AT&T Healthcare Community Online - Enabling Greater Access with Stronger Security
|
|
- Herbert Banks
- 3 years ago
- Views:
Transcription
1 AT&T Healthcare Community Online: Enabling Greater Access with Stronger Security Overview/Executive Summary With a nationwide move to electronic health record (EHR) systems, healthcare organizations and providers are being called to share patient health information to improve care quality, efficiency and effectiveness. And while federal legislation offers incentives for implementing EHRs, providers face stiff penalties if they do not deploy systems or vigilantly protect patient information. AT&T Healthcare Community Online can help solve the access/security conundrum by enabling healthcare organizations to meet the vigorous security regulations while providing access to appropriate stakeholders across the healthcare community.
2 AT&T Healthcare Community Online 2 The Access/Security Conundrum The Health Information Technology for Economic and Clinical Health (HITECH) Act, a component of the American Recovery and Reinvestment Act (ARRA), has a focus on encouraging electronic access to personal health information across the continuum of care to improve patient outcomes. As the meaningful use requirements of the legislation continue to mature, more of this data will be shared across entire ecosystems, rather than via point-to-point exchanges. Indeed, data is apt to be shared across organizations and among diverse care teams as health information exchanges (HIEs), accountable care organizations (ACOs) and patient-centered medical homes (PCMHs) become more prevalent in the industry. At the same time, the legislation calls for increased security and privacy. In addition to instituting new breach notification rules and extending the rules to healthcare business associates, HITECH implements a new tiered system that increases civil monetary penalties for noncompliance and allows states to file civil actions for Health Insurance Portability and Accountability Act (HIPAA) violations. 1 It s a double-edged challenge. Healthcare organizations need to simultaneously find ways to increasingly share information yet, at the same time, more vigilantly protect information. On the one hand, physicians, nurses, other clinicians and administrators need ready access to the robust data that can be used to measure and improve outcomes for individual patients as well as entire patient populations. On the other hand, organizations need to safeguard this data, which is now being shared among multiple entities and care teams, instead of merely traveling from person to person. Dissecting the Security Challenges An examination of the directives emanating from HIPAA and HITECH illuminate the emerging security challenges facing healthcare providers. Security Concerns Arising from HIPAA and HITECH Among other things, HIPAA and HITECH establish the security framework with which healthcare organizations must comply as the industry moves toward more comprehensive adoption of EHRs. Security challenges are likely to become more pronounced as care is delivered under models that demand more robust data sharing and technologies that enable this data sharing. For instance, organizations need to maintain trusting and supportive relationships with the peers they provide data to, and retrieve data from, as part of HIEs. ACOs need to find a way to protect information as individual medical records are shared among hospitals, long-term care facilities, and doctor s offices in an effort to improve patient care. Data security will also need to be addressed as primary care physicians act as the catalyst of PCMHs and share data with specialists and other service providers. Finally, as the federal government requires providers to share information electronically with patients, organizations will need to find ways to meticulously protect this data. The HIPAA Security Rule establishes the foundation for security expectations. Specifically, the rules require implementation of administrative, physical and technical safeguards. With these safeguards acting as a baseline, HIPAA calls for a controlled environment where organizations can manage their relationships with internal and external users throughout their lifecycle with the HIEs various constituencies (provider, payer, patients, etc.), from initial creation of the user s identity to final access termination. Since most of the information is managed electronically, how this digital information and the related identities are managed becomes a key component of overall HIPAA compliance. Certification standards associated with the HITECH legislation provide even greater specificity as related to EHR security. For example, the companion rule 2, which creates standards for EHR software certified for the incentive program, requires that the applications include encryption, authentication and other security functions. To be certified as qualifying for the federal incentive program, the software must comply with the following, among other things: Encrypt and decrypt electronic health information (EHI) within an organization and also when it is exchanged with others. Verify that a person or entity seeking access to EHI is the one claimed and is authorized to access such information. 