Digital Identity in Healthcare: What's Coming Down the Pike. Lisa Gallagher, BSEE, CISM, CPHIMS, FHIMSS VP, Technology Solutions, HIMSS
|
|
- Meghan Douglas
- 8 years ago
- Views:
Transcription
1 Digital Identity in Healthcare: What's Coming Down the Pike Lisa Gallagher, BSEE, CISM, CPHIMS, FHIMSS VP, Technology Solutions, HIMSS
2 Discussion What is the Problem? What is Digital Identity and How Does it Relate to Healthcare? What is NSTIC? The NSTIC CSDII / Inova Healthcare Pilot The Future for Healthcare
3 What is the Problem? Patient and Provider Data Access - Individuals often need to manage numerous accounts with user names and passwords These types of Access Controls are not sufficient. In fact, A recent study shows that 76% of network intrusions exploited weak or stolen credentials 1 Identity proofing and verification is essential to ensure proper delivery of care and protect privacy 1 Source: 2013 Data Breach Investigations Report, Verizon and US Secret Service
4 What is a Medical Record? A Medical record is a permanent record that contains identifiable medical information, and is intended for use in decision-making relevant to a patient s health coverage, diagnosis and treatment. Often includes a patient s name, Social Security number, address, insurance number or other identifier that links to an individual. A medical record can be in paper or electronic form and can be maintained by payers, providers and/or business associates.
5 The Value of Medical Identity Criminals - Use of Medical Identities to commit fraud (for example, to improperly obtain medical goods, services, or pharmaceuticals) or to bill payers (private, Medicare/Medicaid) for such that are never delivered or received. This is more profitable than drugs, prostitution, and other forms of identity theft. Ordinary people Medical identities can easily be shared to obtain medical goods, services or drugs. Thus, the value of such identities can be 20 to 50 times the value of financial records alone.
6 Types of Medical Identity Theft Medical identity theft refers to the misuse of another individual s PII, such as name, date of birth, SSN, or insurance policy number to obtain or bill for medical services or medical goods. 1 Robin Hood Fraud When an individual knowingly gives a friend or family member information to fraudulently receive healthcare services or goods. 1 - HHS Office of the National Coordinator, Medical Identity Theft Environmental Scan, October 15, 2008,
7 Risks to Individual Patient Financial Reputation/Credit Report Patient Safety Coverage /Access
8 Recent Press USA Today Sept. 13, 2014 There is an epidemic of medical identity theft. Mentions: Hacks of Healthcare.gov Healthcare.gov navigators not required to have background checks Community Health System hack by Chinese actors Fortune Aug. 31, 2014 Medical identity theft: How the health care industry is failing us. Healthcare industry is failing to: Detect Mitigate Share information Create sources of threat and incident data
9 Some Numbers A minimum of 3% of our healthcare spending is fraudulent and abusive 1 ; that translates to over $114 billion* annually to our healthcare system 1 My Math. Medical ID theft is about 3 percent of healthcare fraud overall that translates to $3.4 billion as the cost of medical ID theft to the system as a whole Kaiser Report - In early 2014, the Identity Theft Resource Center produced a survey showing that medical-related identity theft accounted for 43 percent of all identity thefts reported in the United States in (This is stated poorly actual ITRC report states that this is percentage of breaches.) 1 Source NHCAA (National Healthcare Anti-Fraud Association) * - I ve seen estimates of $80 Bilion to $230 Billion
10 Unique Challenge for Healthcare: Patient Data/Record Matching Patient Data Matching is the task of identifying, matching, and/or merging records that belong to the same patient that are currently store in multiple applications or databases. Problem Statement: Today there exists no safe and effective way to identify and accurately link patients with their clinical data.
11 Patient Data Matching - Challenges A 2008 Rand Corporation Study 1 estimated that 8%-10% of EMRs contain errors related to matching patients with their data. A 2009 HIMSS White Paper 2 documented nine factors that contribute to/influence current error rates. In the near term, consistent patient data-matching strategy is absolutely essential to obtaining the full benefits of health information technology, controlling costs, and ensuring patient safety. A 2012 HIMSS White Paper provides Measures and Key Attributes for
12 Work on Patient Data Matching Near Term Industry improve current matching algorithms HIMSS address future matching across HIEs/data exchange HIMSS Innovator-in-Residence Project with HHS and industry Long Term Migration to use of Multi-factor, Multi-Level-of-Assurance Digital Identity
13 HIMSS Innovator-In-Residence Project IIR is Embedded at HHS Office of CTO, and ONC Project Work on Data Quality Joint industry project (with WEDI, MGMA, others) on a Virtual Clipboard Test Open Algorithms against Gold Standard Data Set Validate using both Real and Synthetic Data Sets Set benchmark and reduce variables Create permanent test bed
14 Future Use of Digital Identity Migration to use of Multi-factor, Multi-Level-of-Assurance Digital Identity Work within the strategy being Developed by the National Strategy for Trusted Identities in Cyberspace (NSTIC) Project
