HIPAA Compliance Tune-Up for Are You Prepared?
|
|
- Tyler Hamilton
- 7 years ago
- Views:
Transcription
1 HIPAA Compliance Tune-Up for 2016 Are You Prepared?
2 Speakers Michael Flavin Senior Product Marketing Manager efax Corporate, Part of j2 Cloud Services 2
3 Agenda 1 Why HIPAA Enforcement Will Get Stronger in What Exactly is the OCR Phase 2 Audit? 3 Why Covered Entities Should Prioritize a Security Risk Analysis 4 6 Tips to Prevent Cyber Hacking 5 How to Create Cyber-Security Culture Across Your Organization 6 How a Cloud Fax Model Can Enhance HIPAA Compliance 3
4 The information provided in this presentation does not constitute, and is no substitute for, legal or other professional advice. We strongly encourage you to consult your own legal or other professional advisors for individualized guidance regarding the application of the law to your particular situations, and in connection with any compliance-related concerns. 4
5 Why HIPAA Enforcement will Ramp Up in 2016 HHS s Office of the Inspector General (OIG) issues report recommending stronger oversight of CEs and BAs. The Office for Civil Rights (OCR) responds with Phase 2, launching in early
6 HIPAA Resolutions & Corrective Actions Up Every Year * Investigated: No Violation Resolved Corrective Action or Tech Asst. Total Resolutions 6
7 Findings: The Results of HIPAA s Phase 1 Audits 2/3 of entities had no complete or accurate risk assessment program. 44% of Privacy Rule deficiencies involved disclosures of ephi. 58 out of 59 healthcare providers had at least 1 negative finding relating to the Security Rule! 7
8 Findings: The OIG Report that Led to the Phase 2 Audit In about half of the closed privacy cases covered entities were noncompliant with at least one privacy standard. Recommendation: OCR should Implement permanent audit program Keep documentation of corrective action Improve method of tracking cases Check CE HIPAA investigation history Expand outreach and education to CEs 8
9 Quick Audience Poll 1 How concerned are you about phase 2 OCR Compliance Audits in 2016? a. Not concerned at all b. Slightly concerned c. Moderately concerned d. Very concerned 2 What best describes the biggest pain point with faxing in your organization today? a. No integration into our EHR system b. HIPAA Security and Compliance concerns c. Ongoing costs of on-site fax Infrastructure d. Inefficiency of workflow processes 9
10 Agenda 1 Why HIPAA Enforcement Will Get Stronger in What Exactly is the OCR Phase 2 Audit? 3 Why Covered Entities Should Prioritize a Security Risk Analysis 4 6 Tips to Prevent Cyber Hacking 5 How to Create Cyber-Security Culture Across Your Organization 6 How a Cloud Fax Model Can Enhance HIPAA Compliance 10
11 What Exactly is a Phase 2 HIPAA Audit? Phase 2: Hundreds of Covered Entities Will Be Audited 550 to 800 entities contacted Estimated 350 selected for audit OCR s own staff conducting the audits Combination of desk and onsite audits Measuring security, breach, privacy 11
12 Agenda 1 Why HIPAA Enforcement Will Get Stronger in What Exactly is the OCR Phase 2 Audit? 3 Why Covered Entities Should Prioritize a Security Risk Analysis 4 6 Tips to Prevent Cyber Hacking 5 How to Create Cyber-Security Culture Across Your Organization 6 How a Cloud Fax Model Can Enhance HIPAA Compliance 12
13 Why Prioritize a Security Risk Analysis? Health firms are at risk: Virus vulnerabilities are up Data breaches and ephi theft are up Between 2010 and 2013, 29 million records compromised From the HHS Wall of Shame 113,180,244 breaches in 2015 alone! 13
14 Why Prioritize a Security Risk Analysis Healthcare was 2015 s #1 Data Breach Victim 78.8 million records 11 million records 10 million records 4.5 million records 3.9 million records Source: And published as required by the HITECH Act on DHHS: 14
15 Vulnerability to Cyber Hacking & ephi Breach FBI warnings to industry: The FBI has observed malicious actors targeting healthcare related systems for the purpose of obtaining Protected Healthcare Information (PHI) HHS Office for Civil Rights 1,199 Incidents 41.5 Million Individuals Top 5 Health Data Breaches in Million Individuals Data Breaches Year to Date Huge Change in Scope ,800%! Million Individuals Increase from
