Data Security in a Mobile, Cloud-Based World

Size: px
Start display at page:

Download "Data Security in a Mobile, Cloud-Based World"

Transcription

1 Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1

2 Trends Mobile Has Taken Over Trend #1 2

3 3

4 450 million users worldwide Adopted primarily outside of the U.S. More messages sent than SMS worldwide More photos sent than Facebook $19,000,000,000 Acquisition price by Facebook 2/19/2014 4

5 5

6 6

7 7

8 8

9 The Cloud is Taking Over Trend #2 What is the Cloud? 9

10 Services Delivered Over the Internet Three Key Service Models Infrastructure as a Service (IaaS) Platforms as a Service (PaaS) Software as a Service (SaaS) 10

11 Infrastructure as a Service Replaces physical devices you would normally host Virtual Servers Virtual Storage Virtual Network Equipment Platform as a Service Hosted Application Program Interfaces (APIs) Development environments Mapping APIs Telephony APIs 11

12 Software as a Service Hosted software delivered over the Internet Productivity Software Electronic Health Records Customer Relationship Management Helpdesk Human Resources General Ledger Enterprise Resource Planning Appointment Reminders Other things Benefits of the Cloud Speed Cost (expense vs. asset) Scale Updates Security (reduced on-device storage) 12

13 Google Apps for Nonprofits Google Vault 13

14 SaaS vs. Legacy Stock Performance 14

15 Software is Eating the World Marc Andreessen Today every company is, in some form, a software company. 15

16 Industrial Economy HQ-Oriented, processcentric workplace Analog products, onesize-fits-all System-centric backoffice IT Information Economy Distributed, mobile, dynamic, agile workplace Digital, smart, predictive products User-centric, simple frontoffice IT Compliance Trend #3 16

17 Security Laws HIPAA (and HITECH/HIPAA) FTC Act section 5 (unfair and deceptive practice) State breach laws State information security laws (201 CMR 17 is the strictest in the country) State-specific laws for specific medical conditions Protected Health Information 1. Names; 2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code; 3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; 4. Phone numbers; 5. Fax numbers; 6. Electronic mail addresses; 7. Social Security numbers; 8. Medical record numbers; 9. Health plan beneficiary numbers; 10. Account numbers; 11. Certificate/license numbers; 12. Vehicle identifiers and serial numbers, including license plate numbers; 13. Device identifiers and serial numbers; 14. Web Universal Resource Locators (URLs); 15. Internet Protocol (IP) address numbers; 16. Biometric identifiers, including finger and voice prints; 17. Full face photographic images and any comparable images; and 18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data) 17

18 State Standards MA P.I.I. A Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) Driver's license number or state-issued identification card number; or (c) Financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident s financial account HIPAA BAAs all the way down 18

19 Big vendors will now sign BAAs Beware of service limitations 19

20 Risks Reviewed mandatory breach reporting data breaches > 500 individuals` 20

21 21

22 Theft + Loss = 82% of records Electronic Media = 96% of records 22

23 23

24 Breach Notification U.S. states have 47 breach notice laws HIPAA is the only federal breach notice law, and it only applies to HIPAA CEs and BAs HIPAA breach standard was tightened in 2013 Risk analysis required if not reporting Breach Notification Breach means the acquisition, access, use, or disclosure of PHI in a manner not permitted which compromises the security or privacy of the PHI Breach response often involves staggering cost and distraction Breach notices often trigger penalties and lawsuits 24

25 Breach Notification Requires immediate notification of Federal Gov t > 500 individuals affected Annual notification < 500 individuals Notification to a major media outlet Listed on public website ( public shaming ) Individual notification to patients Penalties range from $10,000 - $1.5M De-identification of PHI/PII 25