3 Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information. Terminate an electronic session after a predetermined time of inactivity. Enable a user to generate an audit log. Verify that information has not been altered in transit and when records are exchanged. Security Concerns Identified by Tiger In addition to HIPAA and HITECH requirements, the Privacy and Security Tiger Team, a federal advisory workgroup organized under the auspices of the Office of the National Coordinator for Health Information Technology (ONC), is engaged in crafting more detailed guidance to HIEs. This group is in the early stages of developing a privacy and security framework for more comprehensive data exchange. In late April of 2011, the Tiger Team published a summary document 4 detailing principles and initial recommendations for a privacy and security framework for health information exchange. The principles cover individual access to electronic health information, procedures for correcting erroneous information, transparency, individual choice to exchange data, safeguards, data quality and integrity, and limitations on collection, use, and disclosure of information. The Tiger Team recommends that: HIEs exchange information securely. The requesting provider in an exchange should, at a minimum, provide attestation of his or her treatment relationship with the individual who is subject of the health information exchange. Providers should have a plan for how they will utilize certified EHR technology security functionality. HIEs require a high level of assurance that the organization is who it says it is; all entities involved in health data exchange should be required to have digital certificates; requirements for digital certificates should include organization verification, validation that transactions meet meaningful use (MU), reliance on existing criteria and processes when applicable; protected health information (PHI) transactions should require authenticated digital certificates (a tool used to authenticate clients and servers on the web and ensure that browser communications are secure). Processes for issuing digital certificates and processes for re-evaluation, e.g., annual renewal are in place.
3 AT&T Healthcare Community Online 3 ONC should oversee an accreditation program for reviewing and authorizing certificate issuers, and select or specify standards for digital certificates. With respect to individual users, provider entities and organizations must develop and implement policies to positively identify and authenticate their individual users. AT&T Healthcare Community Online: Addressing the Access and Security Challenge AT&T Healthcare Community Online helps solve the access/security conundrum by enabling healthcare organizations to meet the vigorous security regulations while providing access to appropriate stakeholders across the healthcare community. Healthcare Community Online enables highly secure exchange and sharing of patient health data across a healthcare ecosystem. It is a cloud-based health information exchange and a comprehensive care coordination platform that integrates patient records/data from multiple sources into a single patient view, providing clinicians with virtually real-time access to patient information and ehealth applications such as e-prescribing, acute and ambulatory EHRs, electronic lab orders/results, and data analytics. Healthcare Community Online meets the growing connectivity needs of healthcare organizations, while at the same time helps satisfy security concerns outlined in HIPAA, HITECH and by the Tiger Team. AT&T Healthcare Community Online offers: Core services to support healthcare organizations business and connectivity needs. A highly secure architecture that protects data as it traverses throughout the healthcare continuum. Easy-to-use cloud-based applications and storage solutions for your individual needs. A workable adoption framework to help you meet your specific security needs. The Platform as a Service Model with Healthcare Community Online AT&T Healthcare Community Online is constructed and designed to be a full, state-of-the-art service-oriented architecture (SOA). The Healthcare Community Online framework uses SOA as the foundation of its interoperability approach and allows AT&T to meet complex and dynamic system integration requirements. SOA standards and the use of web services technology support the ability of Healthcare Community Online to readily adapt and meet current and future HIE capabilities. AT&T Healthcare Community Online is the best model to address an extremely diverse range of technical capabilities and systems operating in an HIE infrastructure. A key aspect of the security framework of Healthcare Community Online is its hub-based identity management model. Enabled by a platform as a service (PaaS) approach, the hub architecture dramatically reduces complexity, especially in an HIE environment where participants need the ability to query multiple data sources in near real-time. As a result, the complexity of installation and configuration is dramatically reduced for healthcare leaders. Due to the PaaS model, the user experience remains simple and seamless as all of the complex security functionality plays out behind the scenes. As a result, information technology leaders and staff members may assume that all communications and interactions in the network are inherently highly secure, instead of establishing and managing security protocols and technologies on a one-to-one basis. Healthcare Community Online also offers specific advanced, highly secure features such as: Single sign-on (SSO), which makes it easier for users to participate in data exchange. Clinical message exchange, which enables individuals and organizations to confidently share information. Encryption, which supports encryption of data in transit and also provides an option to encrypt stored data. Authentication and authorization, which ensures the identities of individuals accessing data. Access controls and audit logging, which helps organizations deal with compliance regulations. Data backup and disaster recovery, which promotes confidence when relying on electronic data. With these functions and features in place, data is protected as it is shared among organizations and users. At the same time, though, users access information without being unduly encumbered by complicated security procedures and IT administrators can manage access in a streamlined fashion. Healthcare Community Online and the Trusted Identify Framework The Trusted Identity Framework in AT&T Healthcare Community Online addresses regulatory security concerns such as user authorization, authentication, non-repudiation, encryption, administration, and audit/ logging requirements. The Trusted Identity Framework supports a unified and leveraged approach to managing digital identities and information security across a wide variety of technologies and across a wide variety of business process requirements. This integrated approach results in reduced complexity with increased consistency of policy enforcement across multiple organizations. The end result: simplicity. Users have a single digital identity to access information across organizations and security administration is streamlined, resulting in significant cost reductions. The Trusted Identity Framework is comprised of four primary components: 1. Trusted Identity Broker: establishes a single hub connection point to federate a user s identity across multiple security enclaves. 