SlideShare una empresa de Scribd logo

Red7 Medical Identity Security and Data Protection

Robert Grupe, CSSLP CISSP PE PMP
Robert Grupe, CSSLP CISSP PE PMP

Growth of medical identity theft, protection requirements, and information security organization

Tecnología
1 de 18
1 robertGrupe, CISSP, CSSLP, PE, PMP tags :|: medical identity, patient data, data protection © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security PATIENT MEDICAL IDENTITY & DATA PROTECTION SECURITY
• US Medical Identity Theft and Data Breaches • HIPAA 2013 Omnibus Final Rule Updates • Recommendations © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Agenda
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US MEDICAL IDENTITY THEFT AND DATA BREACHES
• Top Industries Cost • 1. Healthcare $233 per person • 2. Finance $215 • 3. Pharmaceutical $207 • Top Causes • 41% Malicious attack • 33% Human Factor • 26% System glitch Red7 :|: Information Security US Data Breaches 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
• 94% health-care organizations have been hit by at least one data breach, • 45% more than five breaches in the past two years • $2.4 million estimated average cost over 2 years • $10,000 - $1+ million per incident • 2,796 average number of records lost per breach • 47% detected by employees • 52% breaches discovered by audits • Black Market Data Value • $50 per medical record (SSNs go for about $1 each) • Criminal Mis-Use • Overseas call centers ordering medical equipment and drugs Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security. Dec 2012 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US Healthcare Data Breaches
• $1.8 million, 19%+ over 2012 • Causes • 30% Member shared identification with a friend/family member • 28% Acquaintance or family member stole • 8% provided in phishing • 7% provider/insurer due to data breach • 5% healthcare worker • Criminal mis-uses • 63% treatments • 60% prescriptions and equipment • 51% obtain government benefits • 12% credit card account applications Red7 :|: Information Security US Medical Identity Theft • Difficulties detecting • 56% Patients don’t check their records for accuracies 2013 Survey on Medical Identity Theft, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
• “Medical Identity theft is being called the fastest growing type of fraud. • This contributes to rising cost in health care.” • Unlike financial identity theft, medical identity theft holds life threatening impacts. • For example if you are rushed to the ER with appendicitis but your records already show your appendicitis removed, the consequences can be dangerous.” • Medical Identity Fraud Alliance, Development Coordinator Robin Slade © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Consequences
• 50% of victims unaware creates inaccuracies in their records • 15% misdiagnosis • 14% treatment delays • 13% mistreatment • 11% wrong prescription • 23% credit rating • 20% financial identity theft (credit card, banking) • 17% legal fees • Loss of coverage, cost to restore, out-of-pocket costs, increased premiums • 6% employment difficulties • 58% victims lost trust in providers © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Patient Harm
• Member, client, provider communications • Member online security monitoring and restoration services • Response and reputation crisis management • Loss of business • Law suites: members, customers, investors © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Enterprise Consequences
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA Breach Notifications
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 OMNIBUS FINAL RULE UPDATES
• Defines Business Associates of Covered Entities directly liable for • • • • compliance with certain of the HIPAA Privacy and Security Rules' requirements. Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices. Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act. Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule's "harm" threshold Violation Penalties • • • • (A) Did Not Know (with reasonable diligence) $100+ (B) Reasonable Cause $1,000+ (C)(i) Willful Neglect-Corrected $10,000+ (C)(ii) Willful Neglect-Not Corrected $50,000 HHS Omnibus http://www.hhs.gov/ocr/privacy/hipaa/administrative/omnibus/index.html http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 Omnibus Final Rule Updates
© Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security RECOMMENDATIONS
• Last patched software maintenance • Install anti-virus and application IDS everywhere • (Yes: Mac OS, iOS, Linux, and Android too) • Strong Credential Management • Strong Passwords and management policies • Network Mapping • Sites, gateways, routers, devices, • then directory details for all devices © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Master the Basics
• What security laws and regulations effect your organization • Heath Care: HIPAA, states • Financial: PCI, etc. • Personal: States, EU • Other • Map your external app’s PHI flows • Workflows • Reference lookups • Data backups © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Risk Assessment
If it isn’t documented, it doesn’t exist • Use an industry recognized framework • E.g. ISO/IEC 27001:2005 • Living Document: Continual detailing and updating • Don’t use all at once, keep section numbers but only draft and publish active sections • Identify information security best practices • Reference for Minimum acceptable security • Industry (e.g. HIPAA, HITRUST, ARRA) state (Mass.), third party (e.g., PCI and COBIT), government (e.g., NIST, FTC and CMS), appdev (e.g. OWASP) • Application regression test scripts for all policy rules validation • Responsible Program Manager to • prioritize critical success factors and initiatives • ensure document maintenance • champion process improvements • oversee system/application/services updates • ensure compliance validation • provide status reporting © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Document Your Policies & Processes
• Don’t Procrastinate - Start Right Now! • With quick list brainstorm • Continuous Process Improvement • What doesn’t get measured, doesn’t get done • Regular Privacy controls and processes Risk Assessment • Security Technology isn’t the (whole) solution • Vulnerability assessment utilities to detect security policy & process vulnerabilities • E.g. Social engineering vulnerabilities • Insider data access • User validation © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Well Begun, Is Half Done
• This Presentation & Further Resources • www.red7managementsolutions.com • Questions, suggestions, & requests • Robert Grupe, CISSP, CSSLP, PE, PMP • robert.grupe@red7managementsolutions.com • +1.314.278.7901 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Finis

