business who will let you use their facilities in the event of a disaster 4 Keep your servers patched to the latest level. Do not forget the patching of databases (SQL …). Do not forget to 5 turn on the security features in your “certified software”. Do not trust the vendor to do this. You have to initiate! Remote access should be secured via encryption, passwords, dual factor authentication... 6 7 Don’t forget that your data could be on some hardware you are getting rid of … PC, server, copier, … if you encrypt, you are OK. Your Logo
More recommendations Data Protection 102 - continued Make sure your PCs auto logoff or use password protected screen savers 1 Use computer privacy screen filters for the computers placed if full view of the public 2 3 Deactivate USB ports and CD writers to prevent unauthorized copy of ePHI – Discuss DLP with a professional If you want to communicate with patients, use a portal instead of email. Email is NOT secure. 4 Save the logs of who is accessing which record 5 Download the following pdf from the OCR site (this is an information Security guide for small practices) 6 http://healthit.hhs.gov/portal/server.pt?open=512&objID=1173&parentname=CommunityPage&parentid=34&mode=2&in_hi_userid=10732&cached=true 7 Be aware of your environment! Your Logo
Make Information Security part of what you do Bake it into your processes Information Security should always be considered in everything you do. It will help later (during audits) especially if you document your efforts. Your Logo
Questions? THANK YOU! Your Logo

Recomendados

Brochure protect operational_info_sm1
Brochure protect operational_info_sm1Brochure protect operational_info_sm1
Brochure protect operational_info_sm1Noel Waterman
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
Security risk presentation
Security risk presentationSecurity risk presentation
Security risk presentationShanonNasoni
 
Resources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client InformationResources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client InformationOregon Law Practice Management
 
Threats
ThreatsThreats
Threatssbmiller87
 
Document%20 Safer%20 Introduction
Document%20 Safer%20 IntroductionDocument%20 Safer%20 Introduction
Document%20 Safer%20 Introductionerry wardhana
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 

Recomendados

Brochure protect operational_info_sm1
Brochure protect operational_info_sm1Brochure protect operational_info_sm1
Brochure protect operational_info_sm1Noel Waterman
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?Legal Services National Technology Assistance Project (LSNTAP)
 
Security risk presentation
Security risk presentationSecurity risk presentation
Security risk presentationShanonNasoni
 
Resources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client InformationResources for Lawyers Who Have Experienced Theft of Client Information
Resources for Lawyers Who Have Experienced Theft of Client InformationOregon Law Practice Management
 
Threats
ThreatsThreats
Threatssbmiller87
 
Document%20 Safer%20 Introduction
Document%20 Safer%20 IntroductionDocument%20 Safer%20 Introduction
Document%20 Safer%20 Introductionerry wardhana
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Data, data slides
Data, data slidesData, data slides
Data, data slidesMAGNUS1_MILLIONS
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyAEGILITY
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
 
Dlp notes
Dlp notesDlp notes
Dlp notesanuepcet
 
Ensuring Security and Compliance in a Data Deluge
Ensuring Security and Compliance in a Data DelugeEnsuring Security and Compliance in a Data Deluge
Ensuring Security and Compliance in a Data DelugeTripwire
 
Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention Dhananjay Aloorkar
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11mrmwood
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!wmetcalf
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Ariel Martin Beliera
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 
Cte i computer_parts
Cte i computer_partsCte i computer_parts
Cte i computer_partsKeshav Chauhan
 
Digitized health
Digitized healthDigitized health
Digitized healthFrank Wang
 

Más contenido relacionado

La actualidad más candente

Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyAEGILITY
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionFindWhitePapers
 
Ensuring Security and Compliance in a Data Deluge
Ensuring Security and Compliance in a Data DelugeEnsuring Security and Compliance in a Data Deluge
Ensuring Security and Compliance in a Data DelugeTripwire
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11mrmwood
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!wmetcalf
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 

La actualidad más candente (20)

Data, data slides
Data, data slidesData, data slides
Data, data slides
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
 
Protecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World SafetyProtecting Your Privacy: Cyberspace Security, Real World Safety
Protecting Your Privacy: Cyberspace Security, Real World Safety
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
 
Closing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protectionClosing the gaps in enterprise data security: A model for 360 degrees protection
Closing the gaps in enterprise data security: A model for 360 degrees protection
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
Ensuring Security and Compliance in a Data Deluge
Ensuring Security and Compliance in a Data DelugeEnsuring Security and Compliance in a Data Deluge
Ensuring Security and Compliance in a Data Deluge
 
Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Security White Paper
Security White PaperSecurity White Paper
Security White Paper
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2
 

