= AUDIO. The Importance of Mobile Device Management in HIT. An Important Reminder. Mission of OFMQ 12/9/2015

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "= AUDIO. The Importance of Mobile Device Management in HIT. An Important Reminder. Mission of OFMQ 12/9/2015"

Transcription

1 The Importance of Mobile Device Management in HIT Mario Cruz OFMQ Chief Information Officer An Important Reminder For audio, you must use your phone: Step 1: Call (866) Step 2: Enter code #. Step 3: Mute your phone!!! = AUDIO 2 Mission of OFMQ OFMQ is a not for profit, consulting company dedicated to advancing healthcare quality. Since 1972, we ve been a trusted resource through collaborative partnerships and hands on support to healthcare communities. 1

2 OFMQ Areas of Expertise Analytics Case Review Education IT Consulting Health Information Technology National Quality Measures Quality Improvement HIT Service Lines Security Risk Assessment Level 1, 2, and 3 Meaningful Use Assistance Meaningful Use Audit Support Risk Management Consulting and Development Staff IT Security Training Website Development & Secure IT Consulting Mario Cruz Mario is the Chief Information Officer at OFMQ and has more than 15 years of IT experience in applications development and engineering, systems architecture, Mario has extensive expertise in IT Security and has conducted and participated in multiple FISMA security audits. Currently, he provides HIPAA and IT Security consultative services for various Healthcare Providers throughout the region and serves as technical lead for various organizational healthcare initiatives. 2

3 Topics Statistics Mobile Device Uses, Risks, and Value Protecting Mobile Devices Mobile Device Management Options Action Items Interesting Statistics 2/3 of Americans utilize a smartphone (PEW) 97% of mobile apps have access to private data without appropriate security (Symantec) 60% of malware attacks targeted small and medium sized businesses (Symantec) Mobile device exploits make up a small percentage of recorded incidents (Verizon) Top Causes of Data Breach 3

4 Healthcare Breach Statistics Between 2010 and 2014, 68% of data breaches were a result of device theft or loss (Bitglass) As of (HHS) 242 reported breaches affecting 500+ individuals 58 (24%) of those involved a laptop or other portable electronic device 2 of 5 breaches involving Oklahoma healthcare providers were the result of a lost/stolen laptop Over 120 Million Records account for 68% of all records breached across all industries (ITRC) What are Mobile Devices? Any device that is taken offsite that has the capability of storing and/or transmitting information Laptops Tablets Phones/Smart Phones Flash Drives Recording Devices How are They Used in Healthcare? Communication with clinical staff Direct access to EHR Direct access to clinical tools & resources Generation and capture of reports Personal Use Facebook Pinterest News 4

5 What are the Risks? Volume of Data Available on Devices Type of Data Available on Devices Demand and Value of PHI Ease of Loss and Theft Demand and Value of Devices Lack of Default Controls for Protection How is Information Extracted? Direct access to device memory Connect device like a USB stick Connect device as hard drive using over the counter products Software & Free Utilities Free software to access deleted items Free software to crack device passcodes Free software to bypass security mechanisms How is Information Used? Identity Theft Obtain Credit File False Tax Returns Submit False Claims Obtain Prescriptions Impersonation in other Countries Extortion 5

6 What is Health Data Worth? Worth times more than a credit card (Reuters) Great Return on Investment Info can be used repeatedly Single chart worth as much as $50 (FBI Notification) Compare to Credit card number with one time use at a black market price as low as $0.99 Protecting Mobile Devices Encrypt #1 simplest safeguard to implement In most cases, encrypted devices do not require breach notification if lost/stolen. Strong Password Protect Require passcode on all mobile devices Require password for device entry access Require password for secure software access Utilize Layered Protection Device firewalls Antivirus Antimalware Tracking software Remote erase Auto erase Protecting Laptops Utilize Full Disk Encryption McAfee, Sophos, Symantec, CheckPoint, BitLocker Password Protect BIOS Utilize Strong Passwords 8 character (Uppercase, Lowercase, Number, Special Character) Minimum Utilize Antivirus, Anti Malware, Firewall Do not utilize an account with Administrator level rights Utilize Remote Management Software MaaS360, Airwatch, Enterprise Management Software Utilize Recovery Software LoJack, GadgetTrak 6

