HIPAA Security Risk Analysis Baystate Health System ~ A Case Study ~ Information Security Officer & HIPAA Project Manager
|
|
- Felix Mason
- 8 years ago
- Views:
Transcription
1 HIPAA Security Risk Baystate Health System ~ A Case Study ~ Presented by Jim DiDonato Information Security Officer & HIPAA Project Manager
2 Agenda Description of Baystate Strategy for Risk Analysis Researching HIPAA Risk Analysis Decision Time Do it in-house, externally or with software tool Vendor Selection Process On-site vendor work Off-site vendor work Results Lessons Learned
3 Description of Baystate 699 beds 572 Baystate Medical Center, Springfield, Ma 96 Franklin Medical Center, Greenfield, Ma. 31 Mary Lane Hospital, Ware, Ma. Also include: numerous outpatient facilities and programs, an ambulance company, home care and hospice services, employed primary care provider group with multiple sites 9,000 employees in Mass, Ct, Vt & NH $1.4 billion gross revenue Named one of the nation s top 50 integrated healthcare networks
4 Strategy for Risk Analysis Self-education ~ What is it that I need to do? Follow NIST ~ Not required, but best practice Scope: Entire health system & ephi as well as sensitive business information Use Final Recommendations in Workplan Pre-April 05 completion Post-April 05 completion Use new skills for future risk management plan ~ On-going compliance
5 Researching HIPAA Risk Analysis (climbing the learning curve) Read NIST Special Publication , Risk Management Guide for Information Technology Systems Attend conferences and WEDI/SNIP RSA workshops New England HIPAA Workgroup (NEHW) Held conference calls with consultants & software vendors ~ with Baystate team
6 Decision Time Do it in-house, externally or with software tool? Considered availability of internal staff support Considered skill set of internal staff support Considered cost & availability of funding Considered internal, competing HIPAA security and organizational initiatives Considered software options and consultant firms Decision ~ Engage outside consulting firm
7 Vendor Selection Process Build skill-set for internal 4-member team Reviewed sample risk analysis proposals, statements of work and final deliverables from consulting firms Provided potential firms with Baystate s IT & Organizational profile Developed RFP for half dozen firms based on initial conference calls Developed comparison table Conducted reference checks Held follow-up discussions with consulting firms
8 On-site vendor work Team of consultants Held initial Kick-off meeting early Monday morning for selected IT & client staff/managers Full week of interviews & facility tours Internal network vulnerability scans Modem sweeps Additional information gathering Policies Network diagrams Sample forms and other documents requested during interviews.
9 Off-site vendor work Review & analyze documentation External vulnerability testing Develop final deliverables Identify security risk to IT assets, including Electronic protected health information Business Data IT infrastructure components A documented risk analysis covering both EPHI and business data Identification of threats, vulnerabilities, likelihood of threat occurrence Documentation of current safeguards in place Recommendations to remediate vulnerabilities and to address risk Description of the impact of each recommendation Prioritized Recommendations A work plan outlining the steps and estimated costs for completing any remediation (risk management plan)
10 Results 1 undocumented WAP Windows server admin accounts with blank passwords MSSQL admin accounts with blank passwords 4 default FTP accounts Rogue modems (PCAnywhere) Medical Records moved by courier without sufficient tracking & receipt Risk Mgmt & Facilities Planning Depts not integrated into business resumption planning No media classification policy
11 Lessons Learned Learn as much as you can about the standards NIST, Octave, etc. and the Various consulting firm methodologies What s the difference in scope, staffing, report, etc What altitude are they working at (50,000 ft? 5,000 ft?) Ensure internal team skill-set & communication Understand the detailed plans & duration of the on-site visit ~ week by week Ensure you can provide close supervision & have knowledge sharing ~ learn from the experience.