26 Recommendations DLP: Data Loss Prevention 26

27 Safe Harbor - Algorithmic Process The use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key 45 CFR

28 ENCRY - PTION FULL 28

29 DISK ENCRY - PTION 29

30 FULL DISK 30

31 ENCRY - PTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION FULL DISK ENCRYPTION 31

32 HIPAA Safe Harbor No breach reporting 32

33 Supported by all 4 major Operating Systems Control Panel > System and Security Microsoft Bitlocker Windows Vista, 7, 8 (Pro) Transparent operation TPM, USB, PIN 33

34 OS X FileVault OS X Transparent operation Preferences > Security & Privacy Android Encrypt Phone Android 3.0+ Transparent operation Requires PIN Settings > Security 34

35 iphone + ipad ios 3.0+ Just use a PIN Settings > General > Passcode Lock Touch ID Same as a PIN, even more secure 35

36 Unless you have 3 rd party software Windows XP, 2000 laptops OS X before 10.3 Panther Android 2.X Phones/Tablets Original iphones may be at risk! So, about Windows XP Security updates, support have ended Windows XP machines storing PHI are likely not HIPAA compliant It is strongly suggested that you have a migration plan at least don t use Internet Explorer 36

37 Required by 201 CMR (5) Encryption of all personal information stored on laptops or other portable devices Require Full Disk Encryption Recommendation #1 37

38 Create BYOD Policies Recommendation #2 Bring Your Own Device (BYOD) 68% CIOs support BYOD in some form 46% enforce device security Concerns: Lost & stolen devices (78%), corporate information on personal cloud storage (36%) Company information on personal devices is a done deal InformationWeek Mobile Security Survey, 4/

39 When strong winds blow, don t build walls but rather windmills. Nassim Taleb 39

40 Bring Your Own Device (BYOD) Technical Approach (MDM) Roles & Responsibilities Users Purchasing Helpdesk Training Privacy of user data Security Transmission At-rest Plans & Carriers Apps Asset Tracking Incentives BYOD Agreements Determines eligibility Defines reimbursement levels Explains security considerations Defines acceptable use Sets support expectations Notifies of remote wipe policy 40

41 Implement Mobile Device Management (MDM) Recommendation #3 Mobile Device Management (MDM) Management tools for mobile devices On-Premises or SaaS 41

42 MDM Enrollment Text message Web address MDM Security Require device encryption Require passcodes & enforce policies Install VPN 42

43 MDM Workflow Install apps Add Wifi Passwords Install accounts Limit sharing of corporate resources Add bookmarks MDM Device Management Remove corporate assets when employee leaves Wipe device if stolen/lost 43

44 Two-Factor Authentication 44

45 Unified Threat Management (UTM) Recommendation #4 45

46 Components of UTM Firewall Intrusion Prevention Antivirus / Antispam VPN Content Filtering DLP strategies Examples Prevent use of USB sticks Implement web filtering Dropbox, Google Drive, etc. Review Instant Messaging, filters, secure Use VPN, Citrix, remote access to EHR Automate Patch management/malware/spyware scanning Deploy OpenDNS, etc. 46

47 Remember: Mobile & Cloud Security is Just Security Develop written infosec plan Assign Security & Privacy officer Lock out terminated employees Manage 3 rd -parties Restrict physical access to PHI Document incidents & breaches Use Single Sign-On Password complexity & resets Block after multiple attempts Encrypt data in transit (especially over wifi) Monitor systems Use firewalls Educate and train employees on computer security 47

48 HHS Resources healthit.gov/mobiledevices Q&A Jacob Buckley-Fortin ehana 48

HIPAA ephi Security Guidance for Researchers

HIPAA ephi Security Guidance for Researchers What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that

More information

University of Cincinnati Limited HIPAA Glossary

University of Cincinnati Limited HIPAA Glossary University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations

More information

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy

More information

Data Security Considerations for Research

Data Security Considerations for Research Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about

More information

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone

More information

EndUser Protection. Peter Skondro. Sophos

EndUser Protection. Peter Skondro. Sophos EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application

More information

HIPAA Privacy & Breach Notification Training for System Administration Business Associates

HIPAA Privacy & Breach Notification Training for System Administration Business Associates HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

LA BioMed Secure Email

LA BioMed Secure Email INFORMATION SYSTEMS LA BioMed Secure Email Los Angeles Biomedical Research Institute at Harbor-UCLA 1124 W Carson St Bldg E2.5 Phone 310.222.1212 Table of Contents Intended Audience... 1 Purpose... 1 When

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

Statement of Policy. Reason for Policy

Statement of Policy. Reason for Policy Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions

More information

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance  De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies

More information

Information Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?