7 Protecting Smartphones Require Passcode Utilize Encryption Built in to many devices + 3 rd party apps Use Secure Messaging Apps TigerText, EHR Apps, Spok, qliqsoft Utilize Mobile Device Management Software Utilize AV Software Not all devices supported Don t Text about Patients Protecting Portable Storage Devices/Voice Recorders Utilize Encrypted Flash Drives Iron Key, Kingston Data Traveler, Imation Defender Enable Auto Erase Features Utilize Strong Passwords 12 character (Uppercase, Lowercase, Number, Special Character) Minimum Utilize Encrypted Digital Recorders Encrypt Contents Prior to Transport Mobile Device Management Software designed to centrally manage devices Provides tools to establish baseline configurations Passcodes, Encryption, Restrictions, Applications, etc. Provides tools for remote administration Tracking, Erasing, Communication, Support, Application Administration Provides assurance of configuration and security Provides baseline security 7

8 Mobile Device Management OEM Apple Apple Configurator Apple only Free Small Business Solution Small Number of Devices Limited Functionality Manual Tool Set passcode, restrictions, enable/disable features, , and apps Limited Remote Management Relatively Easy to Use Android Mobile Management Android for Work Google Apps Free to Google Apps Users (Paid Service) Wide support for a variety of devices Set passcode, restrictions, enable/disable features, , and apps Full Remote Administration and Management Requires some IT Know how Mobile Device Management Mail Server Options Exchange/Office 365 ActiveSync Built in tools for free management of devices Configure minimum requirements for accessing corporate resources (mail, contacts, calendar) Enforce Encryption, Passcode Policies, Remote Wipe/Administration(limited) Technically Free Google Mobile Management Similar to ActiveSync Set passcode, restrictions, enable/disable features, , and apps Full Remote Administration and Management Requires some IT Know how Free to Google Apps Users Mobile Device Management 3 rd Party Solutions Subscription base solutions pricing per device Full management, tracking, and remote administration of devices Control apps, content, real time tracking, wiping, and configuration Free $10 per device depending on functionality Most are Cloud based Can get extremely granular Vendors include MaaS360, AirWatch, MobileIron, Good, Sophos, Blackberry, Dell, Miradore, Meraki 8

9 Action Items Encrypt All Mobile Devices Utilize Remote Management Tools Enforce Strong Password Policies Account for all Personal & Corporate Devices Reduce Risk in Organization Document your Mobile Device Policies Follow the Trend Contact OFMQ for More Information Questions? We Are Here To Help! Call: (405) Visit: Free HIT Workshops HIT Workshop #2 Jan 19, 2016 Tulsa Tech Conf Center Owasso Campus HIT Workshop #3 March 2, 2016 Ardmore Convention Center Register at webex 9

10 Thank you! 10

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal

More information

School of Nursing Research Seminar. Data Security in The Academic Health Center. Presented By Jon Harper AHC Information Systems

School of Nursing Research Seminar. Data Security in The Academic Health Center. Presented By Jon Harper AHC Information Systems School of Nursing Research Seminar Data Security in The Academic Health Center Presented By Jon Harper AHC Information Systems 1 Overview of AHC-IS and Supported Services Provide desktop support to ~8500+

More information

EndUser Protection. Peter Skondro. Sophos

EndUser Protection. Peter Skondro. Sophos EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application

More information

Security. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus.

Security. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus. Mobile Device Security FOR by Rich Campagna, Subbu Iyer, and Ashwin Krishnan Foreword by Mark Bauhaus Executive Vice President, Device and Network Systems Business Group, Juniper Networks WILEY John Wiley

More information

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012 BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.