2. Trusted Authentication Broker: controls who has access to the HIE by managing and issuing multiple types of credentials, such as ID/ password, hardware tokens, and public key infrastructure (PKI). 3. Trusted Authorization Manager: provides provisioning services that make managing permissions for external identities simple, fast and repeatable. 4. Trusted Compliance Manager: aggregates and analyzes securityrelated data, making it possible to quickly and easily meet compliance with audit and reporting requirements.
4 AT&T Healthcare Community Online 4 By brokering trust and providing protocol translation, identity providers and service providers can select the technology or standard best suited to their back-end environment while simultaneously improving their ability to interoperate with a variety of existing or new federation endpoints. The Trusted Identity Broker makes it significantly easier for organizations to participate in HIEs. The approach calls for minimal end-point integration compared to the conventional approach, which consists of buying a software solution, performing custom development and weeks of integration work at each end-point. Specific features of the Trusted Identity Broker include: Multi-protocol support Establish a single connection hub Federate user identities Control HIE access Manage multiple credentials Provide provisioning services Manage permissions for external identities Aggregate and analyze security data Meet compliance, audit and reporting requirements Trusted Identity Framework 1. Trusted Identity Broker allows healthcare organizations to connect to multiple end-points, such as a physician s practice, a lab, a pharmacy, etc. Trusted Identity Broker utilizes a hub architecture, which dramatically reduces the complexity in situations where organizations are connecting multiple end-points, such as in HIEs where participants need the ability to query multiple data sources in near real-time. With Trusted Identity Broker, each organization only has to worry about a single connection to the HIE instead of juggling multiple point-topoint connections. Perhaps most importantly, the Trusted Identity Broker eliminates the need to juggle multiple standards. In essence, providers no longer have to fret about using multiple competing standards such as SAML 1.1, SAML 2.2, Microsoft standards and various proprietary connectivity standards. Instead, under this standards neutral paradigm, providers connect once to the central hub and, through this interface, connect to any authenticated third-party. With Trusted Identity Broker, the end-user HIE experience is simplified. The Trusted Identity Broker manages the federation of user identities across security enclaves. It allows a user to log in at his local security domain, federate his identity to the central hub, and then select from a variety of external services that are all accessible without requiring a secondary login (i.e. single sign on). The Trusted Identity Broker also supports the direct authentication of users to Healthcare Community Online, which is preferred for smaller organizations that do not have the technical means to federate users from their local domain. As such, the technology accommodates compliance with the person and entity authentication requirements outlined in HIPAA security regulations by making it possible to positively identify organizations and individuals through the hub instead of through one-to-one exchanges. Because end-users only have to authenticate their identity once instead of authenticating their identity each time they communicate with a member of the HIE, technical barriers are diminished and organizations begin realizing the benefits of federation in a few short weeks. Trusted Identity Broker provides out-of-the-box multi-protocol support and translation for all federation standards, as well as support for integration with proprietary federation implementations. Federation logging and auditing Reporting on federation activities between end-points User identification mapping Federation attribute translation and metadata translation services Federation network administrator dashboard Federation relationship management tools between end-points Self-service administrator support for end-point configuration How to connect user guides Test environment for testing federation configurations With the Trusted Identity Broker, users can easily and confidently participate in data exchange, as security procedures are simplified due to the utilization of a hub rather than a one-to-one model. 2. Trusted Authentication Broker manages user authentication and the supporting processes. In essence, the Trusted Authentication Broker controls who has access to the HIE. Trusted Authentication Broker includes the management and issue of multiple types of credentials, such as ID/password, hardware tokens, and public key infrastructure (PKI). The functionality enables health providers to deal with identity verification, authorization and tracking requirements emanating from the regulatory requirements. Trusted Authentication Broker also provides the process and interfaces for self-service password reset, risk based authentication, classifying and grading authentication levels and help-desk support series. Features of Trusted Authentication Broker include: Direct logon to the hub, from anywhere using a simple Internet connection. The ability to up- or down-grade local or federated authentications. Rules enforcement via authentication strength criteria. Requires no changes to application architecture. Audit and reporting tools. With Trusted Authentication Broker, organizations can confidently proceed, knowing that users are who they say they are and that the proper access is being granted to each individual.
