SlideShare una empresa de Scribd logo

Protecting Health Data_FINAL3

Paul Petronelli
Paul Petronelli
1 de 14
Descargar para leer sin conexión
paul@medifies.com v.FINAL
Many thanks to member of HL7 Mobile Healthcare subcommittee for providing the motivation. If you are interested in joining in, see the wiki : http://wiki.hl7.org/index.php?title=Mobile_Health
http://www.reuters.com/article/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 *Ponemon Institute annual Cost of Data Breach Study: Global Analysis, sponsored by IBM. See http://www.ponemon.org **ibid, Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2016
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
There is ample guidance in the public literature. Some sources follow:
Start Here FTC/ONC/OCR/FDA Compliance check list: https://www.ftc.gov/tips-advice/business- center/guidance/mobile-health-apps-interactive-tool Determine end-use of application Evaluate which “compliance” guidelines are applicable HIPAA Path Non HIPAA Path Web Site Security APP Security End Point Security Application Layer Service Layer Physical Layer
Guide to Storage EncryptionTechnologies for End User Devices Guidelines for the Selection and Use ofTransport Layer Security (TLS) Implementations Guide to IPsecVPNs; or 800-113,Guide to SSLVPNs Guidelines for Media Sanitization
Role Usage Architect Understand guidance Designer Decide on approach Implementer Consider whether each approach introduces a vulnerability Operations Review vulnerabilities and exploits such as found in OWASP and other sources Then conduct your own Risk Assessment here: www.HealthIT.gov/security-risk-assessment
*Informal survey.Your results may vary and ‘values’ change frequently.
By Michelle McNickle, reporting on ID Experts opinions in HealthCare IT News, Sept 30, 2011 Ask yourself: “ how can our customers use the features/tools/and visibilities in our products to satisfy their security requirements?”
Protecting Health Data_FINAL3

Recomendados

DC617 Medical Device Presentation
DC617 Medical Device PresentationDC617 Medical Device Presentation
DC617 Medical Device Presentation
Matthew J McMahon
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Ivrach professional network for russian speaking physicians
Ivrach professional network for russian speaking physiciansIvrach professional network for russian speaking physicians
Ivrach professional network for russian speaking physicians
Oxana Kolosova
 
DIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of Obama
DIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of ObamaDIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of Obama
DIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of Obama
Dale Cooke
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 

Recomendados

DC617 Medical Device Presentation
DC617 Medical Device PresentationDC617 Medical Device Presentation
DC617 Medical Device Presentation
Matthew J McMahon
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
Ivrach professional network for russian speaking physicians
Ivrach professional network for russian speaking physiciansIvrach professional network for russian speaking physicians
Ivrach professional network for russian speaking physicians
Oxana Kolosova
 
DIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of Obama
DIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of ObamaDIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of Obama
DIA 2014 Marketing Pharmaceuticals Conf Marketing in Age of Obama
Dale Cooke
 
Dnr mediakit
Dnr mediakitDnr mediakit
Dnr mediakit
Stanislav Sazhin
 
The Security of Electronic Health Information Survey
The Security of Electronic Health Information SurveyThe Security of Electronic Health Information Survey
The Security of Electronic Health Information Survey
loglogic
 
Health Datapalooza 2013: Datalab - Steven Cohen
Health Datapalooza 2013: Datalab - Steven CohenHealth Datapalooza 2013: Datalab - Steven Cohen
Health Datapalooza 2013: Datalab - Steven Cohen
Health Data Consortium
 
Staying Compliant in a Social World
Staying Compliant in a Social WorldStaying Compliant in a Social World
Staying Compliant in a Social World
Dale Cooke
 
Five Minute Market Snapshot April 2011
Five Minute Market Snapshot April 2011Five Minute Market Snapshot April 2011
Five Minute Market Snapshot April 2011
nancydivito
 
What is the Sunshine Act?
What is the Sunshine Act?What is the Sunshine Act?
What is the Sunshine Act?
Quorum Review - Independent Review Board
 
Ad-Promo Search Engine Marketing Presentation
Ad-Promo Search Engine Marketing PresentationAd-Promo Search Engine Marketing Presentation
Ad-Promo Search Engine Marketing Presentation
Dale Cooke
 
Hitech Act and How It Impacts EHR
Hitech Act and How It Impacts EHRHitech Act and How It Impacts EHR
Hitech Act and How It Impacts EHR
PALIO
 
Compliant Promotion in an On-demand World
Compliant Promotion in an On-demand WorldCompliant Promotion in an On-demand World
Compliant Promotion in an On-demand World
Dale Cooke
 
Integrating Social Media into Healthcare Systems Practice
Integrating Social Media into Healthcare Systems PracticeIntegrating Social Media into Healthcare Systems Practice
Integrating Social Media into Healthcare Systems Practice
Mike Moore
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
Hudson Valley Public Relations
 