Destacado

Digitized health
Digitized healthDigitized health
Digitized healthFrank Wang
 
Is That Data Valid? Getting Accurate Financial Data in Healthcare
Is That Data Valid? Getting Accurate Financial Data in HealthcareIs That Data Valid? Getting Accurate Financial Data in Healthcare
Is That Data Valid? Getting Accurate Financial Data in HealthcareHealth Catalyst
 
Healthcare Information Analytics
Healthcare Information AnalyticsHealthcare Information Analytics
Healthcare Information AnalyticsFrank Wang
 
Computers and medicine
Computers and medicine Computers and medicine
Computers and medicine mashiatmimosa
 
ROLE OF IT IN HOSPITALS
ROLE OF IT IN HOSPITALSROLE OF IT IN HOSPITALS
ROLE OF IT IN HOSPITALSGAURAV PRAKASH
 
Computers In The Medical Field
Computers In The Medical FieldComputers In The Medical Field
Computers In The Medical Fieldbecca1081
 
Linking Clinical And Financial Data: The Key To Real Quality And Cost Out
Linking Clinical And Financial Data: The Key To Real Quality And Cost OutLinking Clinical And Financial Data: The Key To Real Quality And Cost Out
Linking Clinical And Financial Data: The Key To Real Quality And Cost OutHealth Catalyst
 
Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...
Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...
Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...Health Catalyst
 
Why You Need to Understand Value-Based Reimbursement and How to Survive It
Why You Need to Understand Value-Based Reimbursement and How to Survive ItWhy You Need to Understand Value-Based Reimbursement and How to Survive It
Why You Need to Understand Value-Based Reimbursement and How to Survive ItHealth Catalyst
 
Lesson 3 Basic Parts Of The Computer
Lesson 3 Basic Parts Of The ComputerLesson 3 Basic Parts Of The Computer
Lesson 3 Basic Parts Of The Computerguevarra_2000
 
Use of Computers In Hospitals
Use of Computers In HospitalsUse of Computers In Hospitals
Use of Computers In HospitalsInfoFlavour
 
The Key to Transitioning from Fee-for-Service to Value-Based Reimbursements
The Key to Transitioning from Fee-for-Service to Value-Based ReimbursementsThe Key to Transitioning from Fee-for-Service to Value-Based Reimbursements
The Key to Transitioning from Fee-for-Service to Value-Based ReimbursementsHealth Catalyst
 
Computers in Medical field
Computers in Medical fieldComputers in Medical field
Computers in Medical fieldAvinash
 
Top 7 Healthcare Trends and Challenges for 2015 - From Our Financial Expert
Top 7 Healthcare Trends and Challenges for 2015 - From Our Financial ExpertTop 7 Healthcare Trends and Challenges for 2015 - From Our Financial Expert
Top 7 Healthcare Trends and Challenges for 2015 - From Our Financial ExpertHealth Catalyst
 
Parts of a Computer
Parts of a ComputerParts of a Computer
Parts of a ComputerMatt Shea
 
Components of a computer system
Components of a computer systemComponents of a computer system
Components of a computer systemlistergc
 
Introduction to Basic Computer Concepts Presentation
Introduction to Basic Computer Concepts PresentationIntroduction to Basic Computer Concepts Presentation
Introduction to Basic Computer Concepts PresentationAna Tan
 

Destacado (20)

Cte i computer_parts
Cte i computer_partsCte i computer_parts
Cte i computer_parts
 
Digitized health
Digitized healthDigitized health
Digitized health
 
Computer Languages
Computer Languages Computer Languages
Computer Languages
 
Is That Data Valid? Getting Accurate Financial Data in Healthcare
Is That Data Valid? Getting Accurate Financial Data in HealthcareIs That Data Valid? Getting Accurate Financial Data in Healthcare
Is That Data Valid? Getting Accurate Financial Data in Healthcare
 
Healthcare Information Analytics
Healthcare Information AnalyticsHealthcare Information Analytics
Healthcare Information Analytics
 
Computers and medicine
Computers and medicine Computers and medicine
Computers and medicine
 
ROLE OF IT IN HOSPITALS
ROLE OF IT IN HOSPITALSROLE OF IT IN HOSPITALS
ROLE OF IT IN HOSPITALS
 
Computers In The Medical Field
Computers In The Medical FieldComputers In The Medical Field
Computers In The Medical Field
 
Linking Clinical And Financial Data: The Key To Real Quality And Cost Out
Linking Clinical And Financial Data: The Key To Real Quality And Cost OutLinking Clinical And Financial Data: The Key To Real Quality And Cost Out
Linking Clinical And Financial Data: The Key To Real Quality And Cost Out
 
Computer Applications in Health Care
Computer Applications in Health CareComputer Applications in Health Care
Computer Applications in Health Care
 
Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...
Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...
Surviving Value-Based Purchasing in Healthcare: Connecting Your Clinical and ...
 
