Data Security in a Mobile, Cloud-Based World
|
|
- Cody Montgomery
- 8 years ago
- Views:
Transcription
1 Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1
2 Trends Mobile Has Taken Over Trend #1 2
3 3
4 450 million users worldwide Adopted primarily outside of the U.S. More messages sent than SMS worldwide More photos sent than Facebook $19,000,000,000 Acquisition price by Facebook 2/19/2014 4
5 5
6 6
7 7
8 8
9 The Cloud is Taking Over Trend #2 What is the Cloud? 9
10 Services Delivered Over the Internet Three Key Service Models Infrastructure as a Service (IaaS) Platforms as a Service (PaaS) Software as a Service (SaaS) 10
11 Infrastructure as a Service Replaces physical devices you would normally host Virtual Servers Virtual Storage Virtual Network Equipment Platform as a Service Hosted Application Program Interfaces (APIs) Development environments Mapping APIs Telephony APIs 11
12 Software as a Service Hosted software delivered over the Internet Productivity Software Electronic Health Records Customer Relationship Management Helpdesk Human Resources General Ledger Enterprise Resource Planning Appointment Reminders Other things Benefits of the Cloud Speed Cost (expense vs. asset) Scale Updates Security (reduced on-device storage) 12
13 Google Apps for Nonprofits Google Vault 13
14 SaaS vs. Legacy Stock Performance 14
15 Software is Eating the World Marc Andreessen Today every company is, in some form, a software company. 15
16 Industrial Economy HQ-Oriented, processcentric workplace Analog products, onesize-fits-all System-centric backoffice IT Information Economy Distributed, mobile, dynamic, agile workplace Digital, smart, predictive products User-centric, simple frontoffice IT Compliance Trend #3 16
17 Security Laws HIPAA (and HITECH/HIPAA) FTC Act section 5 (unfair and deceptive practice) State breach laws State information security laws (201 CMR 17 is the strictest in the country) State-specific laws for specific medical conditions Protected Health Information 1. Names; 2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code; 3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; 4. Phone numbers; 5. Fax numbers; 6. Electronic mail addresses; 7. Social Security numbers; 8. Medical record numbers; 9. Health plan beneficiary numbers; 10. Account numbers; 11. Certificate/license numbers; 12. Vehicle identifiers and serial numbers, including license plate numbers; 13. Device identifiers and serial numbers; 14. Web Universal Resource Locators (URLs); 15. Internet Protocol (IP) address numbers; 16. Biometric identifiers, including finger and voice prints; 17. Full face photographic images and any comparable images; and 18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data) 17
18 State Standards MA P.I.I. A Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) Driver's license number or state-issued identification card number; or (c) Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident s financial account HIPAA BAAs all the way down 18
19 Big vendors will now sign BAAs Beware of service limitations 19
20 Risks Reviewed mandatory breach reporting data breaches > 500 individuals` 20
21 21
22 Theft + Loss = 82% of records Electronic Media = 96% of records 22
23 23
24 Breach Notification U.S. states have 47 breach notice laws HIPAA is the only federal breach notice law, and it only applies to HIPAA CEs and BAs HIPAA breach standard was tightened in 2013 Risk analysis required if not reporting Breach Notification Breach means the acquisition, access, use, or disclosure of PHI in a manner not permitted which compromises the security or privacy of the PHI Breach response often involves staggering cost and distraction Breach notices often trigger penalties and lawsuits 24
25 Breach Notification Requires immediate notification of Federal Gov t > 500 individuals affected Annual notification < 500 individuals Notification to a major media outlet Listed on public website ( public shaming ) Individual notification to patients Penalties range from $10,000 - $1.5M De-identification of PHI/PII 25
26 Recommendations DLP: Data Loss Prevention 26
27 Safe Harbor - Algorithmic Process The use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key 45 CFR
28 ENCRY - PTION FULL 28
29 DISK ENCRY - PTION 29
30 FULL DISK 30
31 ENCRY - PTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION 31
32 HIPAA Safe Harbor No breach reporting 32
33 Supported by all 4 major Operating Systems Control Panel > System and Security Microsoft Bitlocker Windows Vista, 7, 8 (Pro) Transparent operation TPM, USB, PIN 33
34 OS X FileVault OS X Transparent operation Preferences > Security & Privacy Android Encrypt Phone Android 3.0+ Transparent operation Requires PIN Settings > Security 34
35 iphone + ipad ios 3.0+ Just use a PIN Settings > General > Passcode Lock Touch ID Same as a PIN, even more secure 35
36 Unless you have 3 rd party software Windows XP, 2000 laptops OS X before 10.3 Panther Android 2.X Phones/Tablets Original iphones may be at risk! So, about Windows XP Security updates, support have ended Windows XP machines storing PHI are likely not HIPAA compliant It is strongly suggested that you have a migration plan at least don t use Internet Explorer 36