Appam2011 access de_leire
Appam2011 access de_leireAppam2011 access de_leire
Appam2011 access de_leire
soder145
 
Electronic Review Systems
Electronic Review SystemsElectronic Review Systems
Electronic Review Systems
Dale Cooke
 
Infographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionInfographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimension
The Economist Media Businesses
 
Dnr mediakit1
Dnr mediakit1Dnr mediakit1
Dnr mediakit1
Stanislav Sazhin
 
PhillyCooke eCTD Submissions for Ad-Promo
PhillyCooke eCTD Submissions for Ad-PromoPhillyCooke eCTD Submissions for Ad-Promo
PhillyCooke eCTD Submissions for Ad-Promo
Dale Cooke
 
DIA Marketing Pharmaceuticals 2015 Leveraging Innovative Technologies
DIA Marketing Pharmaceuticals 2015 Leveraging Innovative TechnologiesDIA Marketing Pharmaceuticals 2015 Leveraging Innovative Technologies
DIA Marketing Pharmaceuticals 2015 Leveraging Innovative Technologies
Dale Cooke
 
Regulatory Considerations in Mobile Programs
Regulatory Considerations in Mobile ProgramsRegulatory Considerations in Mobile Programs
Regulatory Considerations in Mobile Programs
Dale Cooke
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
arshidkb
 
Sunset Commission To Recommend Abolishing Anabolic Steroid Testing Program
Sunset Commission To Recommend Abolishing Anabolic Steroid Testing ProgramSunset Commission To Recommend Abolishing Anabolic Steroid Testing Program
Sunset Commission To Recommend Abolishing Anabolic Steroid Testing Program
isteroidscom
 
Ransomware Attacks on Medical Devices on the Rise
Ransomware Attacks on Medical Devices on the RiseRansomware Attacks on Medical Devices on the Rise
Ransomware Attacks on Medical Devices on the Rise
EMMAIntl
 
Aneesh Chopra's Keynote at the Health 2.0's Provider Symposium
Aneesh Chopra's Keynote at the Health 2.0's Provider SymposiumAneesh Chopra's Keynote at the Health 2.0's Provider Symposium
Aneesh Chopra's Keynote at the Health 2.0's Provider Symposium
health2dev
 
The Impact and Use of Social Media in Pharmacovigilance
The Impact and Use of Social Media in PharmacovigilanceThe Impact and Use of Social Media in Pharmacovigilance
The Impact and Use of Social Media in Pharmacovigilance
Covance
 

Más contenido relacionado

La actualidad más candente

Health Datapalooza 2013: Datalab - Steven Cohen
Health Datapalooza 2013: Datalab - Steven CohenHealth Datapalooza 2013: Datalab - Steven Cohen
Health Datapalooza 2013: Datalab - Steven Cohen
Health Data Consortium
 
Staying Compliant in a Social World
Staying Compliant in a Social WorldStaying Compliant in a Social World
Staying Compliant in a Social World
Dale Cooke
 
Five Minute Market Snapshot April 2011
Five Minute Market Snapshot April 2011Five Minute Market Snapshot April 2011
Five Minute Market Snapshot April 2011
nancydivito
 
Compliant Promotion in an On-demand World
Compliant Promotion in an On-demand WorldCompliant Promotion in an On-demand World
Compliant Promotion in an On-demand World
Dale Cooke
 
Appam2011 access de_leire
Appam2011 access de_leireAppam2011 access de_leire
Appam2011 access de_leire
soder145
 
Regulatory Considerations in Mobile Programs
Regulatory Considerations in Mobile ProgramsRegulatory Considerations in Mobile Programs
Regulatory Considerations in Mobile Programs
Dale Cooke
 

La actualidad más candente (20)

The Security of Electronic Health Information Survey
The Security of Electronic Health Information SurveyThe Security of Electronic Health Information Survey
The Security of Electronic Health Information Survey
 
Health Datapalooza 2013: Datalab - Steven Cohen
Health Datapalooza 2013: Datalab - Steven CohenHealth Datapalooza 2013: Datalab - Steven Cohen
Health Datapalooza 2013: Datalab - Steven Cohen
 
Staying Compliant in a Social World
Staying Compliant in a Social WorldStaying Compliant in a Social World
Staying Compliant in a Social World
 
Five Minute Market Snapshot April 2011
Five Minute Market Snapshot April 2011Five Minute Market Snapshot April 2011
Five Minute Market Snapshot April 2011
 
What is the Sunshine Act?
What is the Sunshine Act?What is the Sunshine Act?
What is the Sunshine Act?
 
