CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Angela Diop, ND, CHCIO, VP of Information Systems, Unity Health Care, Inc.

1. Creating an Effective
Cyber Security Strategy
________
Key Attributes for Success, Challenges and
Critical Success Factors
● Angela Duncan Diop, ND, CHCIO, VP of Information Systems
Unity Health Care, Inc. ●
A CHIME Leadership Education and Development Forum in collaboration with iHT2
#LEAD14

2. ANATOMY OF A BREACH
A CHIME Leadership Education and Development Forum in collaboration with iHT2

3. INTRODUCTION

4. Unity Health Care, Inc.
Federally
Qualified Health
Center
Over 100,000
unique patients in
2013
30 sites; health
centers, homeless
service sites,
school based
health centers,
correctional sites,
and a mobile site
Mission
Promoting healthier communities through
compassion and comprehensive health and human
services, regardless of ability to pay.
4

5. Unity’s Patients
• Patient population is
racially and ethnically
diverse and largely
minority
• Substantial health
disparities and poor
health outcomes exist
• Great need for accessible
and comprehensive
primary care services
5

6. Data is like water – it always flows through the cracks
THE INCIDENT

7. Description
• A personal laptop
containing data from a
nutrition and exercise
program
• Student assisting in the
analysis of data saved it
to a flash drive.
• Loaded to a personal
computer.
• Stolen from a student’s
home in a burglary.
FreeDigitalPhotos.net

8. Description
• Type of Incident: Theft
• Location of Breach:
Laptop computer -
unencripted
• Approximate number
of individuals affected
by the breach: 305
FreeDigitalPhotos.net

9. To breach or not to breach – that is the question.
THE CALL

10. Type of PHI Involved
• Demographic information – name and DOB
• Clinical Information -diagnosis/conditions
• The data consisted of names, dates of birth,
weight, body mass index, and for a limited
number of participants, information regarding
a history of hypertension or diabetes.

11. Risk Assessment
• Consulted our HIPAA auditor
• Consulted our attorney
• Met/discussed with our Executive
Management team
• Decided to treat the incident as a breach

12. Never let a good crisis go to waste
THE RESPONSE

13. Created a Team
• Appointed a breach
response team
– Privacy Officer
– VP of Information Systems
– Legal Counsel
– VP of Clinical
Administration
– Deputy Chief Medical
Officer
– VP of Human Resources

14. Gap Analysis &Corrective Action
Plan
• Overall responsibility –
Privacy Officer or VP of IS
• Identifies the steps that
led to incident
• Captures key info
surrounding the incident
– Description
– Issues/Gaps
– Lead
– Due date

15. Incident Response Plan
• Plan that the team
creates and follows to
address the incident
– Investigation
– Risk Assessment
– Notifications –
Patients, HHS, Staff
Exe Man Team, Exe.
Board
– Corrective actions

16. Milk the crisis for all it’s worth
EPILOGUE

17. Benefits Gained
• Blue print for responding to a breach
• Breach team
• Breach management policy
• Breach insurance
• Retraining of staff
• Heightened awareness by senior leadership
and Board

18. Q & A
Angela Duncan Diop, ND, CHCIO
adiop@unityhealthcare.org
A CHIME Leadership Education and Development Forum in collaboration with iHT2
@AngelaDiop
@UnityHealthCare