Recomendados

HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceLessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceBlack Duck by Synopsys
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 

Recomendados

HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceLessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceBlack Duck by Synopsys
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery ProcessDaegis
 
Protecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersProtecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersJoshua Spencer
 
Web hipaa hitech and privacy
Web hipaa hitech and privacyWeb hipaa hitech and privacy
Web hipaa hitech and privacyCarol Buckmann
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantBlancco
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Blancco
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningBlack Duck by Synopsys
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Cybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsCybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsGopal Khanna
 
Red7 Software Planning Models
Red7 Software Planning ModelsRed7 Software Planning Models
Red7 Software Planning ModelsRobert Grupe, CSSLP CISSP PE PMP
 
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingWeb Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingRobert Grupe, CSSLP CISSP PE PMP
 

Más contenido relacionado

La actualidad más candente

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery ProcessDaegis
 
Protecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersProtecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersJoshua Spencer
 
Web hipaa hitech and privacy
Web hipaa hitech and privacyWeb hipaa hitech and privacy
Web hipaa hitech and privacyCarol Buckmann
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantBlancco
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Blancco
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningBlack Duck by Synopsys
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Cybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsCybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsGopal Khanna
 

La actualidad más candente (20)

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
 
Information Security in the eDiscovery Process
Information Security in the eDiscovery ProcessInformation Security in the eDiscovery Process
Information Security in the eDiscovery Process
 
Protecting Healthcare Data from Hackers
Protecting Healthcare Data from HackersProtecting Healthcare Data from Hackers
Protecting Healthcare Data from Hackers
 
Web hipaa hitech and privacy
Web hipaa hitech and privacyWeb hipaa hitech and privacy
Web hipaa hitech and privacy
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance? Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
Security Regulations & Guidelines: Is Your Business on the Path to Compliance?
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-Wong
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability Scanning
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Cybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected OfficialsCybersecurity and the Accountability of Elected Officials
Cybersecurity and the Accountability of Elected Officials
 

Destacado

Red7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models OverviewRed7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models OverviewRobert Grupe, CSSLP CISSP PE PMP
 
Product Portfolio Management
Product Portfolio ManagementProduct Portfolio Management
Product Portfolio ManagementMarina Naccarato
 

Destacado (14)

Red7 Software Planning Models
Red7 Software Planning ModelsRed7 Software Planning Models
Red7 Software Planning Models
 
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingWeb Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN Testing
 
Red7 Automating UAT Web Testing
Red7 Automating UAT Web TestingRed7 Automating UAT Web Testing
Red7 Automating UAT Web Testing
 
Red7 Product Management Software Tools Overview
Red7 Product Management Software Tools OverviewRed7 Product Management Software Tools Overview
Red7 Product Management Software Tools Overview
 
Boy Scouts STEM Nova Awards
Boy Scouts STEM Nova AwardsBoy Scouts STEM Nova Awards
Boy Scouts STEM Nova Awards
 
Red7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models OverviewRed7 NPD and Project Management Life Cycle Models Overview
Red7 NPD and Project Management Life Cycle Models Overview
 
Agile AppSec DevOps
Agile AppSec DevOpsAgile AppSec DevOps
Agile AppSec DevOps
 
Venturing: Extending the Boy Scout Troop
Venturing: Extending the Boy Scout TroopVenturing: Extending the Boy Scout Troop
Venturing: Extending the Boy Scout Troop
 