Ad-Promo Search Engine Marketing Presentation
Ad-Promo Search Engine Marketing PresentationAd-Promo Search Engine Marketing Presentation
Ad-Promo Search Engine Marketing Presentation
 
Hitech Act and How It Impacts EHR
Hitech Act and How It Impacts EHRHitech Act and How It Impacts EHR
Hitech Act and How It Impacts EHR
 
Compliant Promotion in an On-demand World
Compliant Promotion in an On-demand WorldCompliant Promotion in an On-demand World
Compliant Promotion in an On-demand World
 
Integrating Social Media into Healthcare Systems Practice
Integrating Social Media into Healthcare Systems PracticeIntegrating Social Media into Healthcare Systems Practice
Integrating Social Media into Healthcare Systems Practice
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
 
Appam2011 access de_leire
Appam2011 access de_leireAppam2011 access de_leire
Appam2011 access de_leire
 
Electronic Review Systems
Electronic Review SystemsElectronic Review Systems
Electronic Review Systems
 
Infographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionInfographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimension
 
Dnr mediakit1
Dnr mediakit1Dnr mediakit1
Dnr mediakit1
 
PhillyCooke eCTD Submissions for Ad-Promo
PhillyCooke eCTD Submissions for Ad-PromoPhillyCooke eCTD Submissions for Ad-Promo
PhillyCooke eCTD Submissions for Ad-Promo
 
DIA Marketing Pharmaceuticals 2015 Leveraging Innovative Technologies
DIA Marketing Pharmaceuticals 2015 Leveraging Innovative TechnologiesDIA Marketing Pharmaceuticals 2015 Leveraging Innovative Technologies
DIA Marketing Pharmaceuticals 2015 Leveraging Innovative Technologies
 
Regulatory Considerations in Mobile Programs
Regulatory Considerations in Mobile ProgramsRegulatory Considerations in Mobile Programs
Regulatory Considerations in Mobile Programs
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Sunset Commission To Recommend Abolishing Anabolic Steroid Testing Program
Sunset Commission To Recommend Abolishing Anabolic Steroid Testing ProgramSunset Commission To Recommend Abolishing Anabolic Steroid Testing Program
Sunset Commission To Recommend Abolishing Anabolic Steroid Testing Program
 
Ransomware Attacks on Medical Devices on the Rise
Ransomware Attacks on Medical Devices on the RiseRansomware Attacks on Medical Devices on the Rise
Ransomware Attacks on Medical Devices on the Rise
 

Similar a Protecting Health Data_FINAL3

HADM 5431 Healthcare Information Technology The Rev.docx
HADM 5431 Healthcare Information Technology The Rev.docxHADM 5431 Healthcare Information Technology The Rev.docx
HADM 5431 Healthcare Information Technology The Rev.docx
whittemorelucilla
 
IPO Bridge FINAL20160630 1500_1 (2)
IPO Bridge FINAL20160630 1500_1 (2)IPO Bridge FINAL20160630 1500_1 (2)
IPO Bridge FINAL20160630 1500_1 (2)
DJuan Bracey
 
httpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docx
httpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docxhttpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docx
httpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docx
wellesleyterresa
 
Dhc members reaction on final mobile app guidance 9 26-13
Dhc members reaction on final mobile app guidance 9 26-13Dhc members reaction on final mobile app guidance 9 26-13
Dhc members reaction on final mobile app guidance 9 26-13
Digital Health Coalition
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_article
Lauren Rosen
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docx
LeilaniPoolsy
 
Mobile Health Application Framework for an Ideal User Experience: A User-Cent...
Mobile Health Application Framework for an Ideal User Experience: A User-Cent...Mobile Health Application Framework for an Ideal User Experience: A User-Cent...
Mobile Health Application Framework for an Ideal User Experience: A User-Cent...
CrimsonpublishersTTEH
 

Similar a Protecting Health Data_FINAL3 (20)

Aneesh Chopra's Keynote at the Health 2.0's Provider Symposium
Aneesh Chopra's Keynote at the Health 2.0's Provider SymposiumAneesh Chopra's Keynote at the Health 2.0's Provider Symposium
Aneesh Chopra's Keynote at the Health 2.0's Provider Symposium
 
The Impact and Use of Social Media in Pharmacovigilance
The Impact and Use of Social Media in PharmacovigilanceThe Impact and Use of Social Media in Pharmacovigilance
The Impact and Use of Social Media in Pharmacovigilance
 
Social media in_pv_whitepaper
Social media in_pv_whitepaperSocial media in_pv_whitepaper
Social media in_pv_whitepaper
 
HADM 5431 Healthcare Information Technology The Rev.docx
HADM 5431 Healthcare Information Technology The Rev.docxHADM 5431 Healthcare Information Technology The Rev.docx
HADM 5431 Healthcare Information Technology The Rev.docx
 