12 Contact Information Jim DiDonato Information Security Officer & HIPAA Project Manager Phone: (413)
Assessing Your HIPAA Compliance Risk
Assessing Your HIPAA Compliance Risk Jennifer Kennedy, MA, BSN, RN, CHC National Hospice and Palliative Care Organization HIPAA Security Rule All electronic protected health information (PHI and EPHI)
More informationFLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY. Request for Quote for Performance of Security Risk Assessment
FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSTY 1. Overview Request for Quote for Performance of Security Risk Assessment The Florida Agricultural and Mechanical University ( FAMU ) is seeking a qualified
More informationQ&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015
Q&A ADDENDUM FOR INFORMATION SECURITY VULNERABILITY ASSESSMENT PUBLISHED 10/20/2015 UPDATE HISTORY: 10/21/2015 10/30/2015 11/5/2015 Questions submitted by Proposers All proposers should reference the following
More informationHow to Use the NYeC Privacy and Security Toolkit V 1.1
How to Use the NYeC Privacy and Security Toolkit V 1.1 Scope of the Privacy and Security Toolkit The tools included in the Privacy and Security Toolkit serve as guidance for educating stakeholders about
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationOfficial Audit Report Issued July 27, 2015
Official Audit Report Issued July 27, 2015 (MassHealth) Review of Radiology Claims Submitted by Baystate Mary Lane Hospital For the period January 1, 2013 through December 31, 2014 State House Room 230
More informationPreparing for HIPAA and Meaningful Use Compliance Audits
Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com
More informationConducting Your HIPAA Risk Analysis Top Ten Steps
Conducting Your HIPAA Risk Analysis Top Ten Steps You will just hear silence on the line until the Webinar begins and the WEDI moderator opens up all phone lines. Lesley Berkeyheiser & Mark Cone, Principals,
More informationADDENDUM #1 REQUEST FOR PROPOSALS 2015-151
ADDENDUM #1 REQUEST FOR PROPOSALS 2015-151 HIPAA/HITECH/OMNIBUS Act Compliance Consulting Services TO: FROM: CLOSING DATE: SUBJECT: All Potential Responders Angie Williams, RFP Coordinator September 24,
More informationServer Management-Scans & Patches
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Server Management-Scans & Patches Report No. 14-11 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West
More informationTaking Information Security Risk Management Beyond Smoke & Mirrors
Taking Information Security Risk Management Beyond Smoke & Mirrors Evan Wheeler Omgeo Session ID: GRC-107 Insert presenter logo here on slide master. See hidden slide 4 for directions Session Classification:
More informationAfter reviewing all the questions, the most common and relevant questions were chosen and the answers are below:
2015 007 After reviewing all the questions, the most common and relevant questions were chosen and the answers are below: 1. Is there a proposed budget for this RFP? No 2. What is the expect duration for
More informationEnterprise Information Technology Security Assessment RFP Answers to Questions
Enterprise Information Technology Security Assessment RFP Answers to Questions GENERAL QUESTIONS Q: How do the goals of the security assessment relate to improving the way VEIC does business? A: Security
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security
More informationNetwork Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationNetwork Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients
Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc. Head Office 170 422 Richards Street, Vancouver BC, V6B 2Z4 E-mail: info@networktestlabs.com
More informationHIPAA Compliance Review Analysis and Summary of Results
HIPAA Compliance Review Analysis and Summary of Results Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) Reviews 2008 Table of Contents Introduction 1 Risk
More informationVendor Questions and Answers
OHIO DEFERRED COMPENSATION REQUEST FOR PROPOSALS (RFP) FOR COMPREHENSIVE SECURITY ASSESSMENT CONSULTANT Issue Date: December 7, 2016 Written Question Deadline: January 11, 2016 Proposal Deadline: RFP Contact:
More informationPenetration Testing. I.T. Security Specialists. Penetration Testing 1
Penetration I.T. Security Specialists ing 1 about us At Caretower, we help businesses to identify vulnerabilities within their security systems and provide an action plan to help prevent security breaches
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationHIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures
HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures Don Hewitt and Chris Goggans March 1, 2001 Copyright 2001 by Security Design International, Inc. 1 Agenda The Proposed Rule
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationThis is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the
This is the third and final presentation on HIPAA Security Administrative Safeguards. This presentation focuses on the last 2 standards under the HIPAA Security rule: Contingency planning and evaluation.