5 AT&T Healthcare Community Online 5 3. Trusted Authorization Manager provides provisioning services that manage registration and workflow processes. Additionally, Trusted Authorization Manager makes managing permissions for external identities simple, fast and repeatable. A highly configurable solution, it is particularly well suited for complex authorization processes, such as those involving multiple approvers or those involving multiple rules, which are based on data residing in disparate databases. For example, Trusted Authorization Manager makes compliance with HIPAA s permitted use stipulations easier. Under the permitted uses clause, healthcare organizations can disclose PHI to the patient and to other authorized organizations for the purposes of treatment, payment, and operations. Trusted Authorization Manager offers a series of centralized applications for self-service registration, applications request-andapproval workflow, delegated administration, password management login, audit reporting, and other functions related to identity management. For example, healthcare organizations can verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information. The Trusted Authorization Manager is built on a delegated administration model meaning that the rights of each individual identity are managed by an onsite administrator who has access to the individual s requesting privileges. In short, the administrator making the decision about access rights is familiar with the roles and responsibilities of who they are providing access to. In a provider organization, the administrator will know what type of access rights to grant to individuals, based on their specific role in the healthcare organization (i.e. executive, physician, nurse, and support staff). The security administrator can also oversee the access rights of each identity over time. For example, the security administrator can remove access rights if a physician leaves the organization or add access rights to certain features for certain individuals as needed. In addition, once an administrator controls what type of access each user has, users self-enroll and establish their own ID and password. As such, IDs and passwords do not need to be ed and, therefore, are not subject to the vulnerability associated with . As such, the password is never exposed. Trusted Authorization Manager features include: Self-service registration Cross-organizational delegated administration functionality N-tier delegation (i.e. different levels of security and access required and allowed for various situations) for intra-organizational user management Configurable workflow for custom access management processes Rules-based workflow and decision engine Self-service password reset Audit tools Reporting tools Trusted Authorization Manager brings simplicity to complex permissions and authorization processes. 4. Trusted Compliance Manager makes it easy for healthcare providers to aggregate and analyze security-related data, facilitating quick and easy compliance with audit and reporting requirements. Trusted Compliance Manager makes it possible for organizations to validate that users continue to access the HIE as intended and within the established rules. In addition, other or extra protections can be built into the Compliance Manager. For example, if a user has not accessed a certain function in a certain amount of time, then the permissions for that identity can be re-evaluated by the security administrator. In addition, Trusted Compliance Manager audits every event each time a user is created, a user s privileges are suspended or an application access is granted. All of those actions are logged in the Trusted Compliance Manager. The information is compiled in an easy-to-decipher report. Such functionality allows organizations to address HIPAA s administrative safeguards calling for reviews of system activities and audit logs. Features of Trusted Compliance Manager include: Administration interface configures polices and rules according to an organization s HIPAA plan. Automatically determines exceptions based on usage patterns. Collects and aggregates information across the Trusted Identity Framework. Facilitates comprehensive analysis of compliance status. Is based on IHE ATNA and RFC-3881 standards for healthcare security audit records. Records most major events such as: PHI access Document retrieval Patient search RLS registry lookup Patient feed processing Saves all records to a database with tightly controlled access policies. Uses asynchronous queuing model to avoid impacting application performance. Encrypts data at rest and in-flight for every stage of audit event handling. Trusted Compliance Manager ensures that users access systems and data as intended, and makes it easy to comply with audit requirements. Simplifying HIPAA Compliance Healthcare Community Online is designed to facilitate compliance with HIPAA and protect a patient s right to privacy. Through Healthcare Community Online systems, processes, and best practices, access to patient data is managed and protected from unauthorized access. Because Healthcare Community Online uses a centralized hub model, the number of federations to be managed is reduced, resulting in a simpler, more secure approach. By allowing AT&T Healthcare Community Online to act as the independent third-party to manage identities, customers meet separation of duties requirements and allow stakeholders to only have to trust one entity, not an entire community.