15 What is Digital Identity?
16 What is Digital Identity?
17 Identity Management is Evolving - Gartner Predictions 1 : 1. Every user is a consumer. 2. A competitive marketplace for identity services is evolving. 3. We will see the death of "least privilege. 4. Legacy pricing models will radically change. 5. Context-based attributes will be the dominant mechanism for access control 6. Identity analytics and intelligence (IAI) tools will deliver direct business value 7. The Internet of Things will redefine the concept of "identity management" to include what people own, share, and use. 1 Fontana, J., Seven ways identity, access management will change in the enterprise,
18 Identity Management in Healthcare Creation and management of individual digital identity for both providers and patients (and computing assets) For Providers (and all who require access to data), used for Authentication, Access Control and Audit For patients, used for the above, but this will also help with: Identifying the same individual across health care organizations using the attributes /identifier(s) specified as part of the identity
19 What is NSTIC? Called for in President s Cyberspace Policy Review (May 2009): a cybersecurity focused identity management vision and strategy that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation. National Strategy for Trusted Identities in Cyberspace NSTIC calls for a National Identity Ecosystem Guiding Principles Privacy-Enhancing and Voluntary Secure and Resilient Interoperable Cost-Effective and Easy To Use Calls for: an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities. 1 Source: Jeremy Grant, Senior Executive Advisor, Identity Management, National Strategy for Trusted Identities in Cyberspace (NSTIC), National Institute of Standards and Technology (NIST), HIMSS Annual Conference 2014, Session #78
20 NSTIC Healthcare Pilot 1 Cloud Based Strong Credentials + Privacy Barrier 1 Source: Dr. Marshall Ruffin, Chief Technology Officer, Inova Healthcare HIMSS Annual Conference 2014 Session #78
21 What We Learned from the Healthcare Pilot Use of Digital Credentials provides the following benefits 1 : Increased Security Enhanced Privacy Reduced Cost Ability to leverage multiple credential types (incl. 3 rd party credentials) Consistent authentication mechanism Decreased administrative and maintenance overhead Positive perception to patients and providers 1 Source: Dr. Marshall Ruffin, Chief Technology Officer, Inova Healthcare HIMSS Annual Conference 2014 Session #78
22 What Does All of This Mean? In the immediate future, we will be able to: Create and Use a Multi-factor, Multi-level of Assurance Digital Identity for a patient (consumer) Link Patient Records using better quality data elements and with better assurance In the near future, we will migrate to use of Trustmarks or Componentized Trust : Patient Identity Communication of Trust Across Trust Frameworks: Hospital to Hospital HIE to HIE, etc.
23 How will this help with Medical Identity Theft? Strong Authentication Prevents inappropriate access Including Identity Proofing - Patient authentication includes ensuring that patients receiving services are the individuals they claim to be. Technology Solutions Digital Identity, deployed by/using: Digital Identity services Biometrics Smart chips (embedded in cell phones) Smart cards 1 - Booz Allen Hamilton, Medical Identity Final Report, prepared for U.S. Department of Health and Human Services, January 15, 2009, Page 16