More informationImplementing Your EHR
Implementing Your EHR Webinar Schedule Optimizing your EHR for Quality Improvement March 23 and 26 Session Objectives Apply best practices for system implementation Evaluate staffing needs for the EHR
More informationHIPAA Privacy, Security and Breach Notification Audits
HIPAA Privacy, Security and Breach Notification Audits Program Overview & Initial Analysis Verne Rinker JD, MPH 2013 NIST / OCR Security Rule Conference May 21-22, 2013 Program Mandate HITECH Act, Section
More informationHIPAA Security Series
7 Security Standards: Implementation for the Small Provider What is the Security Series? The security series of papers provides guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule
More informationMeaningful Use / HIPAA Security Risk Analysis for Medical Practices
Meaningful Use / HIPAA Security Risk Analysis for Medical Practices per 45 CFR 164.308(a)(1)(ii)(A) Bob Chaput, MA, CISSP, CHP, CHSS, MCSE CEO and Founder 800-704-3394 bob.chaput@clearwatercompliance.com
More informationSTATEMENT OF WORK FOR HIPAA SECURITY RISK ANALYSIS
STTEMENT OF WOK FO HIP SECUITY ISK NLYSIS pril 14, 2004 Prepared by: Bob Matthews HIP Compliance Services Manager HIP cademy 4320 Winfield oad Warrenville, IL 60555 www.hipcademy.net Contact: 877.899.9974
More informationInformation Security Office
Information Security Office SAMPLE Risk Assessment and Compliance Report Restricted Information (RI). Submitted to: SAMPLE CISO CIO CTO Submitted: SAMPLE DATE Prepared by: SAMPLE Appendices attached: Appendix
More informationCreating Stable Security & Compliance Relationships
Creating Stable Security & Compliance Relationships David Holtzman JD, CIPP/G VP, Compliance CynergisTek, Inc. James Wieland JD Principal Ober Kaler Welcome The slides for today s webinar are available
More informationAbout This Document. Response to Questions. Security Sytems Assessment RFQ
Response to Questions Security Sytems Assessment RFQ Posted October 1, 2015 Q: Which specific security assessment processes are sought for this engagement? The RFQ mentions several kinds of analysis and
More informationRFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
More informationHIPAA Risk Analysis By: Matthew R. Johnson GIAC HIPAA Security Certificate (GHSC) Practical Assignment Version 1.0 Date: April 12, 2004
HIPAA Risk Analysis By: Matthew R. Johnson GIAC HIPAA Security Certificate (GHSC) Practical Assignment Version 1.0 Date: April 12, 2004 Table of Contents Abstract... 3 Assignment 1 Define the Environment...
More informationPayment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment
Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Retail establishments have always been a favorite target of thieves and shoplifters, but today s worst criminals
More informationH.I.P.A.A. Compliance Made Easy Products and Services
H.I.P.A.A Compliance Made Easy Products and Services Provided by: Prevare IT Solutions 100 Cummings Center Suite 225D Beverly, MA 01915 Info-HIPAA@prevare.com 877-232-9191 Dear Health Care Professional,
More informationA HIPAA Security Incident and Investigation. It Can Happen to You.
A HIPAA Security Incident and Investigation. It Can Happen to You. Sandra L. Sessoms, RN, CPHQ, CHC Director, System Compliance Robert R. Michalski, CHC Chief Compliance Officer Baylor Health Care System
More informationState of New Hampshire
State of New Hampshire Department of Resources & Economic Development Office of Workforce Opportunity REQUEST FOR INFORMATION (RFI) 2015-160 FOR Baseline Administration, Maintenance, Support and Application
More informationAGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED
Michael Almvig Skagit County Information Services Director 1 AGENDA 1 2 HIPAA How Did Privacy The Breach Happen? HIPAA Incident Security Response 3 Corrective Action Plan 4 What We Learned Questions? ACRONYMS
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationSolution Briefing. Integrating the LogLogic API with NSN s Remediation & Escalation Mgmt. System
Solution Briefing Integrating the LogLogic API with NSN s Remediation & Escalation Mgmt. System Tim Larson August 2009 Introduction Nokia Siemens Network s environment Company: Leading provider of mobile
More informationSTATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT
1.0 Introduction UTILITIES desires to contract with a CONTRACTOR to conduct an in-depth cyber vulnerability assessment and physical penetration vulnerability assessment of our IT Infrastructure as outlined
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More information2016 OCR AUDIT E-BOOK
!! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that
More informationJuly 6, 2015. Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263
July 6, 2015 Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263 Re: Security Over Electronic Protected Health Information Report 2014-S-67
More informationREQUEST FOR PROPOSALS. Ambulance Services. The Town of Hardwick is seeking proposals for for the provision of Basic Life Support
REQUEST FOR PROPOSALS Ambulance Services The Town of Hardwick is seeking proposals for for the provision of Basic Life Support ( BLS ) and Advanced Life Support ( ALS ) ambulance services to the Town.