6 AT&T Healthcare Community Online 6 Conclusion With AT&T Healthcare Community Online, healthcare organizations can easily share information, making it possible to comply with the government s meaningful use requirements and ultimately to improve the service and care delivered to patients. AT&T Healthcare Community Online makes it possible for organizations to protect personal health information and offers the following benefits: Reduced cost and complexity associated with managing identities and access privileges across constituents. Seamless integrations with systems and applications; simplified endpoint connectivity and collaboration. Virtually anytime, anywhere access to applications for users across the extended enterprise. Improved end-user experience via single sign-on to multiple systems and application. Faster deployment versus in-house or on-premise. Simpler compliance with regulations and enterprise policies for users inside and outside a firewall. Unparalleled security, service; access to global help desk. With advanced safeguards in place, healthcare providers can move their healthcare information technology initiatives forward, knowing that personal health information is protected, addressing the evolving security requirements of HIPAA, HITECH, and the ONC s Tiger Team. References 1. Federal Register. Modifications to the HIPAA Privacy, Security and Enforcement Rules Under the Health Information Technology for Economic and Clinical Care Act, July 14, Accessed at: nprmhitech.pdf 2. Department of Health and Human Services, 45 CFR Part 170 Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, Final Rule, July 28, Accessed at: access.gpo.gov/2010/pdf/ pdf. 3. Centers for Medicare and Medicaid Services. Are You a Covered Entity? Accessed at: AreYouaCoveredEntity.asp 4. Tiger Team. Policy and Technology Framework for Health Information Exchange. Accessed at: wp-content/uploads/2011/04/framework pdf For more information contact an AT&T Representative or visit 07/28/11 AB Compuware Corporation and AT&T Intellectual Property. Covisint, the Covisint logo and all Covisint products and services listed within are trademarks or registered trademarks of Compuware Corporation. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
The Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationCA Technologies Healthcare security solutions:
CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationThe Benefits of an Industry Standard Platform for Enterprise Sign-On
white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationBuilding an Accountable Care Organization (ACO)
Building an Accountable Care Organization (ACO) Overcoming Integration, Connectivity and Interoperability Roadblocks Executive Summary Accountable Care Organizations (ACOs) center on the overall well-being
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationSOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information
SOLUTION BRIEF SEPTEMBER 2014 Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT 94% of healthcare organizations
More informationRemote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act
Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Are your authentication, access, and audit paradigms up to date? Table of Contents Synopsis...1
More informationSecuring Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationChapter 15 The Electronic Medical Record
Chapter 15 The Electronic Medical Record 8 th edition 1 Lesson 15.1 Introduction to the Electronic Medical Record Define, spell, and pronounce the terms listed in the vocabulary. Discuss the presidential
More informationREMOTE ACCESS TO A HEALTHCARE FACILITY AND THE IT PROFESSIONAL S OBLIGATIONS UNDER HIPAA AND THE HITECH ACT
REMOTE ACCESS TO A HEALTHCARE FACILITY AND THE IT PROFESSIONAL S OBLIGATIONS UNDER HIPAA AND THE HITECH ACT ARE YOUR AUTHENTICATION, ACCESS, AND AUDIT PARADIGMS UP TO DATE? BY KERRY ARMSTRONG, PRIVACY,
More informationHealth Information Technology
Background Brief on September 2014 Inside this Brief Terminology Relevant Federal Policies State HIT Environment, Policy, and HIT Efforts Staff and Agency Contacts Legislative Committee Services State
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationITUS Med Solutions. HITECH & HIPAA Compliance Guide
Solutions HITECH & HIPAA Compliance Guide 75 East 400 South Suite 301 - Salt Lake City - UT - 84111 (801) 505-9570 www.itus-med.com Email: info@itus-med.com HITECH & HIPAA Compliance HITECH and HIPAA
More informationHIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals
HIPAA for HIT and EHRs Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals Donald Bechtel, CHP Siemens Health Services Patient Privacy Officer Fair Information Practices
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationFaster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions
Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Table of Contents Introduction... 3 1. Data Backup: The Most Critical Part of any IT Strategy...