Boy Scout Parents Introduction
Boy Scout Parents IntroductionBoy Scout Parents Introduction
Boy Scout Parents Introduction
 
Red7 Developing Product Requirements: Tools and Process
Red7 Developing Product Requirements: Tools and ProcessRed7 Developing Product Requirements: Tools and Process
Red7 Developing Product Requirements: Tools and Process
 
Boy Scouts Introduction
Boy Scouts IntroductionBoy Scouts Introduction
Boy Scouts Introduction
 
Red7 Introduction to Product Management
Red7 Introduction to Product ManagementRed7 Introduction to Product Management
Red7 Introduction to Product Management
 
Red7 Product Portfolio Management
Red7 Product Portfolio ManagementRed7 Product Portfolio Management
Red7 Product Portfolio Management
 
Product Portfolio Management
Product Portfolio ManagementProduct Portfolio Management
Product Portfolio Management
 

Similar a Red7 Medical Identity Security and Data Protection

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at RiskClearDATACloud
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 

Similar a Red7 Medical Identity Security and Data Protection (20)

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
2016-04-21 HIPAA
2016-04-21 HIPAA2016-04-21 HIPAA
2016-04-21 HIPAA
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 

Más de Robert Grupe, CSSLP CISSP PE PMP

AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessRobert Grupe, CSSLP CISSP PE PMP
 
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should HaveAppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should HaveRobert Grupe, CSSLP CISSP PE PMP
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRobert Grupe, CSSLP CISSP PE PMP
 

Más de Robert Grupe, CSSLP CISSP PE PMP (6)

Application Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & DefensesApplication Security: AI LLMs and ML Threats & Defenses
Application Security: AI LLMs and ML Threats & Defenses
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
 
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should HaveAppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
AppSec Threat Modeling with 5 Agile Design Diagrams Every Project Should Have
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
 
Red7 Software Application Security Threat Modeling
Red7 Software Application Security Threat ModelingRed7 Software Application Security Threat Modeling
Red7 Software Application Security Threat Modeling
 
Application Security Logging with Splunk using Java
Application Security Logging with Splunk using JavaApplication Security Logging with Splunk using Java
Application Security Logging with Splunk using Java
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Red7 Medical Identity Security and Data Protection