More informationCrosswalk Between Current and New PMP Task Classifications
Crosswalk Between Current and New PMP Task Classifications Domain 01 Initiating the Project Conduct project selection methods (e.g., cost benefit analysis, selection criteria) through meetings with the
More informationSecure Endpoint Management. Presented by Kinette Crain and Brad Lewis
Secure Endpoint Management Presented by Kinette Crain and Brad Lewis Brad Lewis Brad Lewis - Service Specialist 14 years of IT experience In-House Support Manager Network Administrator Assessing Risk:
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationPreparing for the HIPAA Security Rule
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
More informationInformation Technology Project Oversight Framework
i This Page Intentionally Left Blank i Table of Contents SECTION 1: INTRODUCTION AND OVERVIEW...1 SECTION 2: PROJECT CLASSIFICATION FOR OVERSIGHT...7 SECTION 3: DEPARTMENT PROJECT MANAGEMENT REQUIREMENTS...11
More informationHIPAA Security & Compliance
Creative Mind. Creative Heart. Creative Care. 2014 WALA Spring Conference HIPAA Security & Compliance Jeff Grady Thursday, March 27 10:30 am HIPAA Security & Compliance A TIME FOR ACTION Jeff Grady, Senior
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationRFP IT002PACE. Questions & Answers
RFP IT002PACE Questions & Answers 1. Please provide the total number of devices at each campus required for the assessment i.e. inventory at the higher level along with its brief description. 2. Approximately
More informationCustomer Success Story. Central Logic. Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance.
Customer Success Story Central Logic Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance. Page 2 of 6 Central Logic Comprehensive SRA helps healthcare
More informationHIPAA SECURITY RISK ANALYSIS FORMAL RFP
HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,
More informationVA Medical Device Protection Program (MDPP)
VA Medical Device Protection Program (MDPP) Presented to National Institute for Standards and Technology (NIST) Health Security Conference May 11, 2011 Table of Contents Introduction MDPP Timeline and
More informationHow To Prepare For A Disaster
Building an effective Tabletop Exercise Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 3/26/2013 #1 Continuity Plan Testing Flowchart 3/26/2013 #2 1 Ongoing Multi-Year
More informationExecutive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014
Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to
More informationHosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE
Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance
More information11th AMC Conference on Securely Connecting Communities for Improved Health
11th AMC Conference on Securely Connecting Communities for Improved Health Information Security Testing How Do AMCs Ensure Your Networks are Secure June 22, 2015 Ray Hillen, Dennis Schmidt, Adam Bennett
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationRISK ASSESSMENT On IT Infrastructure Mr Pradhan P L & Prof P K Meher
RISK ASSESSMENT On IT Infrastructure Mr Pradhan P L & Prof P K Meher Objective: To develop risk assessment method to safeguard or protect of Information System assets of an organization. Element that identify
More informationState of South Carolina Policy Guidance and Training
DRAFT For Discussion Purposes Only State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Information Systems (IS) Acquisitions, Development, and Maintenance Policy April/May
More informationMicrosoft Baseline Security Analyzer (MBSA)
Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) is a software tool released by Microsoft to determine security state by assessing missing security updates and lesssecure
More informationOutline. Outline. What is HIPAA? I. HIPAA Compliance II. Why Should You Care? III. What Should You Do Now?
Outline MOR-OF Education and Medical Expo August 23, 2014 Tatiana Melnik Melnik Legal PLLC tatiana@melniklegal.com 734-358-4201 Tampa, FL I. HIPAA Compliance II. Why Should You Care? A. Market Pressure
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationMasters Nursing, University of Hartford, West Hartford, Connecticut (1998).