More informationEMC PERSPECTIVE. The Private Cloud for Healthcare Enables Coordinated Patient Care
EMC PERSPECTIVE The Private Cloud for Healthcare Enables Coordinated Patient Care Table of Contents A paradigm shift for Healthcare IT...................................................... 3 Cloud computing
More informationEnterprise Healthcare Guide Embracing Technology for a Healthier World
2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Enterprise Healthcare Guide Embracing Technology for a Healthier World Contents
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationAn Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance
An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security
More informationVASCO: Compliant Digital Identity Protection for Healthcare
VASCO: Compliant Digital Identity Protection for Healthcare Compliant Digital Identity Protection for Healthcare The proliferation of digital patient information and a surge in government regulations are
More informationEntrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003
Entrust Secure Web Portal Solution Livio Merlo Security Consultant September 25th, 2003 1 Entrust Secure Web Portal Solution Only the Entrust Secure Web Portal solution provides Security Services coupled
More informationREGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI
REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationHEALTH IT! LAW & INDUSTRY
A BNA, INC. HEALTH IT! LAW & INDUSTRY Meaningful Use REPORT VOL. 2, NO. 15 APRIL 12, 2010 BNA Insights: Toward Achieving Meaningful Use: HHS Establishes Certification Criteria for Electronic Health Record
More informationSecuring the Healthcare Enterprise for Compliance with Cloud-based Identity Management
Securing the Healthcare Enterprise for Compliance with Cloud-based Identity Management Leveraging Common Resources and Investments to Achieve Premium Levels of Security Summary The ecosystem of traditional
More informationEndpoint Virtualization for Healthcare Providers
WHITE PAPER: xxxxxx BEST PRACTICES [00-Cover_Bar] FOR HEALTHCARE Endpoint Virtualization for Healthcare Providers Confidence in a connected world. White Paper: Best Practices for Healthcare Endpoint Virtualization
More informationDirect Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information
Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Within the healthcare industry, the exchange of protected health information (PHI) is governed by regulations
More informationStreamlining Healthcare Business Interactions
WHITE PAPER Streamlining Healthcare Business Interactions Sponsored by: Axway Lynne Dunbrack December 2014 IDC HEALTH INSIGHTS OPINION Today's changing healthcare IT (HIT) environments are generating a
More informationJoe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
More informationHIPAA DATA SECURITY & PRIVACY COMPLIANCE
HIPAA DATA SECURITY & PRIVACY COMPLIANCE This paper explores how isheriff Cloud Security enables organizations to meet HIPAA compliance requirements with technology and real-time data identification. Learn
More informationThe Role of Password Management in Achieving Compliance
White Paper The Role of Password Management in Achieving Compliance PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail: sales@portalguard.com Website: www.portalguard.com
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationTRUVEN HEALTH UNIFY. Population Health Management Enterprise Solution
TRUVEN HEALTH UNIFY Population Health Enterprise Solution A Comprehensive Suite of Solutions for Improving Care and Managing Population Health With Truven Health Unify, you can achieve: Clinical data integration
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More informationTRUVEN HEALTH UNIFY. Population Health Management Enterprise Solution
TRUVEN HEALTH UNIFY Population Health Enterprise Solution A Comprehensive Suite of Solutions for Improving Care and Managing Population Health With Truven Health Unify, you can achieve: Clinical data integration
More informationSolution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationThe CIO s Guide to HIPAA Compliant Text Messaging
The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially
More informationProvide access control with innovative solutions from IBM.