Information Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done? Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA - 1996 O HITECH - 2009

More information

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done? Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514

More information

OCR/HHS HIPAA/HITECH Audit Preparation

OCR/HHS HIPAA/HITECH Audit Preparation OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education

More information

Mobile Devices Policy

Mobile Devices Policy Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records

More information

HIPAA-Compliant Research Access to PHI

HIPAA-Compliant Research Access to PHI HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for

More information

Data Security Basics: Helping You Protect You

Data Security Basics: Helping You Protect You Data Security Basics: Helping You Protect You Why the Focus on Data Security? Because ignoring it can get you: Fined Fired Criminally Prosecuted It can also impact your ability to get future funding, and

More information

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security

More information

HIPAA 101: Privacy and Security Basics

HIPAA 101: Privacy and Security Basics HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually

More information

De-Identification of Clinical Data

De-Identification of Clinical Data De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008 1 1 Slide 1 cmw1 Craig M. Winter, 4/25/2008 Background

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

Systems Manager Cloud Based Mobile Device Management

Systems Manager Cloud Based Mobile Device Management Datasheet Systems Manager Systems Manager Cloud Based Mobile Device Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, and monitoring of the

More information

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet 5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices

More information

Virginia Commonwealth University Information Security Standard

Virginia Commonwealth University Information Security Standard Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,

More information

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5 User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation

More information

HIPAA Compliance Issues and Mobile App Design

HIPAA Compliance Issues and Mobile App Design HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies

More information

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Common HIPAA Risks & The New HITECH Final Rule

Common HIPAA Risks & The New HITECH Final Rule Common HIPAA Risks & The New HITECH Final Rule Eric W. Humes 1 What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to protect the privacy of patient

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

IT Resource Management & Mobile Data Protection vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity

More information

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015 Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...

More information

IAPP Practical Privacy Series. Data Breach Hypothetical

IAPP Practical Privacy Series. Data Breach Hypothetical IAPP Practical Privacy Series Data Breach Hypothetical Presented by: Jennifer L. Rathburn, Partner, Quarles & Brady LLP Frances Wiet, CPO and Assistant General Counsel, Takeda Pharmaceuticals U.S.A., Inc.

More information

Taking Charge with Apps, Policy, Security and More. October 2, 2010 Hilton Alexandria Mark Center Alexandria, Virginia

Taking Charge with Apps, Policy, Security and More. October 2, 2010 Hilton Alexandria Mark Center Alexandria, Virginia Taking Charge with Apps, Policy, Security and More October 2, 2010 Hilton Alexandria Mark Center Alexandria, Virginia http://pinterest.com/visualoop/byod-infographics/ vs. NSFW PSFW NSFW Security & Compliance

More information

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability

More information

Training, Resources and Networking for the E-Discovery Community

Training, Resources and Networking for the E-Discovery Community ACA Reporting and the HIPAA Omnibus Final Rule: Privacy and Security Requirements Doubly Strengthened New HIPAA Requirements and data reporting rules will affect healthcare providers, plans, many employers

More information

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT Feature Mobile Mobile OS Platform Phone 8 Symbian Android ios General MDM settings: Send SMS *(1 MOZO client settings (Configure synchronization

More information

Deploying iphone and ipad Mobile Device Management

Deploying iphone and ipad Mobile Device Management Deploying iphone and ipad Mobile Device Management ios supports Mobile Device Management (MDM), giving businesses the ability to manage scaled deployments of iphone and ipad across their organizations.