More information

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

The Must Have Tools To Address Your Compliance Challenge

The Must Have Tools To Address Your Compliance Challenge The Must Have Tools To Address Your Compliance Challenge Industry leading Education October 21 - Top 5 tools to help you achieve HIPAA compliance November 11 - Saving time and money through web-based benefits

More information

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA

More information

Mobile Device Management for CFAES

Mobile Device Management for CFAES Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are

More information

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE

2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE 2016 Digital Safety Class UNDERSTAND YOUR RISKS AND STAY TOTALLY SECURE JESSE ROBERTSON, TECH 4 LIFE WHO ARE WE? 12 years of local Tech, Training and Website services Service the 4 areas of life Regularly

More information

HIPAA Requirements and Mobile Apps

HIPAA Requirements and Mobile Apps HIPAA Requirements and Mobile Apps OCR/NIST 2013 Annual Conference Adam H. Greene, JD, MPH Partner, Washington, DC Use of Smartphones and Tablets Is Growing 2 How Info Sec Sees Smartphones Easily Lost,

More information

Anatomy of a Healthcare Data Breach

Anatomy of a Healthcare Data Breach BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared

More information

Mobile Device Security

Mobile Device Security Mobile Device Security Presented by Kelly Wilson Manager of Information Security, LCF Research New Mexico Health Information Collaborative (NMHIC) and the New Mexico Health Information Technology Regional

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

My CEO wants an ipad now what? Mobile Security for the Enterprise

My CEO wants an ipad now what? Mobile Security for the Enterprise My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager

More information

A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK

A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK Chris Apgar Andy Nieto 2015 OVERVIEW How to get started assessing your risk What your options are how to protect PHI What s the

More information

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone

More information

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com 1 Business drivers and their impact on IT AGILITY! Move fast, be nimble

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Mobile Device Security Is there an app for that?

Mobile Device Security Is there an app for that? Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

Why you need. McAfee. Multi Acess PARTNER SERVICES

Why you need. McAfee. Multi Acess PARTNER SERVICES Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices

More information

HELPFUL TIPS: MOBILE DEVICE SECURITY

HELPFUL TIPS: MOBILE DEVICE SECURITY HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

Appendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management

Appendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management Appendix 1b DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Review of Mobile Portable Devices Management DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones

More information

Medical Information Breaches: Are Your Records Safe?

Medical Information Breaches: Are Your Records Safe? Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential

More information

Network Security for End Users in Health Care

Network Security for End Users in Health Care Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information

More information

AirWatch Solution Overview

AirWatch Solution Overview AirWatch Solution Overview Marenza Altieri-Douglas - AirWatch Massimiliano Moschini Brand Specialist Itway 2014 VMware Inc. All rights reserved. Cloud Computing 2 BYOD 3 Device aziendali? 4 From Client/Server

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014

Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright

More information

HIPAA Privacy and Information Security Management Briefing

HIPAA Privacy and Information Security Management Briefing HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)

More information

Data Managers Interest Group. Research. April 17, 2012

Data Managers Interest Group. Research. April 17, 2012 Data Managers Interest Group Institute of Clinical and Translational Research April 17, 2012 Privacy & Security Contacts hipaa@jhmi.edu network.security@jhmi.edu IT Help Desk 410.735.4357 3 Or you can

More information

Information Security for the Rest of Us

Information Security for the Rest of Us Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT

More information

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security

Healthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security Healthcare Security Vulnerabilities Adam Goslin Chief Operations Officer High Bit Security Webinar Overview IT Security and Data Loss Breach Sources / Additional Information Recent Medical Breach / Loss

More information

Data Security in a Mobile, Cloud-Based World

Data Security in a Mobile, Cloud-Based World Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1 Trends Mobile Has Taken Over Trend #1 2 3 450 million users worldwide Adopted

More information

BlackBerry Enterprise Server Express. Why upgrade from your current BlackBerry experience?