  • 1. 1 robertGrupe, CISSP, CSSLP, PE, PMP tags :|: medical identity, patient data, data protection © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security PATIENT MEDICAL IDENTITY & DATA PROTECTION SECURITY
  • 2. • US Medical Identity Theft and Data Breaches • HIPAA 2013 Omnibus Final Rule Updates • Recommendations © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Agenda
  • 3. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US MEDICAL IDENTITY THEFT AND DATA BREACHES
  • 4. • Top Industries Cost • 1. Healthcare $233 per person • 2. Finance $215 • 3. Pharmaceutical $207 • Top Causes • 41% Malicious attack • 33% Human Factor • 26% System glitch Red7 :|: Information Security US Data Breaches 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
  • 5. • 94% health-care organizations have been hit by at least one data breach, • 45% more than five breaches in the past two years • $2.4 million estimated average cost over 2 years • $10,000 - $1+ million per incident • 2,796 average number of records lost per breach • 47% detected by employees • 52% breaches discovered by audits • Black Market Data Value • $50 per medical record (SSNs go for about $1 each) • Criminal Mis-Use • Overseas call centers ordering medical equipment and drugs Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security. Dec 2012 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security US Healthcare Data Breaches
  • 6. • $1.8 million, 19%+ over 2012 • Causes • 30% Member shared identification with a friend/family member • 28% Acquaintance or family member stole • 8% provided in phishing • 7% provider/insurer due to data breach • 5% healthcare worker • Criminal mis-uses • 63% treatments • 60% prescriptions and equipment • 51% obtain government benefits • 12% credit card account applications Red7 :|: Information Security US Medical Identity Theft • Difficulties detecting • 56% Patients don’t check their records for accuracies 2013 Survey on Medical Identity Theft, Ponemon Institute © Copyright 2014-01 Robert Grupe. All rights reserved.
  • 7. • “Medical Identity theft is being called the fastest growing type of fraud. • This contributes to rising cost in health care.” • Unlike financial identity theft, medical identity theft holds life threatening impacts. • For example if you are rushed to the ER with appendicitis but your records already show your appendicitis removed, the consequences can be dangerous.” • Medical Identity Fraud Alliance, Development Coordinator Robin Slade © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Consequences
  • 8. • 50% of victims unaware creates inaccuracies in their records • 15% misdiagnosis • 14% treatment delays • 13% mistreatment • 11% wrong prescription • 23% credit rating • 20% financial identity theft (credit card, banking) • 17% legal fees • Loss of coverage, cost to restore, out-of-pocket costs, increased premiums • 6% employment difficulties • 58% victims lost trust in providers © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Patient Harm
  • 9. • Member, client, provider communications • Member online security monitoring and restoration services • Response and reputation crisis management • Loss of business • Law suites: members, customers, investors © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Enterprise Consequences
  • 10. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA Breach Notifications
  • 11. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 OMNIBUS FINAL RULE UPDATES
  • 12. • Defines Business Associates of Covered Entities directly liable for • • • • compliance with certain of the HIPAA Privacy and Security Rules' requirements. Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices. Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act. Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule's "harm" threshold Violation Penalties • • • • (A) Did Not Know (with reasonable diligence) $100+ (B) Reasonable Cause $1,000+ (C)(i) Willful Neglect-Corrected $10,000+ (C)(ii) Willful Neglect-Not Corrected $50,000 HHS Omnibus http://www.hhs.gov/ocr/privacy/hipaa/administrative/omnibus/index.html http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security HIPAA 2013 Omnibus Final Rule Updates
  • 13. © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security RECOMMENDATIONS
  • 14. • Last patched software maintenance • Install anti-virus and application IDS everywhere • (Yes: Mac OS, iOS, Linux, and Android too) • Strong Credential Management • Strong Passwords and management policies • Network Mapping • Sites, gateways, routers, devices, • then directory details for all devices © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Master the Basics
  • 15. • What security laws and regulations effect your organization • Heath Care: HIPAA, states • Financial: PCI, etc. • Personal: States, EU • Other • Map your external app’s PHI flows • Workflows • Reference lookups • Data backups © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Risk Assessment
  • 16. If it isn’t documented, it doesn’t exist • Use an industry recognized framework • E.g. ISO/IEC 27001:2005 • Living Document: Continual detailing and updating • Don’t use all at once, keep section numbers but only draft and publish active sections • Identify information security best practices • Reference for Minimum acceptable security • Industry (e.g. HIPAA, HITRUST, ARRA) state (Mass.), third party (e.g., PCI and COBIT), government (e.g., NIST, FTC and CMS), appdev (e.g. OWASP) • Application regression test scripts for all policy rules validation • Responsible Program Manager to • prioritize critical success factors and initiatives • ensure document maintenance • champion process improvements • oversee system/application/services updates • ensure compliance validation • provide status reporting © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Document Your Policies & Processes
  • 17. • Don’t Procrastinate - Start Right Now! • With quick list brainstorm • Continuous Process Improvement • What doesn’t get measured, doesn’t get done • Regular Privacy controls and processes Risk Assessment • Security Technology isn’t the (whole) solution • Vulnerability assessment utilities to detect security policy & process vulnerabilities • E.g. Social engineering vulnerabilities • Insider data access • User validation © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Well Begun, Is Half Done
  • 18. • This Presentation & Further Resources • www.red7managementsolutions.com • Questions, suggestions, & requests • Robert Grupe, CISSP, CSSLP, PE, PMP • robert.grupe@red7managementsolutions.com • +1.314.278.7901 © Copyright 2014-01 Robert Grupe. All rights reserved. Red7 :|: Information Security Finis

Notas del editor

  1. BioRobert Grupe is an experienced international business leader with a background in engineering, sales, marketing, PR, and product support in the software, digital marketing, health care, electro-optic and aerospace industries. From Fortune 100 to start-up companies, Robert has worked for industry leaders including Boeing, McAfee, Text 100 PR, and Express Scripts.  Management experience includes working with and leading local, as well as internationally distributed, teams while implementing best practices to maximum organizational and market performance.  Robert is a registered Certified Information Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Professional Engineer (PE), and Product Management Professional (PMP).
  2. Your Medical Records Could be Sold on the Black Market, NBC Bay Area News, http://www.nbcbayarea.com/news/local/Medical-Records-Could-Be-Sold-on-Black-Market-212040241.html, June 19, 2013.http://www.nationwide.com/newsroom/061312-MedicalIDTheft.js