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.

More information

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according

More information

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Management for Configuration Manager 7.2 Symantec Mobile Management for Configuration Manager 7.2 Scalable, Secure, and Integrated Device Management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices

More information

Sophos Mobile Control

Sophos Mobile Control Sophos Mobile Control Enterprise Mobility Management - simplifed Joanna Wziątek-Ładosz Sales Engineer, Sophos 1 Why Sophos for EMM? Simple to learn and to operate Comprehensive self-service portal to reduce

More information

Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014

Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright

More information

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related

More information

IBM United States Software Announcement 215-078, dated February 3, 2015

IBM United States Software Announcement 215-078, dated February 3, 2015 IBM United States Software Announcement 215-078, dated February 3, 2015 solutions provide a comprehensive, secure, and cloud-based enterprise mobility management platform to protect your devices, apps,

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

[BRING YOUR OWN DEVICE POLICY]

[BRING YOUR OWN DEVICE POLICY] 2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2

More information

Information Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?

Information Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done? Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA 1996 2 3 WHAT are the

More information

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work. OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android

More information

User Manual for Version 4.4.0.5. Mobile Device Management (MDM) User Manual

User Manual for Version 4.4.0.5. Mobile Device Management (MDM) User Manual User Manual for Version 4.4.0.5 Mobile Device Management (MDM) User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?...

More information

Administrative Services

Administrative Services Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

IRB Policy for Security and Integrity of Human Research Data

IRB Policy for Security and Integrity of Human Research Data IRB Policy for Security and Integrity of Human Research Data Kathleen Hay Human Subjects Protection Office Terri Shkuda Research Informatics & Computing, Information Technology Overview of Presentation

More information

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal

More information

HIPAA and You The Basics

HIPAA and You The Basics HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information

More information

Symantec Mobile Management Suite

Symantec Mobile Management Suite Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the

More information

Cisco Mobile Collaboration Management Service

Cisco Mobile Collaboration Management Service Cisco Mobile Collaboration Management Service Cisco Collaboration Services Business is increasingly taking place on both personal and company-provided smartphones and tablets. As a result, IT leaders are

More information

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution? MaaS360 FAQs This guide is meant to help answer some of the initial frequently asked questions businesses ask as they try to figure out the who, what, when, why and how of managing their smartphone devices,

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

When enterprise mobility strategies are discussed, security is usually one of the first topics

When enterprise mobility strategies are discussed, security is usually one of the first topics Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

HIPAA OVERVIEW ETSU 1

HIPAA OVERVIEW ETSU 1 HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security

More information

Systems Manager Cloud-Based Enterprise Mobility Management

Systems Manager Cloud-Based Enterprise Mobility Management Datasheet Systems Manager Systems Manager Cloud-Based Enterprise Mobility Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, monitoring, and

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy

More information

Windows Phone 8.1 Mobile Device Management Overview

Windows Phone 8.1 Mobile Device Management Overview Windows Phone 8.1 Mobile Device Management Overview Published April 2014 Executive summary Most organizations are aware that they need to secure corporate data and minimize risks if mobile devices are

More information

the American Recovery and Reinvestment Act of 2009

the American Recovery and Reinvestment Act of 2009 Policy Title: Policy Number: HIPAA Information 9.1.10 Security Category: Effective Date: Policy Owner: Information 10/01/2013 Sr. VP Academic Affairs Technology Prior Effective Date: & Provost N/A Sr.