16 The largest data breaches in 2015 were all the result of cyber hacking breaches, resulting from... Spearphishing Malware Network Intrusion 16
17 What s a Secure ephi Transmission? HIPAA Privacy Rule: 45 CFR NIST encryption standards for handshake NIST encryption cipher standard for data protection requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. TLS encryption AES 256-bit encryption 17
18 Why Prioritize a Security Risk Analysis? 98% of healthcare providers audited were found to have failed to comply with HIPAA s Security Rule in at least one instance 18
19 The Cost Data Breaches Again, Healthcare Tops the List of Industries $154 $163 $363 Average cost per record across all industries globally Average cost per record for retail firms globally Average cost per breach for healthcare firms globally 19
20 What are the Business-Impacting Threats? Marketplace Reputation and Customer Loyalty Liability Legal costs Credit assistance for customers Training, call center triage Fraudulent charges Stock price, earnings, etc. IT Resources 20
21 Agenda 1 Why HIPAA Enforcement Will Get Stronger in What Exactly is the OCR Phase 2 Audit? 3 Why Covered Entities Should Prioritize a Security Risk Analysis 4 6 Tips to Prevent Cyber Hacking 5 How to Create Cyber-Security Culture Across Your Organization 6 How a Cloud Fax Model Can Bring Enhance Compliance 21
22 6 Tips to Prevent Cyber Hacking Build Your Network s Defensive Walls 1 Proactive Software Assurance Source code and binary code testing tools Application security scanners Certifications 4 Eliminating Security Vulnerabilities Vulnerability management Patch management Penetration testing 2 Blocking Attacks: Network Level IDS and IPS FW MSS 5 Safely Supporting Authorized Users Encryption technology VPN DLP 3 Blocking Attacks: Host Level Endpoint security NAC 6 Tools to Manage Security and Maximize Effectiveness Log management SIEM Training 22
23 Agenda 1 Why HIPAA Enforcement Will Get Stronger in What Exactly is the OCR Phase 2 Audit? 3 Why Covered Entities Should Prioritize a Security Risk Analysis 4 6 Tips to Prevent Cyber Hacking 5 How to Create Cyber-Security Culture Across Your Organization 6 How a Cloud Fax Model Can Enhance HIPAA Compliance 23
24 How to Create a Cyber-Security Culture Start at the top of your company - make everyone aware of the risks and how to avoid them. Find ways to explain the right processes that are non-technical - because that loses a lot of people. Identify the digital assets you most need to secure - and make sure you re monitoring and protecting them. Look also for non-cyber data risks - hardcopy files left unattended, etc. - and include them in your training. 24
25 Most Common Pitfalls Risk Assessment Lack of Accurate Data Inventory/ Controls Audit Logs (critical for compliance and root cause) Humans Accidents Happen Social Engineering Security Awareness Training Missing Policies and Procedures Incident Response Team and Plan & Audit Trail 25
26 Agenda 1 Why HIPAA Enforcement Will Get Stronger in What Exactly is the OCR Phase 2 Audit? 3 Why Covered Entities Should Prioritize a Security Risk Analysis 4 6 Tips to Prevent Cyber Hacking 5 How to Create Cyber-Security Culture Across Your Organization 6 How a Cloud Fax Model Can Enhance HIPAA Compliance 26
27 Faxing in Healthcare today Trends The Move toward a Cloud Fax Model The Cloud Fax Model Your staff can fax anywhere Virtually No IT administration, maintenance and troubleshooting Deploys in minutes Easy to use Requires no training Highly secure Compliant* Provides clear audit trails Cost-effective *efax Secure, part of the efax Corporate suite of solutions is a HIPAA-compliant solution for Healthcare 27
28 efax Corporate The world s #1 online fax company and the industry s most experienced hosted fax service , Secure Browser, Mobile App & efax Messenger User Interfaces Encrypted in Transit (optional) The most widely deployed online fax service for the Fortune 500 Hosted Fax Service Encrypted Fax Storage via efax Secure (optional) Trusted by more major healthcare, legal, financial and other highlyregulated firms than any other online fax provider to transmit sensitive documents PSTN Telco Service Inbound/ Outbound Faxes 28