Why You Need to Understand Value-Based Reimbursement and How to Survive It
Why You Need to Understand Value-Based Reimbursement and How to Survive ItWhy You Need to Understand Value-Based Reimbursement and How to Survive It
Why You Need to Understand Value-Based Reimbursement and How to Survive It
 
Lesson 3 Basic Parts Of The Computer
Lesson 3 Basic Parts Of The ComputerLesson 3 Basic Parts Of The Computer
Lesson 3 Basic Parts Of The Computer
 
Use of Computers In Hospitals
Use of Computers In HospitalsUse of Computers In Hospitals
Use of Computers In Hospitals
 
The Key to Transitioning from Fee-for-Service to Value-Based Reimbursements
The Key to Transitioning from Fee-for-Service to Value-Based ReimbursementsThe Key to Transitioning from Fee-for-Service to Value-Based Reimbursements
The Key to Transitioning from Fee-for-Service to Value-Based Reimbursements
 
Computers in Medical field
Computers in Medical fieldComputers in Medical field
Computers in Medical field
 
Top 7 Healthcare Trends and Challenges for 2015 - From Our Financial Expert
Top 7 Healthcare Trends and Challenges for 2015 - From Our Financial ExpertTop 7 Healthcare Trends and Challenges for 2015 - From Our Financial Expert
Top 7 Healthcare Trends and Challenges for 2015 - From Our Financial Expert
 
Parts of a Computer
Parts of a ComputerParts of a Computer
Parts of a Computer
 
Components of a computer system
Components of a computer systemComponents of a computer system
Components of a computer system
 
Introduction to Basic Computer Concepts Presentation
Introduction to Basic Computer Concepts PresentationIntroduction to Basic Computer Concepts Presentation
Introduction to Basic Computer Concepts Presentation
 

Similar a Physician Office Presentation

1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. Quiñones-Borrero
 
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security PitfallsDaniel Rivas
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration RecommendationsMeg Weber
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program 10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program Dtex Systems
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesSecuring Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesMidmarketIBM
 
NameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxNameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxgemaherd
 
5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecureMedia Sonar
 

Similar a Physician Office Presentation (20)

1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your security
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program 10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection Programs
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesSecuring Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
 
NameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxNameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docx
 
