Implemen'ng an Enterprise Framework for Secure Health Data Exchange

Transcription

1 Implemen'ng an Enterprise Framework for Secure Health Data Exchange Gregory Franklin, Assistant Secretary, California Technology Agency Jim Rose, Deputy CIO, Indiana Office of Technology Robert Myles, NaEonal PracEce Manager, Symantec, Moderator

2

3 CharacterisEcs of a Brave New World Relentless Threats Targeted Threats

4 Most Dangerous New Threat Vectors ExploiEng personal informaeon on profile pages Lead to a malware- hosted site from a legiemate social website 97% of the Eme Malicious code spreading by sending direct messages and status updates 315 mobile vulnerabiliees discovered in 2011 (up 93%) Mobile malware collects personal data, tracks locaeons, sends text messages 96% of lost phones result in data breach

5 50% 2, % 1 to 2,500 50% Employees 2,501+ 2% 3% 5% 9% 1,501 to 2,500 1,001 to 1, to 1, to % 1 to % in 2011 " Greatest growth in 2012 is at companies with <250 employees

6 Cyber Security Spend Most States spend approximately 1.5% of their overall IT budget on cyber security as compared to Private Sector who spends on average approximately 15% of the IT budget. US Federal Government spend: 18% of IT budget ($76B) Source: OMB Oversight Report 2012 Banks and Financial sector: 15% of IT budget Source: IDC- Intelligent Economy and State of Security Report

7 Public Sector Landscape South Carolina Department of Revenue 6.4 million records exposed. Approximately $25M to remediate Utah 780,000 people affected afer hacker breaks into server due to configuraeon error. Approximately $30M to remediate Alaska - $1.7M payout afer hard drive is stolen containing Medicaid beneficiary informaeon Pennsylvania Misplaced USB drive containing PHI for 280,000 Medicaid recipients. Fines Pending Breach Cause Web- based 17% Phishing 22% SQL injeceon 28% Thef of data- 28% Criminal Insider 33% Viruses, 50% 0% 20% 40% 60% States have the responsibility of protec'ng their cons'tuent s iden''es and their informa'on

8 Changes In Working Style 1 80% 2 65% 3 52% New apps deployed in the cloud Enterprises allow mobile access to their network Workers use three or more devices Sources: 1. IDC PredicEons 2012: CompeEng for 2020, Frank Gens, IDC, December The Impact of Mobile Devices on InformaEon Security: A Survey of IT Professionals, Check Point, January Info Workers Using Mobile And Personal Devices For Work Will Transform Personal Tech Markets, Frank E. Gillej, Forrester Research, February 22, 2012

9 BYOD Full Control Info/App Access Only Managed Unmanaged Current State M Corp PCs 300M Smartphones 15M Tablets M Corp PCs 293M Personal PCs 1017M Smartphones 326M Tablets Desired State App- Centric Device- Centric Organiza'on- owned Personally owned Devices Data Sources: Gartner, & IDC

10 Social Media

11 The strategies of the past will not support the infrastructure of today and for the future FERPA GLBA SOX FISMA HIPAA Privacy HIPAA Security PCI ARRA/HITECH HIPAA Omnibus Rule

12 Implementing an Enterprise Framework for Secure Health Data Exchange (State MMIS, HIE, HIX Environments) Gregory A Franklin Assistant Secretary California Technology Agency

13 We Are Digital!

14 92% of breaches are perpetrated by outsiders Insiders are risk 80% of the all

15 CalHEERS Concept of Operations CA- HBEx Federal Interfaces 1 1 Enter system through Web Portal, Create, Update, or delete Qualified health plans Consumers 3 Provide QHP Data to CMS 2 CalHEERS Business Process Consumer Assistance Web- Portal Update QHP information based on submission from CA- HBEx Eligibility & Enrollment CalHEERS Proposed Architecture 4 SHOP Service Center Provide QHP Data to the Web Portal Plan Management Financial Management 5 6 Send Surveys to Enrollees Provide Survey Results or online feedback Existing Systems CalHEERS Business Services Security Verification Eligibility Payment Content Correspondence Reporting Data Exchange Technical Services Standards CalHEERS Data Services Client Index SHOP Case Data Index Issuer QHP User Index Financial Data 7 8 Process Consumer Complaints Receive and Review Compliance Data Other CA Dept. CA- HBEx CDI DMHC

16

17 CalHEERS SHOP Employer Federal Interfaces 1 Enter System via phone, mail, broker, navigator, or online Supporting Systems Web- Portal Service Center Navigator Broker Issuers Existing Systems 4 2 Verify EIN of Employer if not in State database Employer, Services Center worker, Navigator or Broker enter application information CalHEERS Business Process Consumer Assistance CalHEERS Business Services Security Verification Eligibility Payment Content Correspondence Reporting Data Exchange Technical Services Standards 5 Eligibility & Enrollment Provide Employer Application Results and Health Plan options CalHEERS Proposed Architecture SHOP 6 Browse, Compare and Select a QHP(s) Plan Management CalHEERS Data Services Client Index SHOP Case Data Index Issuer QHP 7 Financial Management User Index Financial Data Provide Enrollment Data to Issuers 3 Verify Employer EIN and address MEDS SCI CA- MMIS IEVS Other CA Dept. CA- HBEx FTB EDD

18 Implemen'ng an Enterprise Framework for Secure Health Data Exchange Jim Rose Deputy CIO Enterprise Architecture, Database and Storage Services State of Indiana Office of Technology

19 State of Indiana Approach ConsolidaEon of IT Policy, Assets, Framework ReducEon of surface area CoordinaEon within and outside State government IT Director / Technology Roadmap commijees Statewide, coordinated project review commijee Data sharing agreements HIE coordinaeon State university partnerships MS- ISAC Vigilance Cycle of conenual improvement