24 QUESTIONS?
25 Lisa Gallagher, BSEE, CISM, CPHIMS, FHIMSS VP, Technology Solutions,
National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity
National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything
More informationIdentity: The Key to the Future of Healthcare
Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital
More informationAn Introduction to Global Patient Identifiers, Inc. December, 2014
An Introduction to Global Patient Identifiers, Inc. December, 2014 Motivation To save a life is a beautiful thing. To save 1,000 lives is almost inconceivable. Barry Hieb, M.D., GPII Chief Scientist 2
More informationTrusted Identities for Electronic Health Records A National Strategy
Trusted Identities for Electronic Health Records A National Strategy Jeremy Grant Senior Executive Advisor, Identity Management (NSTIC) National Institute of Standards and Technology (NIST) 1 Why does
More informationOnline Identity Attribute Exchange 2013-2014 Initiatives
Online Identity Attribute Exchange 2013-2014 Initiatives Agenda Overview AXN Services Framework Demonstration NSTIC Pilots Summary ABAC Services Attribute Exchange Network Page 2 AXN - Enabling IT & Other
More information2009 HIMSS Security Survey
2009 HIMSS Security Survey Statement to the HIT Standards Committee Privacy and Security Workgroup Lisa Gallagher, BSEE, CISM, CPHIMS Healthcare Information and Management Systems Society Secretary Chopra,
More informationThe Growing Threat of Medical Identity Fraud: A Call to Action. Presented by: Bill Barr, Development Coordinator, MIFA
The Growing Threat of Medical Identity Fraud: A Call to Action Presented by: Bill Barr, Development Coordinator, MIFA Agenda Review the challenge and cost of medical identity theft and resulting fraud
More informationBiometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19
Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19 Andrew Sessions, Abel Sussman Biometrics Consortium Conference Agenda
More informationIDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers
IDENTITY & ACCESS Providing Cost-Effective Strong Authentication in the Cloud a brief for cloud service providers Introduction Interest and use of the cloud to store enterprise resources is growing fast.
More informationOnline Identity Attribute Exchange 2013-2014 Initiatives
Online Identity Attribute Exchange 2013-2014 Initiatives Agenda Overview AXN Services Framework Demonstration NSTIC Pilots Summary ABAC Services Attribute Exchange Network Page 2 AXN - Enabling IT & Other
More informationStrategic Healthcare IT Advanced Research. SHARPS Project and ILHIE Prototype June 26, 2013
Strategic Healthcare IT Advanced Research Projects on Security (SHARPS) SHARPS Project and ILHIE Prototype June 26, 2013 Strategic Health IT Advanced Research Projects (SHARP) SHARP Area 1 Security and
More informationRECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP
RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP 1. Identity Ecosystem Steering Group Charter The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy), signed by President
More informationAn NSTIC-Compliant Identity Ecosystem For Preventing Consumer Identity Theft
An NSTIC-Compliant Identity Ecosystem For Preventing Consumer Identity Theft Executive Summary Bob Pinheiro Robert Pinheiro Consulting LLC nstic@bobpinheiro.com This note proposes that emerging NSTIC-compliant
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationHealthcare Information Security Today
Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationHow TraitWare TM Can Secure and Simplify the Healthcare Industry
How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability
More informationDeveloping Secure Software in the Age of Advanced Persistent Threats
Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer
More informationFIDO Modern Authentication Rolf Lindemann, Nok Nok Labs
Rolf Lindemann, Nok Nok Labs cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 Authentication in Context Single Sign-On Modern Authentication Federation
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationWhite Paper. Data Breach Mitigation in the Healthcare Industry
White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information 4 2.1
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationThe Identity Ecosystem Strategy
National Strategy for Trusted Identities in Cyberspace Creating Options for Enhanced Online Security and Privacy Draft Table of Contents EXECUTIVE SUMMARY... 1 INTRODUCTION... 4 CURRENT LANDSCAPE... 4
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationMobile Computing in Healthcare: Privacy and Security Considerations and Available Resources
Mobile Computing in Healthcare: Privacy and Security Considerations and Available Resources HOA Mobility Conference Sept 27, 2012 Speaker Lisa A. Gallagher, BSEE, CISM, CPHIMS Senior Director, Privacy
More informationThe Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap
The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap AAMVA Region I Conference E-ID, DLDV, and Privacy Conducting Business Securely
More informationBriefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.
Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the
More informationHealth & Life sciences breach security program. David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences
Health & Life sciences breach security program David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences Overview 1. Healthcare Security Research / Directions 2. Healthcare
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationUsher Mobile Identity for Higher Education Institutions. Rebecca Parks Associate Product Manager, MicroStrategy
Usher Mobile Identity for Higher Education Institutions Rebecca Parks Associate Product Manager, MicroStrategy Agenda Overview of Mobile Identity Verify Personal ID Login to University Systems Unlock Doors
More informationDynamic Security for the Hybrid Cloud
Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationWHITEPAPER. Complying with the Red Flag Rules and FACT Act Address Discrepancy Rules
WHITEPAPER Complying with the Red Flag Rules and FACT Act Address Discrepancy Rules May 2008 2 Table of Contents Introduction 3 ID Analytics for Compliance and the Red Flag Rules 4 Comparison with Alternative
More informationNISTIC Pilot - Attribute Exchange Network. Biometric Consortium Conference - 2013
NISTIC Pilot - Attribute Exchange Network Biometric Consortium Conference - 2013 Market Development Startup (2011) Unrealized Large Market Potential Evolving Value Props & Use-Cases Evolving Tech/Policy
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationHow to get from laws to technical requirements
How to get from laws to technical requirements And how the OPM hack relates technology, policy, and law June 30, 2015 Isaac Potoczny-Jones ijones@galois.com www.galois.com Galois, Inc. Overview Outline!