Security solutions To support your IT objectives Provide access control with innovative solutions from IBM. Highlights Help protect assets and information from unauthorized access and improve business
More informationWhat Virginia s Free Clinics Need to Know About HIPAA and HITECH
What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics
More informationDemonstrating Meaningful Use of EHRs: The top 10 compliance challenges for Stage 1 and what s new with 2
Demonstrating Meaningful Use of EHRs: The top 10 compliance challenges for Stage 1 and what s new with 2 Today s discussion A three-stage approach to achieving Meaningful Use Top 10 compliance challenges
More informationBEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use
Product Data Sheet BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use BEA AquaLogic Integrator delivers the best way for IT to integrate, deploy, connect and manage process-driven
More informationAT&T Healthcare Community Online
AT&T Healthcare Community Online January 30, 2012 HCO empowers health care professionals to reduce re-admissions, increase care coordination and provide seamless care transitions while improving patient
More informationHow to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationChoosing an SSO Solution Ten Smart Questions
Choosing an SSO Solution Ten Smart Questions Looking for the best SSO solution? Asking these ten questions first can give your users the simple, secure access they need, save time and money, and improve
More informationHIPAA Compliance and Wireless Networks. 2005 Cranite Systems, Inc. All Rights Reserved.
HIPAA Compliance and Wireless Networks White Paper HIPAA Compliance and Wireless Networks 2005 Cranite Systems, Inc. All Rights Reserved. All materials contained in this document are the copyrighted property
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationHIPAA, PHI and Email. How to Ensure your Email and Other ephi are HIPAA Compliant. www.fusemail.com
How to Ensure your Email and Other ephi are HIPAA Compliant How to Ensure Your Email and Other ephi Are HIPAA Compliant Do you know if the patient appointments your staff makes by email are compliant with
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationemipp Extending Medicaid Connectivity for Managing EHR Incentive Payments Overview
Extending Medicaid Connectivity for Managing EHR Incentive Payments JANUARY 2011 Registration for EHR Incentive Program begins APRIL 2011 Attestation for the Medicare EHR Incentive Program begins NOVEMBER
More informationCybersecurity and Secure Authentication with SAP Single Sign-On
Solution in Detail SAP NetWeaver SAP Single Sign-On Cybersecurity and Secure Authentication with SAP Single Sign-On Table of Contents 3 Quick Facts 4 Remember One Password Only 6 Log In Once to Handle
More informationBoost Healthcare Security and Patient Care with Imprivata Enhanced VDI
White Paper Boost Healthcare Security and Patient Care with Imprivata Enhanced VDI Erik Willey 12.12.2014 SUMMARY: Imprivata OneSign offers an easy-to-implement solution that works seamlessly within a
More informationHIPAA Compliance and Wireless Networks
HIPAA Compliance and Wireless Networks White Paper 2004 Cranite Systems, Inc. All Rights Reserved. All materials contained in this document are the copyrighted property of Cranite Systems, Inc. and/or
More informationSecure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion
In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report
More informationWhen millions need access: Identity management in an increasingly connected world
IBM Software Thought Leadership White Paper January 2011 When millions need access: Identity management in an increasingly connected world Best practice solutions that scale to meet today s huge numbers
More informationHow To Use Isalus Officeemr
We know doctors. isalus. isalus gave me exactly what I needed: an EMR solution that was physicianfriendly, customizable and easy to implement, without a big cash outlay or ongoing maintenance headaches.