5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure
 

Physician Office Presentation

  • 1. Securing Data at a Physician’s Practice A guide to keeping your healthcare data safe and secure
  • 2. Agenda 1 Common terms 2 Why we need to secure data in Healthcare 3 Where to start 4 Security Awareness Program 5 Password discussion 6 Keep your data safe – data protection 101 7 More recommendations – data protection 102
  • 3. Common terms You will recognize these terms when they come across your desk •Password A string of characters used to authenticate yourself (usually) to a computer - Used to authenticate (user name is used for identification). - Can also use a PIN# (after a password has been entered.) •Encryption A way to transform plain text into unreadable material. - Purpose is to hide the plain text from non-authorized agents/readers - Need a key to encrypt and decrypt the message •HIE / Remote Access / Patient Portal This is the main way SJH make our data available to Offices and Physicians - Health Information Exchange – This is the recommended way to connect to our database - Netilla - Patient Portal •ePHI Electronic Protected Health Information Any PHI created, stored or transmitted elctronically •Phishing Method for hackers to gather information about you - email containing links - websites containing links •Social Engineering Manipulation of people to get information from them or to get them to perform certain actions. - Many ways
  • 4. Data A little of everything Should be classified: secret, confidential, private Data and public – depending on the classification, it may require to be encrypted … This is where the data is being moved from in motion - 1 closet to another - 1 computer to another - From the file closet to the consult room - Etc… This is where the data is stored - In a file closet At rest - In the main file server - On the computer desktop - In the computer memory - Etc… Your Logo
  • 5. Why we need to secure data in Healthcare So many reasons, so little time … If you haven’t, act now! Government regulation Your patient data is under attack 1 HIPAA – Health Insurance Portability and 2 Healthcare Data is extremely valuable. Accountability Act. But it is vulnerable – It is just sitting there. HITECH – Health Information Technology It cannot defend itself so you have to for Economic and Clinical Heath is part of protect it. ARRA of 2009 (American Recovery and Physical risks Reinvestment Act) – Also called HIPAA Software risks with teeth because it implements Latest trend - Blackmail enforcement. Loss of business – Financial consequences Reputation 3 Data is extremely important to medicine – 4 You could lose the trust of the patients Chart, computer records, … You could lose the trust of the physicians Medical Identity Theft Reputation of the office is key You may have to close the office during an investigation Loss of income for employees if office is closed Your Logo
  • 6. Physical Safety is important Take care of your equipment! Your Logo
  • 7. Physical Risks Again, there are so many risks • Fire • Floods • Equipment Failure • Theft • … Your Logo
  • 8. Other Technical Risks More risks !!!! • Hacking • Phishing • Viruses and Malware • Blackmail • Misconfiguration • … Your Logo
  • 9. Where to start Why not with the weakest link? Weakest link, you said ??? 3 Google – Many Definitions: In Information Security, employees 1 are the weakest link. Why? Social Engineering: “art of manipulating people into performing actions of divulging confidential information.” People want to trust each others “act of manipulating a person to accomplish goals that may or may not be in the target’s This is a characteristic that we all 2 have. We want to trust others. This best interest. is where “Social Engineering” comes This translates into deception either over the in. phone, in person, via a computer or any other ways. It includes obtaining information, Necessary steps gaining access or getting the target to take Background checks certain actions. 4 Good Policies and Procedures Information Security Awareness Program Doctors must lead by example Password – complex and change regularly (3 months) Access codes should be changed when an employee leaves (recover keys ...) Your Logo
  • 10. Security Awareness Program Teach any chance you get Starts with the Hiring Process Repeat every year Teachable moments 1 It starts during the Hiring 2 Repeat the program every 3 tEvery chance you get, process. You should have year and document that you reinforce the training and a section of your GEO did. the concepts. Look for dedicated to Information Test the employees those “moments”. Security. Keep it simple Use what is readily Make everyone sign an available on the web – agreement to keep userID Google Information Security and PASSWORD awareness confidential Be creative with passwords (more later) Your Logo
  • 11. Passwords Complexity can be bad! Your Logo
  • 12. Passwords Don’t like them but that is all we have right now. Why we do not like them (can be shared too easily …) ✓ 1 ✓ 2 Change your password regularly ✓ 3 Do not reuse or use the same password for multiple apps ✓ 4 Complexity while required should be used with caution ✓ 5 Components, rules and examples of complex passwords ✓ 6 Passwords alternatives – tokens … ✓ 7 Use these recommendations for home (personal accounts) Your Logo
  • 13. Security vs. Usability This is always a struggle! Your Logo
  • 14. Keep your data safe and secure Data Protection 101 Do not leave paper charts, USB, CDs etc … laying around the office 1 Use complex passwords to authenticate to the computer system 2 3 Do not use generic accounts (no accountability). A patient could ask to see a log of who had access to his data Review access and privileges regularly (privilege transfer …) at least once a year and audit yourself. 4 Know where your data is (map it) and classify it if you can (ePhi is classified as confidential by default) Consider 5 data flows (data in transit) Back up your data – you may need to restore it in the event of a disaster or even data corruption. Review your 6 backup strategy (When, What …). Test your backups – restore a randomly chosen file once a month. 7 Encrypt your data – if necessary. This means during transit and when it is stored in a location you do not control (USB key, CD, cloud, …) Your Logo
  • 15. More recommendations Data Protection 102 Use an Information Security Professional or at least an IT Professional. They have the experience and should 1 guarantee their work. Ask for references and Healthcare experience. Incorporate Redundancy and Fault Tolerance in your designs (computers, servers, networks – wired and wireless) 2 so that you always have a safe and secure access to your data. 3 Think about BYOD – secure access, easily stolen, encryption is necessary … Do a DRP test yearly. Get with a local business who will let you use their facilities in the event of a disaster 4 Keep your servers patched to the latest level. Do not forget the patching of databases (SQL …). Do not forget to 5 turn on the security features in your “certified software”. Do not trust the vendor to do this. You have to initiate! Remote access should be secured via encryption, passwords, dual factor authentication... 6 7 Don’t forget that your data could be on some hardware you are getting rid of … PC, server, copier, … if you encrypt, you are OK. Your Logo
  • 16. More recommendations Data Protection 102 - continued Make sure your PCs auto logoff or use password protected screen savers 1 Use computer privacy screen filters for the computers placed if full view of the public 2 3 Deactivate USB ports and CD writers to prevent unauthorized copy of ePHI – Discuss DLP with a professional If you want to communicate with patients, use a portal instead of email. Email is NOT secure. 4 Save the logs of who is accessing which record 5 Download the following pdf from the OCR site (this is an information Security guide for small practices) 6 http://healthit.hhs.gov/portal/server.pt?open=512&objID=1173&parentname=CommunityPage&parentid=34&mode=2&in_hi_userid=10732&cached=true 7 Be aware of your environment! Your Logo
  • 17. Make Information Security part of what you do Bake it into your processes Information Security should always be considered in everything you do. It will help later (during audits) especially if you document your efforts. Your Logo