9 Essential Features in an Insurtech Platform
9 Essential Features in an Insurtech Platform9 Essential Features in an Insurtech Platform
9 Essential Features in an Insurtech Platform
 
Protecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealthProtecting Privacy, Security and Patient Safety in mHealth
Protecting Privacy, Security and Patient Safety in mHealth
 
IPO Bridge FINAL20160630 1500_1 (2)
IPO Bridge FINAL20160630 1500_1 (2)IPO Bridge FINAL20160630 1500_1 (2)
IPO Bridge FINAL20160630 1500_1 (2)
 
Recall Bias and Digital Health Market Research
Recall Bias and Digital Health Market ResearchRecall Bias and Digital Health Market Research
Recall Bias and Digital Health Market Research
 
e-HealthWhitepaper
e-HealthWhitepapere-HealthWhitepaper
e-HealthWhitepaper
 
httpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docx
httpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docxhttpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docx
httpswww.ted.comtalksshyam_sankar_the_rise_of_human_computer_.docx
 
HIPAA Compliance Mobile App Development: A Complete Guide
HIPAA Compliance Mobile App Development: A Complete GuideHIPAA Compliance Mobile App Development: A Complete Guide
HIPAA Compliance Mobile App Development: A Complete Guide
 
Playing with FHIR security analisis.pdf
Playing with FHIR security analisis.pdfPlaying with FHIR security analisis.pdf
Playing with FHIR security analisis.pdf
 
Dhc members reaction on final mobile app guidance 9 26-13
Dhc members reaction on final mobile app guidance 9 26-13Dhc members reaction on final mobile app guidance 9 26-13
Dhc members reaction on final mobile app guidance 9 26-13
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_article
 
building-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdfbuilding-a-secure-medical-app-with-dot-net.pdf
building-a-secure-medical-app-with-dot-net.pdf
 
mHealth App: Balancing Agility, Risks, and Regulatory Compliance
mHealth App: Balancing Agility, Risks, and Regulatory CompliancemHealth App: Balancing Agility, Risks, and Regulatory Compliance
mHealth App: Balancing Agility, Risks, and Regulatory Compliance
 
Open ap is-infrastructure4innovation_internetofhealth2018_v3
Open ap is-infrastructure4innovation_internetofhealth2018_v3Open ap is-infrastructure4innovation_internetofhealth2018_v3
Open ap is-infrastructure4innovation_internetofhealth2018_v3
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docx
 
8 Recommended Features for a Health Insurance Mobile App
8 Recommended Features for a Health Insurance Mobile App8 Recommended Features for a Health Insurance Mobile App
8 Recommended Features for a Health Insurance Mobile App
 
Mobile Health Application Framework for an Ideal User Experience: A User-Cent...
Mobile Health Application Framework for an Ideal User Experience: A User-Cent...Mobile Health Application Framework for an Ideal User Experience: A User-Cent...
Mobile Health Application Framework for an Ideal User Experience: A User-Cent...
 

Protecting Health Data_FINAL3

  • 2. Many thanks to member of HL7 Mobile Healthcare subcommittee for providing the motivation. If you are interested in joining in, see the wiki : http://wiki.hl7.org/index.php?title=Mobile_Health
  • 3. http://www.reuters.com/article/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924 *Ponemon Institute annual Cost of Data Breach Study: Global Analysis, sponsored by IBM. See http://www.ponemon.org **ibid, Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2016
  • 5.
  • 6. There is ample guidance in the public literature. Some sources follow:
  • 7. Start Here FTC/ONC/OCR/FDA Compliance check list: https://www.ftc.gov/tips-advice/business- center/guidance/mobile-health-apps-interactive-tool Determine end-use of application Evaluate which “compliance” guidelines are applicable HIPAA Path Non HIPAA Path Web Site Security APP Security End Point Security Application Layer Service Layer Physical Layer
  • 8. Guide to Storage EncryptionTechnologies for End User Devices Guidelines for the Selection and Use ofTransport Layer Security (TLS) Implementations Guide to IPsecVPNs; or 800-113,Guide to SSLVPNs Guidelines for Media Sanitization
  • 9.
  • 10. Role Usage Architect Understand guidance Designer Decide on approach Implementer Consider whether each approach introduces a vulnerability Operations Review vulnerabilities and exploits such as found in OWASP and other sources Then conduct your own Risk Assessment here: www.HealthIT.gov/security-risk-assessment
  • 11. *Informal survey.Your results may vary and ‘values’ change frequently.
  • 12.
  • 13. By Michelle McNickle, reporting on ID Experts opinions in HealthCare IT News, Sept 30, 2011 Ask yourself: “ how can our customers use the features/tools/and visibilities in our products to satisfy their security requirements?”