29 Q&A enterprise.efax.com U.S. Sales (888) UK Sales +44 (0)
30 Helpful Resources HIPAA Privacy Rule The HIPAA Security Rule Toolkit OCR s HIPAA Enforcement Data Page OCR s Findings from Phase 1 Audits OIG 2015 Report Recommending Strengthened HIPAA Oversight BitSight Data-Security Industry Report HealthITNews: Top 10 Breaches of 2015 HIPAAJournal: Top 2015 Breaches (Healthcare Industry #1 Victim) efax Corporate Blog: Six Best Practices to Deter Cyber Hackers HealthCareITNews Article on Cyber Security Culture SANS Institute: Layered Defense Approach to Preventing Cyber Hacking The American Bar Association s Interpretation of the HIPAA Security Rule and Protecting ephi HHS Report: Security 101 for the CE HIPAA Audit Webpage Ponemon: 2015 Costs of Breaches 2015 HIMSS Conference efax Corporate Data Sheet on HIPAA- Compliant Faxing 30
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationEnsuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services
Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of
More informationEnsuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services
Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationEnsuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services
Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationPrivacy and Security requirements, OCR HIPAA Audits and the New Audit Protocol
Privacy and Security requirements, OCR HIPAA Audits and the New Audit Protocol 1 Learning Objectives Understand Privacy and Security Requirements Understand the new OCR audit protocol Learn how to prepare
More informationHIPAA-compliant Cloud Faxing
HIPAA-compliant Cloud Faxing HIPAA-compliant Cloud Faxing 4,463 Active investigations against covered entities resolved in 2013 by HIPAA s enforcement arm, the Office of Civil Rights. 3,470 were resolved
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationView the Replay on YouTube. Sustainable HIPAA Compliance: Enhancing Your Epic Reporting. FairWarning Executive Webinar Series October 17, 2013
View the Replay on YouTube Sustainable HIPAA Compliance: Enhancing Your Epic Reporting FairWarning Executive Webinar Series October 17, 2013 Today s Panel Chris Arnold FairWarning VP of Product Management
More informationHow To Find Out What People Think About Hipaa Compliance
Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationExecutive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014
Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More informationWhat is required of a compliant Risk Assessment?
What is required of a compliant Risk Assessment? ACR 2 Solutions President Jack Kolk discusses the nine elements that the Office of Civil Rights requires Covered Entities perform when conducting a HIPAA
More informationWhat Are The Odds Of a HIPAA Audit?
What Are The Odds Of a HIPAA Audit? 1 Random Odds The law Outline Why is enforcement up? What types of audits and what causes them Examples of enforcement What can you do to avoid audits and fines 2 3
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationIncreasing Security Defenses in Cost-Sensitive Healthcare IT Environments
Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments Regulatory and Risk Background When the Health Insurance Portability and Accountability Act Security Standard (HIPAA) was finalized
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationHow To Understand And Understand The Benefits Of A Health Insurance Risk Assessment
4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationPreparing for the HIPAA Security Rule
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationPatient Privacy and Security. Presented by, Jeffery Daigrepont
Patient Privacy and Security Presented by, Jeffery Daigrepont Jeffery Daigrepont, SVP No Financial Conflicts to Report Jeffery Daigrepont, Senior Vice President of The Coker Group, specializes in health
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationNew privacy and security requirements increase potential legal liability and jeopardize brand reputation.