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationPCI Security Standards Council
PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI
More informationMission Assurance and Security Services
Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page
More informationAttribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements
Joint White Paper: Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements Submitted Date: April 10, 2013 Submitted
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationFCCX Briefing. Information Security and Privacy Advisory Board. June 13, 2014
FCCX Briefing Information Security and Privacy Advisory Board June 13, 2014 1 Agenda Overview NSTIC FICAM Federal Cloud Credential Exchange Lessons Learned Enhancing Federation Privacy Questions 2 Challenge
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More information2010 Data Breach Investigations Report
2010 Data Breach Investigations Report Matthijs van de Wel Managing Principal Forensics EMEA 2010 Verizon. All Rights Reserved. PTE14626 07/10 PROPRIETARY STATEMENT This document and any attached materials
More informationBooz Allen Cloud Solutions. Our Capability-Based Approach
Booz Allen Cloud Solutions Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach In today s budget-conscious environment,
More informationThe High Price of Medical Identity Theft and Fraud
The High Price of Medical Identity Theft and Fraud Some Quick Facts 3 times more likely to be ID fraud victim if credit/debit card breached 1 New ID fraud victim every 2 seconds 2 Few adults are familiar
More informationHealthcare Utilizing Trusted Identity Credentials
Healthcare Utilizing Trusted NextgenID - Headquarters 10226 San Pedro Ave, Suite 100 San Antonio, TX 78216 (210) 530-9991 NextgenID - Washington DC 13454 Sunrise Valley Drive, Suite 430 Herndon, VA 20171
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationSix Challenges for the Privacy and Security of Health Information. Carl A. Gunter University of Illinois
Six Challenges for the Privacy and Security of Health Information Carl A. Gunter University of Illinois The Six Challenges 1. Access controls and audit 2. Encryption and trusted base 3. Automated policy
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationHealthcare Cybersecurity Themes for 2015....And What to do About Them Mark Coderre, OpenSky National Practice Director GRC & Security Services
Healthcare Cybersecurity Themes for 2015...And What to do About Them Mark Coderre, OpenSky National Practice Director GRC & Security Services February, 2015 Healthcare is clearly a growing cyberattack
More informationDeborah L. Lafky, Ph.D, CISSP Office of the National Coordinator for Health IT, Office of the Secretary, HHS
Health Information Technology and Privilege Management A Policy Agenda for Progress Deborah L. Lafky, Ph.D, CISSP Office of the National Coordinator for Health IT, Office of the Secretary, HHS All material
More informationTOP 3. Reasons to Give Insiders a Unified Identity
TOP 3 Reasons to Give Insiders a Unified Identity Although much publicity around computer security points to hackers and other outside attacks, insider threats can be particularly insidious and dangerous,
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationIdentity & Privacy Protection
Identity & Privacy Protection An Essential Component for a Federated Access Ecosystem Dan Turissini - CTO, WidePoint Corporation turissd@orc.com 703 246 8550 CyberSecurity One of the most serious economic
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationMobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager
Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords Mika Devonshire Associate Product Manager 1 Agenda 2 What is Cybersecurity? Quick overview of the core concepts 3 Cybercrime
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationWhy Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP
Why Cybersecurity Matters in Government Contracting Robert Nichols, Covington & Burling LLP Cybersecurity is the No. 1 Concern of General Counsel and Directors 2 Cybersecurity Concerns in the Government
More informationMobile Computing in Healthcare: Privacy and Security Considerations and Available Resources
Mobile Computing in Healthcare: Privacy and Security Considerations and Available Resources NIST/OCR Conference June 6, 2012 Speaker Lisa A. Gallagher, BSEE, CISM, CPHIMS Senior Director, Privacy and Security
More informationAdopting a Cybersecurity Framework for Governance and Risk Management
The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance
More informationTestimony of. Kevin Stine. Leader, Security Outreach and Integration Group. Computer Security Division. Information Technology Laboratory
Testimony of Kevin Stine Leader, Security Outreach and Integration Group Computer Security Division Information Technology Laboratory National Institute of Standards and Technology United States Department
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationHealthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council
Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,
More informationMANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security
MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security You re more connected, but more at risk too Enterprises are increasingly engaging with partners, contractors
More informationWearable Technology Evolution & Security: Grant Brown - Security Strategist Symantec
Wearable Technology Evolution & Security: Grant Brown - Security Strategist Symantec 3.58 KM 12.11 KPH 493 Calories 114 BPM WEARABLE TECH EVOLUTION AND SECURITY GRANT BROWN SECURITY STRATEGIST @thegrantbrown
More informationSECURING IDENTITIES IN CONSUMER PORTALS
SECURING IDENTITIES IN CONSUMER PORTALS Solution Brief THE CHALLENGE IN SECURING CONSUMER PORTALS TODAY The Bilateral Pull between Security and User Experience As the world becomes increasingly digital,
More informationTestimony of. Cita M. Furlani Director
Testimony of Cita M. Furlani Director Information Technology Laboratory National Institute of Standards and Technology United States Department of Commerce Joint Hearing Before the United States House
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationUnderstanding the Security & Privacy Rules associated with the HITECH and HIPAA Acts
Understanding the Security & Privacy Rules associated with the HITECH and HIPAA Acts July 2011 The Health Information Technology for Economic and Clinical Health (HITECH) Act requires covered entities
More informationIntegrity We are above reproach in everything we do.
Identity Theft Protection Program Compliance with FTC Red Flags Rule Approved by AHC Organizational Committee on: May 26 th, 2009 Electronic Copy Available on AHC s OIP Web Site Integrity We are above
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationSpotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper
Spotting ID Theft Red Flags A Guide for FACTA Compliance An IDology, Inc. Whitepaper With a November 1 st deadline looming for financial companies and creditors to comply with Sections 114 and 315 of the
More informationThe Impact of NSTIC on the Internal Revenue Service. Economic Case Study: Planning Report 13-2
Planning Report 13-2 Economic Case Study: The Impact of NSTIC on the Internal Revenue Service Prepared by: RTI International for National Institute of Standards & Technology July 2013 Contents Chapter
More informationCompliance Risk Management IT Governance Assurance
Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems
More information11/27/2015. Cyber Risk as a Component of Business Risk: Communicating with the C-Suite. Conflict of interest. Learning Objectives
Cyber Risk as a Component of Business Risk: Communicating with the C-Suite Jigar Kadakia DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily
More informationGood Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals
Good Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals and protect people, information, buildings, countries
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationProtecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11
Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total
More informationDEA's New Proposed Regulations For E-Prescribing
Portfolio Media, Inc. 648 Broadway, Suite 200 New York, NY 10012 www.law360.com Phone: +1 212 537 6331 Fax: +1 212 537 6371 customerservice@portfoliomedia.com DEA's New Proposed Regulations For E-Prescribing
More informationCyber ROI. A practical approach to quantifying the financial benefits of cybersecurity
Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9
More informationHEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY
More informationCritical Issues in Fraud Analytics
Critical Issues in Fraud Analytics ISACA - 2015 Presenter: Charles Faircloth, JD, CIG Faircloth Fraud Consulting Critical Issues in Fraud Analytics Introduction 1) Factors that drive fraud 2) Current fraud
More informationSOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS
SOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS The number of people in need of medical care in the world is continuously increasing, as evidenced by the evolving demographic outlook in both developed
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationA very incomplete history of medical data breaches
An Expanding Threat Spectrum for Health Information Technologies: Starting a Conversation Herb Lin Stanford University A very incomplete history of medical data breaches Name Date Number of people affected
More informationThe High Price of Medical Identity Theft and Fraud. Ann Patterson Medical Identity Fraud Alliance
The High Price of Medical Identity Theft and Fraud The High Price of Medical Identity Theft and Fraud Ann Patterson Medical Identity Fraud Alliance Medical Identity Theft Primer Includes theft of Protected
More informationDepartment of Homeland Security
Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationLeveraging Privileged Identity Governance to Improve Security Posture
Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both
More information