RESUME OF: Micheline M. Asselin EDUCATION: National Board for Certification of Hospice and Palliative Nurses, 2001 Masters Nursing, University of Hartford, West Hartford, Connecticut (1998). Masters Public
More informationHIPAA Reality Check: The Gap Between Execs and IT March 1, 2016
HIPAA Reality Check: The Gap Between Execs and IT March 1, 2016 Brand Barney, Security Assessor Conflict of Interest Has no real or apparent conflicts of interest to report. Agenda Healthcare status HIPAA
More informationNIST National Institute of Standards and Technology
NIST National Institute of Standards and Technology Lets look at SP800-30 Risk Management Guide for Information Technology Systems (September 2012) What follows are the NIST SP800-30 slides, which are
More informationCyber Security An Exercise in Predicting the Future
Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationDOCUMENT SCANNING SERVICES
REQUEST FOR PROPOSAL FOR DOCUMENT SCANNING SERVICES ISSUING OFFICE RECORDS IMPROVEMENT COMMITTEE OF COUNTY OF FRANKLIN, PA RFP NUMBER 2015172-3 DATE OF ISSUANCE MARCH 23, 2015 CONTENTS I. INTRODUCTION
More informationProject Managing to Support Change. Cathryn Stam, PMP Tina Salaris, RN, PMP
Project Managing to Support Change Cathryn Stam, PMP Tina Salaris, RN, PMP Project Managing to Support Change Change is a constant in life People by nature do not like change Whether redesigning processes
More informationEnforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance
Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Iliana Peters, JD, LLM, HHS Office for Civil Rights Kevin
More informationPerforming a Comprehensive Security Risk Assessment. Kate Borten, CISSP President, The Marblehead Group
Performing a Comprehensive Security Risk Assessment Kate Borten, CISSP President, The Marblehead Agenda Definitions Two Methodologies Self-Assessment Comprehensive Risk Assessment Practical Pointers Definitions
More informationProperty of CampusGuard. Compliance With The PCI DSS
Compliance With The PCI DSS Today s Agenda PCI DSS Introduction How are Colleges and Universities Affected? How Do You Validate Compliance? Best Practices Q&A CampusGuard Full-Service QSA/ASV Firm We Know
More informationRequest for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004. Addendum 1.0
Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP #12-680-004 Addendum 1.0 ISSUE DATE: February 23, 2012 Receipt of this addendum should be acknowledged on the Proposal Form. Inquiries
More informationPROJECT MANAGEMENT TECHNIQUES FOR NON-PROJECT MANAGERS. Session 2
PROJECT MANAGEMENT TECHNIQUES FOR NON-PROJECT MANAGERS Session 2 Agenda Introduction Project Management Overview Project Management Concepts Project Management Techniques BC Technology Summary Q&A Introduction
More informationEnabling Solutions for HIPAA Compliance. Presented by: Mike McDermand
Enabling Solutions for HIPAA Compliance Presented by: Mike McDermand HIPAA Agenda About Computer Associates International, Inc. (CA) AHA HCCA HIPAA security survey Summary results Highlights of responses
More informationTwo Approaches to PCI-DSS Compliance
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationStraight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes
Watch the Replay Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes FairWarning Executive Webinar Series May 20, 2014 #AnytimeAudit Today s Panel Laura E. Rosas, JD, MPH
More informationIntroduction to the ITS Project Management Methodology
Introduction to the ITS Project Management Methodology In September 1999 the Joint Legislative Committee on Performance Evaluation and Expenditure Review (PEER) produced a report entitled Major Computer
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationHow to prepare your organization for an OCR HIPAA audit
How to prepare your organization for an OCR HIPAA audit Presented By: Mac McMillan, FHIMSS, CISM CEO, CynergisTek, Inc. Technical Assistance: 978-674-8121 or Amanda.Howell@iatric.com Audio Options: Telephone
More informationWHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery
WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006 HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed
More informationMeaningful Use Audits. NextGen Physician Consulting Services
Meaningful Use Audits NextGen Physician Consulting Services Agenda Audit Overview Documentation for measures requiring numerator and denominator data Documentation for attestation only measures Security
More informationHIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHIPAA: Compliance Essentials
HIPAA: Compliance Essentials Presented by: Health Security Solutions August 15, 2014 What is HIPAA?? HIPAA is Law that governs a person s ability to qualify immediately for health coverage when they change
More informationSecurity. aspen advisors. An Often Overlooked Meaningful Use Requirement. July 2011
Security An Often Overlooked Meaningful Use Requirement July 2011 aspen advisors Table of Contents Why Perform a Risk Analysis?... 1 How to Conduct a Risk Analysis?... 1 When to do a Risk Analysis?...
More information