More information

Adams County, Colorado

Adams County, Colorado Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents

More information

Data Loss Prevention & Mobile Device Management

Data Loss Prevention & Mobile Device Management Data Loss Prevention & Suitable for any network size and any industry DLP for Windows, Mac and Linux Protecting the entire network Out-of-the-Box Solution to secure sensitive data from threats posed by

More information

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):

More information

Protecting Your Data On The Network, Cloud And Virtual Servers

Protecting Your Data On The Network, Cloud And Virtual Servers Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public

More information

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center

More information

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida 2015 SCCE Compliance & Ethics Institute Wednesday, October 7, 2015 (10:00 11:45) Session W14 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks, and

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

Washwood Heath Academy Use by staff of private communication devices policy

Washwood Heath Academy Use by staff of private communication devices policy As a learning community, Washwood Heath Academy wants all staff and students to be able to be safe users of ICT and all data storage. The development of responsible, independent users is a prime aim of

More information

HIPAA Privacy & Breach Notification Training for ARDC Staff

HIPAA Privacy & Breach Notification Training for ARDC Staff HIPAA Privacy & Breach Notification Training for ARDC Staff Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System August 10, 2015 Webinar Essentials Session

More information

Data Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series

Data Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series Data Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series Denise Snyder, MS, RD, CSO, LDN Director, Research Management Team (RMT) Research Practices Manager, SON

More information

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University www.infrontconsulting.com Global #1 on System Center Trusted for over a decade Microsoft Partner of the year 2012, 2013 & 2014 #1

More information

Keeping Data Safe. Patients, Research Subjects, and You

Keeping Data Safe. Patients, Research Subjects, and You Keeping Data Safe Patients, Research Subjects, and You How do hackers access a system Hackers Lurking in Vents and Soda Machines By NICOLE PERLROTH APRIL 7, 2014 New York Times SAN FRANCISCO They came

More information

An Independent Member of Baker Tilly International

An Independent Member of Baker Tilly International Healthcare Security and Compliance July 23, 2015 Presenters Kelley Miller, CISA, CISM - Principal Kelley.Miller@mcmcpa.com Barbie Thomas, MBA, CHC Barbie.Thomas@mcmcpa.com 2 Agenda Introductions Cybersecurity

More information

Top. Reasons Universities Select kiteworks by Accellion

Top. Reasons Universities Select kiteworks by Accellion Top 10 Reasons Universities Select kiteworks by Accellion Top 10 Reasons Universities Select kiteworks kiteworks by Accellion provides higher education institutions with secure wherever, whenever access

More information

Guidance End User Devices Security Guidance: Apple ios 7

Guidance End User Devices Security Guidance: Apple ios 7 GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can

More information

Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC

Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Session Objectives Examine the value of realistic information in research and software testing Explore the challenges of de-identifying health

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015

Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 Protecting your Data, Devices, and Digital Life in a BYOD World: A Security Primer GLENDA ROTVOLD AND SANDY BRAATHEN NBEA APRIL 2, 2015 What are You Trying to Protect? If someone got into your email, what

More information

IRB, HIPAA, and Clinical Research

IRB, HIPAA, and Clinical Research IRB, HIPAA, and Clinical Research A presentation by CHS Privacy and Security Offices UAB Institutional Review Board UAB Health System UAB/UABHS HIPAA Operations Team 1 Getting Started HIPAA 2 3 A Quick

More information

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) 10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM) CONTENT INTRODUCTION 2 SCOPE OF BEST PRACTICES 2 1. HAVE A POLICY THAT IS REALISTIC 3 2. TAKE STOCK USING A MULTIPLATFORM REPORTING AND INVENTORY TOOL...3

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014 HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors

More information

POLIC ANDP CEDURE. t/ 1 vhi4. Email Encryption 11/10/2018. Effective: 12/9/2015. HIPAA/Privacy. Policy. Last New policy Revised: Policy# 11.

POLIC ANDP CEDURE. t/ 1 vhi4. Email Encryption 11/10/2018. Effective: 12/9/2015. HIPAA/Privacy. Policy. Last New policy Revised: Policy# 11. Page 11 of 8 ALCOHOL, DRUG AND POLIC ANDP E T AL HEAL TH SERVICES CEDURE Section Sub-section Policy Compliance HIPAA/Privacy Policy# 11.xxx Email Encryption Director's Approval -+~,..._._-~"---------------

More information