37 Required by 201 CMR (5) Encryption of all personal information stored on laptops or other portable devices Require Full Disk Encryption Recommendation #1 37
38 Create BYOD Policies Recommendation #2 Bring Your Own Device (BYOD) 68% CIOs support BYOD in some form 46% enforce device security Concerns: Lost & stolen devices (78%), corporate information on personal cloud storage (36%) Company information on personal devices is a done deal InformationWeek Mobile Security Survey, 4/
39 When strong winds blow, don t build walls but rather windmills. Nassim Taleb 39
40 Bring Your Own Device (BYOD) Technical Approach (MDM) Roles & Responsibilities Users Purchasing Helpdesk Training Privacy of user data Security Transmission At-rest Plans & Carriers Apps Asset Tracking Incentives BYOD Agreements Determines eligibility Defines reimbursement levels Explains security considerations Defines acceptable use Sets support expectations Notifies of remote wipe policy 40
41 Implement Mobile Device Management (MDM) Recommendation #3 Mobile Device Management (MDM) Management tools for mobile devices On-Premises or SaaS 41
42 MDM Enrollment Text message Web address MDM Security Require device encryption Require passcodes & enforce policies Install VPN 42
43 MDM Workflow Install apps Add Wifi Passwords Install accounts Limit sharing of corporate resources Add bookmarks MDM Device Management Remove corporate assets when employee leaves Wipe device if stolen/lost 43
44 Two-Factor Authentication 44
45 Unified Threat Management (UTM) Recommendation #4 45
46 Components of UTM Firewall Intrusion Prevention Antivirus / Antispam VPN Content Filtering DLP strategies Examples Prevent use of USB sticks Implement web filtering Dropbox, Google Drive, etc. Review Instant Messaging, filters, secure Use VPN, Citrix, remote access to EHR Automate Patch management/malware/spyware scanning Deploy OpenDNS, etc. 46
47 Remember: Mobile & Cloud Security is Just Security Develop written infosec plan Assign Security & Privacy officer Lock out terminated employees Manage 3 rd -parties Restrict physical access to PHI Document incidents & breaches Use Single Sign-On Password complexity & resets Block after multiple attempts Encrypt data in transit (especially over wifi) Monitor systems Use firewalls Educate and train employees on computer security 47
48 HHS Resources healthit.gov/mobiledevices Q&A Jacob Buckley-Fortin ehana 48
HIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationUniversity of Cincinnati Limited HIPAA Glossary
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationData Security Considerations for Research
Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationEndUser Protection. Peter Skondro. Sophos
EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application
More informationLA BioMed Secure Email
INFORMATION SYSTEMS LA BioMed Secure Email Los Angeles Biomedical Research Institute at Harbor-UCLA 1124 W Carson St Bldg E2.5 Phone 310.222.1212 Table of Contents Intended Audience... 1 Purpose... 1 When
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More informationDe-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "
De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies
More informationInformation Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA - 1996 O HITECH - 2009
More informationInformation Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationHIPAA-Compliant Research Access to PHI
HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for
More informationData Security Basics: Helping You Protect You
Data Security Basics: Helping You Protect You Why the Focus on Data Security? Because ignoring it can get you: Fined Fired Criminally Prosecuted It can also impact your ability to get future funding, and
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationPresented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationMobile Devices Policy
Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records
More informationDe-Identification of Clinical Data
De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008 1 1 Slide 1 cmw1 Craig M. Winter, 4/25/2008 Background
More informationProtecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)
Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting
More informationSystems Manager Cloud Based Mobile Device Management
Datasheet Systems Manager Systems Manager Cloud Based Mobile Device Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, and monitoring of the
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More information1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5
User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation
More informationHIPAA Compliance Issues and Mobile App Design
HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies
More information5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet
5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationHow to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008
How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption
More informationHow To Understand The Health Insurance Portability And Accountability Act (Hipaa)
Common HIPAA Risks & The New HITECH Final Rule Eric W. Humes 1 What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to protect the privacy of patient
More informationHIPAA COMPLIANCE. What is HIPAA?