New privacy and security requirements increase potential legal liability and jeopardize brand reputation. Protect personal health information in motion, in use and at rest with HP access, authentication,
More informationDocument Imaging Solutions. The secure exchange of protected health information.
The secure exchange of protected health information. 2 Table of contents 3 Executive summary 3 The high cost of protected health information being at risk 4 The compliance officer s dilemma: keeping PHI
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationSECURITY RISK ASSESSMENT SUMMARY
Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationHIPAA COMPLIANCE AND
INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery
More informationInfoGard Healthcare Services. 2015 InfoGard Laboratories Inc.
InfoGard Healthcare Services 10 Steps To Protect My Covered Entity From Breach Your Presenters Alan Martin Account Manger Marvin Byrd Security Engineer Test and Certification Laboratory Healthcare Payment
More informationCybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013
Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationSecurity Compliance, Vendor Questions, a Word on Encryption
Security Compliance, Vendor Questions, a Word on Encryption Alexis Parsons, RHIT, CPC, MA Director, Health Information Services Security/Privacy Officer Shasta Community Health Center aparsons@shastahealth.org
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More informationPrivacy & Security. Risk Management Strategies for Healthcare Data. Ohio Hospital Association Centennial Annual Meeting.
Ohio Hospital Association Centennial Annual Meeting Privacy & Security Risk Management Strategies for Healthcare Data Chris Allman, JD Director of Risk Management, Compliance & Insurance Garden City Hospital
More informationCybersecurity Challenges in Healthcare. Doug Copley Beaumont Health & Michigan Healthcare Cybersecurity Council
Cybersecurity Challenges in Healthcare Doug Copley Beaumont Health & Michigan Healthcare Cybersecurity Council Healthcare Headlines Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationBarracuda Web Application Firewall: Safeguarding Healthcare Web Applications and ephi. Whitepaper
Barracuda Web Application Firewall: Safeguarding Healthcare Web Applications and ephi Whitepaper Barracuda Barracuda Web Application Firewall: Safeguarding Healthcare Web Applications and ephi 2 The Health
More informationHIPAA, PHI and Email. How to Ensure your Email and Other ephi are HIPAA Compliant. www.fusemail.com
How to Ensure your Email and Other ephi are HIPAA Compliant How to Ensure Your Email and Other ephi Are HIPAA Compliant Do you know if the patient appointments your staff makes by email are compliant with
More information2016 OCR AUDIT E-BOOK
!! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationAGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED
Michael Almvig Skagit County Information Services Director 1 AGENDA 1 2 HIPAA How Did Privacy The Breach Happen? HIPAA Incident Security Response 3 Corrective Action Plan 4 What We Learned Questions? ACRONYMS
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationTexas House Bill 300 & HIPAA. A MainNerve Whitepaper
A MainNerve Whitepaper Overview If you do business in Texas and your organization handles, creates, stores, transmits or has access to electronic patient healthcare information, you need to be mindful
More informationHealthcare and IT Working Together. 2013 KY HFMA Spring Institute
Healthcare and IT Working Together 2013 KY HFMA Spring Institute Introduction Michael R Gilliam Over 7 Years Experience in Cyber Security BA Telecommunications Network Security CISSP, GHIC, CCFE, SnortCP,
More informationCompliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire
Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on
More informationAre You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives
Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)
More informationStraight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes
Watch the Replay Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes FairWarning Executive Webinar Series May 20, 2014 #AnytimeAudit Today s Panel Laura E. Rosas, JD, MPH
More informationAdopting a Cybersecurity Framework for Governance and Risk Management
The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance
More informationHIPAA Audits Are Here!