BlackBerry Enterprise Server Express. Why upgrade from your current BlackBerry experience? BlackBerry Enterprise Server Express Why upgrade from your current BlackBerry experience? Introducing BlackBerry Enterprise Server Express BlackBerry software transforms your smartphone into a productivity

More information

EHR Incentive Program Updates. Jason Felts, MS HIT Practice Advisor

EHR Incentive Program Updates. Jason Felts, MS HIT Practice Advisor EHR Incentive Program Updates Jason Felts, MS HIT Practice Advisor An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123. Step 2: Enter code 2071585#. Step 3: Mute your

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

Medicaid Enterprise Systems Conference 2012

Medicaid Enterprise Systems Conference 2012 Medicaid Enterprise Systems Conference 2012 Best Practices for Using HIT and HIEs to Keep PHI Secure in an Increasingly Mobile and Technical World Presenters: Charles Sutton, Senior Executive Health Product

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

GadgetTrak Mobile Security Android & BlackBerry Installation & Operation Manual

GadgetTrak Mobile Security Android & BlackBerry Installation & Operation Manual GadgetTrak Mobile Security Android & BlackBerry Installation & Operation Manual Overview GadgetTrak Mobile Security is an advanced software application designed to assist in the recovery of your mobile

More information

AirWatch for Android Devices

AirWatch for Android Devices Overview What is AirWatch AirWatch is the mobile device management (MDM) system provided by UMHS to ensure security for smart phones and tablets that connect to the UMHS environment. AirWatch provides

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Adams County, Colorado

Adams County, Colorado Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy Converting a Device Whose phones will be wiped on Wednesday, January 30? If you continue to have a company-paid phone, you are

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

HIPAA compliance audit: Lessons learned apply to dental practices

HIPAA compliance audit: Lessons learned apply to dental practices HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

HIPAA Security Rule Changes and Impacts

HIPAA Security Rule Changes and Impacts HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

IT Resource Management & Mobile Data Protection vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity

More information

What s New with HIPAA? Policy and Enforcement Update

What s New with HIPAA? Policy and Enforcement Update What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final

More information

Checklist of Requirements for Protection of Restricted Data College of Medicine Departments (v 03/2014)

Checklist of Requirements for Protection of Restricted Data College of Medicine Departments (v 03/2014) hecklist of Requirements for Protection of Restricted ata ollege of Medicine epartments (v 03/2014) These requirements must be met to comply with U data protection policies, including HIPAA Policies and

More information

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central. POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University

More information

Keeping Data Safe. Patients, Research Subjects, and You

Keeping Data Safe. Patients, Research Subjects, and You Keeping Data Safe Patients, Research Subjects, and You How do hackers access a system Hackers Lurking in Vents and Soda Machines By NICOLE PERLROTH APRIL 7, 2014 New York Times SAN FRANCISCO They came

More information

SafeMail April 2015. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres.

SafeMail April 2015. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres. SafeMail April 2015 Secure cloud solutions with guaranteed UK data sovereignty. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres. Detailing the

More information

Microsoft Outlook Phone Set Up

Microsoft Outlook Phone Set Up Microsoft Outlook Phone Set Up 2013 Information Technology Services 2013 Microsoft Corporation. All rights reserved Contents Set up Microsoft Exchange email on an Android... 3 Set up Exchange email on

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because

More information

CJIS SECURITY POLICY: VERSION 5.2 CHANGES AND THE UPCOMING REQUIREMENTS.

CJIS SECURITY POLICY: VERSION 5.2 CHANGES AND THE UPCOMING REQUIREMENTS. CJIS SECURITY POLICY: VERSION 5.2 CHANGES AND THE UPCOMING REQUIREMENTS. Alan Ferretti CJIS Information Security Officer Texas Department of Public Safety CJIS Security Policy version 5.2: On 8/9/2013

More information

Mobile Device Management (MDM) Policies

Mobile Device Management (MDM) Policies Mobile Device Management (MDM) Policies Best Practices Guide Copyright 2012 Fiberlink Communications Corporation. All rights reserved. Information in this document is subject to change without notice.