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
More informationIT Resource Management & Mobile Data Protection vs. User Empowerment
Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationIAPP Practical Privacy Series. Data Breach Hypothetical
IAPP Practical Privacy Series Data Breach Hypothetical Presented by: Jennifer L. Rathburn, Partner, Quarles & Brady LLP Frances Wiet, CPO and Assistant General Counsel, Takeda Pharmaceuticals U.S.A., Inc.
More informationTaking Charge with Apps, Policy, Security and More. October 2, 2010 Hilton Alexandria Mark Center Alexandria, Virginia
Taking Charge with Apps, Policy, Security and More October 2, 2010 Hilton Alexandria Mark Center Alexandria, Virginia http://pinterest.com/visualoop/byod-infographics/ vs. NSFW PSFW NSFW Security & Compliance
More informationHIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationTraining, Resources and Networking for the E-Discovery Community
ACA Reporting and the HIPAA Omnibus Final Rule: Privacy and Security Requirements Doubly Strengthened New HIPAA Requirements and data reporting rules will affect healthcare providers, plans, many employers
More informationFeature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT
Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT Feature Mobile Mobile OS Platform Phone 8 Symbian Android ios General MDM settings: Send SMS *(1 MOZO client settings (Configure synchronization
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationHIPAA-G04 Limited Data Set and Data Use Agreement Guidance
HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related
More informationDeploying iphone and ipad Mobile Device Management
Deploying iphone and ipad Mobile Device Management ios supports Mobile Device Management (MDM), giving businesses the ability to manage scaled deployments of iphone and ipad across their organizations.
More informationDSHS CA Security For Providers
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
More informationSymantec Mobile Management for Configuration Manager 7.2
Symantec Mobile Management for Configuration Manager 7.2 Scalable, Secure, and Integrated Device Management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices
More information[BRING YOUR OWN DEVICE POLICY]
2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2
More informationOWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.
OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android
More informationInformation Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA 1996 2 3 WHAT are the
More informationHIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information
More informationAdministrative Services
Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationthe American Recovery and Reinvestment Act of 2009
Policy Title: Policy Number: HIPAA Information 9.1.10 Security Category: Effective Date: Policy Owner: Information 10/01/2013 Sr. VP Academic Affairs Technology Prior Effective Date: & Provost N/A Sr.
More informationHIPAA and You The Basics
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
More informationAPPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION
APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according
More informationWhen enterprise mobility strategies are discussed, security is usually one of the first topics
Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced
More informationHIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
More informationIBM United States Software Announcement 215-078, dated February 3, 2015
IBM United States Software Announcement 215-078, dated February 3, 2015 solutions provide a comprehensive, secure, and cloud-based enterprise mobility management platform to protect your devices, apps,
More informationHealthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014
Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright
More informationSophos Mobile Control
Sophos Mobile Control Enterprise Mobility Management - simplifed Joanna Wziątek-Ładosz Sales Engineer, Sophos 1 Why Sophos for EMM? Simple to learn and to operate Comprehensive self-service portal to reduce
More information1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?
MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationIRB Policy for Security and Integrity of Human Research Data
IRB Policy for Security and Integrity of Human Research Data Kathleen Hay Human Subjects Protection Office Terri Shkuda Research Informatics & Computing, Information Technology Overview of Presentation
More informationAn Independent Member of Baker Tilly International
Healthcare Security and Compliance July 23, 2015 Presenters Kelley Miller, CISA, CISM - Principal Kelley.Miller@mcmcpa.com Barbie Thomas, MBA, CHC Barbie.Thomas@mcmcpa.com 2 Agenda Introductions Cybersecurity
More informationUser Manual for Version 4.4.0.5. Mobile Device Management (MDM) User Manual
User Manual for Version 4.4.0.5 Mobile Device Management (MDM) User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?...
More informationWindows Phone 8.1 Mobile Device Management Overview
Windows Phone 8.1 Mobile Device Management Overview Published April 2014 Executive summary Most organizations are aware that they need to secure corporate data and minimize risks if mobile devices are
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationSystems Manager Cloud-Based Enterprise Mobility Management
Datasheet Systems Manager Systems Manager Cloud-Based Enterprise Mobility Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, monitoring, and
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy
More informationAdams County, Colorado
Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents
More informationProtecting Your Data On The Network, Cloud And Virtual Servers
Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public
More informationSymantec Mobile Management Suite
Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the
More informationBYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective
BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center
More informationIbrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?
Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices
More informationCisco Mobile Collaboration Management Service
Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are
More informationEnterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationWashwood Heath Academy Use by staff of private communication devices policy
As a learning community, Washwood Heath Academy wants all staff and students to be able to be safe users of ICT and all data storage. The development of responsible, independent users is a prime aim of
More informationOverview of Microsoft Enterprise Mobility Suite (EMS) Cloud University
Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University www.infrontconsulting.com Global #1 on System Center Trusted for over a decade Microsoft Partner of the year 2012, 2013 & 2014 #1
More informationData Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series
Data Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series Denise Snyder, MS, RD, CSO, LDN Director, Research Management Team (RMT) Research Practices Manager, SON
More informationKeeping Data Safe. Patients, Research Subjects, and You
Keeping Data Safe Patients, Research Subjects, and You How do hackers access a system Hackers Lurking in Vents and Soda Machines By NICOLE PERLROTH APRIL 7, 2014 New York Times SAN FRANCISCO They came
More informationExtracting value from HIPAA Data James Yaple Jackson-Hannah LLC
Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Session Objectives Examine the value of realistic information in research and software testing Explore the challenges of de-identifying health
More informationProtecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015
Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what
More informationIRB, HIPAA, and Clinical Research
IRB, HIPAA, and Clinical Research A presentation by CHS Privacy and Security Offices UAB Institutional Review Board UAB Health System UAB/UABHS HIPAA Operations Team 1 Getting Started HIPAA 2 3 A Quick
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More information10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)
10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) CONTENT INTRODUCTION 2 SCOPE OF BEST PRACTICES 2 1. HAVE A POLICY THAT IS REALISTIC 3 2. TAKE STOCK USING A MULTIPLATFORM REPORTING AND INVENTORY TOOL...3
More informationJim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida
2015 SCCE Compliance & Ethics Institute Wednesday, October 7, 2015 (10:00 11:45) Session W14 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks, and
More informationPOLIC ANDP CEDURE. t/ 1 vhi4. Email Encryption 11/10/2018. Effective: 12/9/2015. HIPAA/Privacy. Policy. Last New policy Revised: Policy# 11.
Page 11 of 8 ALCOHOL, DRUG AND POLIC ANDP E T AL HEAL TH SERVICES CEDURE Section Sub-section Policy Compliance HIPAA/Privacy Policy# 11.xxx Email Encryption Director's Approval -+~,..._._-~"---------------
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationHealth Insurance Portability & Accountability Act (HIPAA) Compliance Application
Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT
More informationSymantec Mobile Management 7.1
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology,
More informationEncryption Buyers Guide
Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from
More informationONE Mail Direct for Mobile Devices
ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document
More information