HIPAA Audits Are Here! How to prepare for and what to expect when OCR comes knocking May 12, 2016 James B. Wieland, Principal, Ober Kaler Emily H. Wein, Principal, Ober Kaler David Holtzman, VP of Compliance,
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationPotential Liability for HIPAA Violations: A Primer
Potential Liability for HIPAA Violations: A Primer Wednesday, March 23, 2016 Presented By the IADC Medical Defense and Health Law Committee and In-House and Law Firm Management Committee Welcome! The Webinar
More informationAn Independent Member of Baker Tilly International
Healthcare Security and Compliance July 23, 2015 Presenters Kelley Miller, CISA, CISM - Principal Kelley.Miller@mcmcpa.com Barbie Thomas, MBA, CHC Barbie.Thomas@mcmcpa.com 2 Agenda Introductions Cybersecurity
More informationLogging and Auditing in a Healthcare Environment
Logging and Auditing in a Healthcare Environment Mac McMillan CEO CynergisTek, Inc. OCR/NIST HIPAA Security Rule Conference Safeguarding Health Information: Building Confidence Through HIPAA Security May
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationChecklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @
Checklist for Breach Readiness Enabling a Resilient Organization Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Facts about breach violation impact
More informationHEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES
HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationHIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1
HIPAA/HITECH Privacy and Security for Long Term Care 1 John DiMaggio Chief Executive Officer, Blue Orange Compliance Cliff Mull Partner, Benesch, Healthcare Practice Group About the Presenters John DiMaggio,
More informationHIPAA: Compliance Essentials
HIPAA: Compliance Essentials Presented by: Health Security Solutions August 15, 2014 What is HIPAA?? HIPAA is Law that governs a person s ability to qualify immediately for health coverage when they change
More informationYOUR HIPAA RISK ANALYSIS IN FIVE STEPS
Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationRisk Management and Compliance: Healthcare Best Practices Guide
WHITE PAPER: RISK MANAGEMENT AND COMPLIANCE: HEALTHCARE............. BEST.... PRACTICES........... GUIDE............ Risk Management and Compliance: Healthcare Best Practices Guide Who should read this
More informationAre You Prepared for a HIPAA Audit? 7 Steps to Security Readiness GUIDE BOOK
Are You Prepared for a HIPAA Audit? 7 Steps to Security Readiness GUIDE BOOK Are You Ready? For nearly four years, official HIPAA compliance audits have been on hold. The Department of Human Services (HHS)
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationHealth Homes Implementation Series: NYeC Privacy and Security Toolkit. 16 February 2012
Health Homes Implementation Series: NYeC Privacy and Security Toolkit 16 February 2012 1 Agenda What are the New York ehealth Collaborative (NYeC) and the Regional Extension Center? What are Health Homes?
More informationReady or Not: OCR s Second Round of HIPAA Audits Are Just Around the Corner
Ready or Not: OCR s Second Round of HIPAA Audits Are Just Around the Corner OPRA 2015 Fall Conference November 4, 2015 Presented By: Lisa Pierce Reisz Vorys, Sater, Seymour and Pease LLP 614.464.8353 lpreisz@vorys.com
More informationCybercrime: Protecting Your Digital Assets in Today's Threat Landscape
Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape Presented by Rachel Ratcliff OM03 Saturday, 10/5/2013 9:30 AM - 10:45 AM Cybercrime: Protecting Your Digital Assets in Today s Threat
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationHealthcare in the Crosshairs for Data Breaches. April 22, 2015. Deborah Hiser (512) 703-5718 deborah.hiser@huschblackwell.com
Healthcare in the Crosshairs for Data Breaches April 22, 2015 1 Presenters Deborah Hiser (512) 703-5718 deborah.hiser@huschblackwell.com Ana Cowan (512) 703-5791 ana.cowan@huschblackwell.com Debbie Juhnke,
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationBEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security
BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security August 2014 w w w.r e d s p in.c o m Introduction This paper discusses the relevance and usefulness of security penetration
More information