More information

Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes

Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes Watch the Replay Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes FairWarning Executive Webinar Series May 20, 2014 #AnytimeAudit Today s Panel Laura E. Rosas, JD, MPH

More information

Salmon Group, Inc. An 8(a) Certified, Veteran owned company

Salmon Group, Inc. An 8(a) Certified, Veteran owned company www.salmongroupinc.com info@salmongroupinc.com Main Office: 888.751.5551 Fax: 240.607.6712 About Us We are a: Maryland-based, Veteran Owned Corporation Certified participant of the SBA 8(a) and Small Disadvantaged

More information

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data. Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating

More information

Healthcare Buyers Guide: Mobile Device Management

Healthcare Buyers Guide: Mobile Device Management Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

PULSE SECURE FOR GOOGLE ANDROID

PULSE SECURE FOR GOOGLE ANDROID DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Harbor Regional Center Service Provider Training July 27, 2015 Information Security & Electronic Document Management Systems

Harbor Regional Center Service Provider Training July 27, 2015 Information Security & Electronic Document Management Systems Harbor Regional Center Service Provider Training July 27, 2015 Information Security & Electronic Document Management Systems 1 1 INFORMATION SECURITY 2 Judy Wada Chief Financial Officer The protection

More information

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE

More information

Our Commitment to Information Security

Our Commitment to Information Security Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as

More information

Southwest Airlines 2013 Terms of Use Portable Devices Feb 2013

Southwest Airlines 2013 Terms of Use Portable Devices Feb 2013 1 TERMS OF USE As of February 3, 2013 The following terms and conditions of use ( Terms of Use ) form a legally binding agreement between you (an entity or person) and Southwest Airlines Co. ( Southwest

More information

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased

More information

BYOD and Its Impact on IT. Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment

BYOD and Its Impact on IT. Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment BYOD and Its Impact on IT Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment BYOD and IT D means Apple products Macs iphones ipads Android phones IT means Microsoft

More information

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

Android support for Microsoft Exchange in pure Google devices

Android support for Microsoft Exchange in pure Google devices Android support for Microsoft Exchange in pure Google devices Note: The information presented here is intended for Microsoft Exchange administrators who are planning and implementing support for any of

More information

Unit 6 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Unit 6 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D. Running head: UNIT 6 RESEARCH PROJECT 1 Unit 6 Research Project Eddie S. Jackson Kaplan University IT540: Management of Information Security Kenneth L. Flick, Ph.D. 10/28/2014 UNIT 6 RESEARCH PROJECT 2

More information

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information

More information

SOMITS is located in the 1648 Pierce Drive School of Medicine Building, Suite AB51.

SOMITS is located in the 1648 Pierce Drive School of Medicine Building, Suite AB51. School of Medicine Information Technology Services All newly enrolled School of Medicine students are encouraged to visit the School of Medicine s IT office before orientation to obtain help configuring

More information

Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest

Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest Look back on 2010 Agenda Incident types Inside Job? Source of Risk Role of Encryption Some Conclusions 2010 A Year In Review

More information

INSIGHTS CUPP COMPUTING MOBILE SECURITY MULTINATIONAL DECISIONMAKERS STUDY 2015

INSIGHTS CUPP COMPUTING MOBILE SECURITY MULTINATIONAL DECISIONMAKERS STUDY 2015 INSIGHTS CUPP COMPUTING MOBILE SECURITY MULTINATIONAL DECISIONMAKERS STUDY 2015 CHERYL HARRIS, PH.D. DECISIVE ANALYTICS LLC 575 MADISON AVENUE, 10 TH FL NEW YORK, NY 10022 917.628.6167 14. January 2015

More information

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program

More information

Sophos Mobile Control - Competitive Overview

Sophos Mobile Control - Competitive Overview Sophos Mobile Control - Competitive Overview Content Page Introduction to MDM Market overview, positioning and discovery questions 2 Lightweight vs Heavy weight approaches 3 Competitive comparisons AirWatch

More information