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationEMC HEALTHCARE SOLUTIONS
EMC HEALTHCARE SOLUTIONS Advancing information-enabled healthcare decisions with EMC Essentials Healthcare providers are being asked to improve clinical and financial outcomes and address growing demands
More informationHIPAA: The Role of PatientTrak in Supporting Compliance
HIPAA: The Role of PatientTrak in Supporting Compliance The purpose of this document is to describe the methods by which PatientTrak addresses the requirements of the HIPAA Security Rule, as pertaining
More informationThe Challenges of Managing Multiple Cloud Identities and Enterprise Identity by BlackBerry
MANAGING CLOUD APPS IN THE ENTERPRISE How to Overcome the Complexity Whitepaper 2 The Trouble with Managing Multiple Cloud Identities Over the last decade, cloud-based apps have become fundamental to how
More informationFoundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT
Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS The promise of reduced administrative costs and improved caregiver satisfaction associated with user provisioning
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationWhite paper. Four Best Practices for Secure Web Access
White paper Four Best Practices for Secure Web Access What can be done to protect web access? The Web has created a wealth of new opportunities enabling organizations to reduce costs, increase efficiency
More informationT he Health Information Technology for Economic
A BNA, INC. HEALTH IT! LAW & INDUSTRY REPORT Reproduced with permission from Health IT Law & Industry Report, 2 HITR 23, 01/18/2010. Copyright 2010 by The Bureau of National Affairs, Inc. (800-372- 1033)
More informationHOW TO ACCELERATE ADOPTION OF ELECTRONIC HEALTH RECORDS
HOW TO ACCELERATE ADOPTION OF ELECTRONIC HEALTH RECORDS Build a thoughtful IT strategy that includes the EHR to enable growth Leverage virtualization and cloud computing to reduce cost and increase IT
More informationHIPAA Security. 1 Security 101 for Covered Entities. Security Topics
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
More informationCompliance, Incentives and Penalties: Hot Topics in US Health IT
Compliance, Incentives and Penalties: Hot Topics in US Health IT Table of Contents Introduction... 1 The Requirements... 1 PCI HIPAA ARRA Carrot and Stick How does third party assurance fit into the overall
More informationIntelligent Systems for Health Solutions
Bringing People, Systems, and Information Together Today s health organizations are increasingly challenged to accomplish what we call the triple aim of effective healthcare: deliver higher quality care
More informationSymantec Managed PKI Service Deployment Options
WHITE PAPER: SYMANTEC MANAGED PKI SERVICE DEPLOYMENT............. OPTIONS........................... Symantec Managed PKI Service Deployment Options Who should read this paper This whitepaper explains
More informationHIPAA COMPLIANCE AND
INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery
More informationSecuring Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud
Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud Featuring the results of the Privacy and Security Survey, March 2011 Since the passage of the
More informationBusiness-Driven, Compliant Identity Management
SAP Solution in Detail SAP NetWeaver SAP Identity Management Business-Driven, Compliant Identity Management Table of Contents 3 Quick Facts 4 Business Challenges: Managing Costs, Process Change, and Compliance
More informationCMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM
CMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator
More informationEnsuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services
Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority
More informationRAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
More informationConverged Infrastructure: Meeting the New Challenges of Healthcare IT
WHITE PAPER Converged Infrastructure: Meeting the New Challenges of Healthcare IT Sponsored by: VCE Lynne Dunbrack March 2015 IDC HEALTH INSIGHTS OPINION Healthcare IT will play a central role in achieving
More informationSimplify and Secure Cloud Access to Critical Business Data
SAP Brief SAP Technology SAP Cloud Identity Objectives Simplify and Secure Cloud Access to Critical Business Data Gain simplicity and security in a single cloud solution Gain simplicity and security in
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationsolution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?
solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service? provides identity and access management capabilities as a hosted cloud service. This allows you to quickly
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationWhite Paper. Support for the HIPAA Security Rule PowerScribe 360
White Paper Support for the HIPAA Security Rule PowerScribe 360 2 Summary This white paper is intended to assist Nuance customers who are evaluating the security aspects of the PowerScribe 360 system as
More informationWISHIN Pulse Statement on Privacy, Security and HIPAA Compliance
WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance SEC-STM-072014 07/2014 Contents Patient Choice... 2 Security Protections... 2 Participation Agreement... 2 Controls... 3 Break the Glass...
More information