Cyber-Security White Paper Final 1Q2013 Version. to HIT Commission Feb. 21, 2013
|
|
- Cornelia Richard
- 8 years ago
- Views:
Transcription
1 Cyber-Security White Paper Final 1Q2013 Version Recommended Priorities to HIT Commission Feb. 21, 2013
2 Background White Paper Origins June 2012 White paper development & security workshop Broad stakeholder involvement and authorship July 2012 through December 2012 Continued stakeholder involvement and reviews of draft January 2013 HIT Commission Meeting Draft Cyber-Security White Paper presented MiHIN tasked with prioritizing recommendations and producing Final 1Q2013 Cyber Security White Paper for February 2013 HIT Commission meeting
3 Prioritization Process Surveyed 50 experts and key stakeholders involved in developing/reviewing Cyber Security White Paper Respondents ranked recommendations as low, medium, high or essential priorities 26 responses received between Jan Feb % response rate Essential and high priorities recommended for action by HIT Commission and State being presented today
4 Recommendation Summary Section 7 Essential Priorities Conduct a risk assessment every (3) years Essential Establish a minimum set of safeguards Establish framework for identity management Develop and conduct an auditing program Develop an identity management infrastructure High Reduce financial burden with privacy and security compliance Endorse the National Institute of Standards and Technology (NIST) definitions of assurance levels These items are recommended for the HITC to act upon Medium Low 5 8
5 Recommendation Summary y 11 High Priorities Implement information security educational programs Essential Section Develop Level of Assurance (LOA) 3 roadmap Establish workgroup on security/privacy legislative issues Establish workgroup on establishing a Michigan Identity Trust Federation Build an Identity Trust Federation High Monitor Federal Trust Identity Federation efforts Fund HIE Identity Federation framework pilot Create a liability risk assessment program Provide online security risk assessment tool/audit service Endorse an Identity Trust Federation approach *These items are recommended for the HITC to act upon Medium Low 5 8
6 Proposed Next Steps HIT Commission determine essential and high priority recommendations to advance to the Director of MDCH Suggest a response requested by date Receive response from the Director of MDCH Review and act upon Director of MDCH response at next HIT Commission meeting
7 Questions? Contact Us: Timothy Pletcher Executive Director Jeff Livesay Associate Director Brian Seggie Brian Seggie Security Director / Chief Security Officer seggie@mihin.org
8 THANK YOU!
9 Essential and High Recommendations in Priority Order
10 Risk Assessment e and Mitigation Recommendation e o Section 5.3.1: Direct an entity designated by the State to develop a requirement that organizations exchanging health information should conduct a risk assessment every three (3) years and review all supporting policies and procedures annually. Priority rating = Essential
11 Security Baseline Recommendation Section 5.1.1: Direct an entity designated by the State to establish a minimum required set of safeguards (physical, administrative, i ti and technical) for all organizations that t engage in health information exchange. Priority rating = Essential
12 Identity ty Management age e Infrastructure Recommendation e o Section 6.2.1: The HIT Commission should work with appropriate organizations within the State of Michigan towards developing a formally accepted framework for identity management. Pi Priority it rating = Essential
13 Security Baseline Recommendation Section 5.1.2: Direct an entity designated by the State to develop and conduct an auditing program to enforce that organizations engaged in health information exchange have met a minimum set of security requirements. Qualified organizations should be audited every three (3) years. Priority rating = Essential
14 Identity ty Management age e Infrastructure Recommendation e o Section 6.2.2: The HIT Commission should work with appropriate organizations within the State of Michigan towards developing an identity management infrastructure that is both secure and interoperable across the all of the systems involved in statewide health information sharing that provides the ability to know what information is allowed to be shared and how information in one system may be exchanged with another system so that only those with appropriate rights can access information across systems. Priority rating = Essential
15 Addressing Violations Recommendation Section 3.2.1: Explore opportunities for entities participating in HIE to receive State of Michigan level protections to help reduce the financial i burden and costs associated with privacy and security compliance and data breach related issues. Priority rating = Essential
16 Assurance Levels Recommendation Section 6.1.1: The HIT Commission should formally endorse the National Institute of Standards and Technology (NIST) definitions of assurance levels. l Priority rating = Essential
17 Limitation of Liability Recommendations Section 3.1.1: Direct an entity designated by the State to create and implement information security educational programs (e.g., encryption of servers and portable devices), including an online resource center. Priority rating = High
18 Assurance Levels Recommendation Section 6.1.2: The HIT Commission should develop a roadmap for moving organizations to at least LOA #3 for all health information sharing activities iti that t fall into the HIPAA defined categories of Treatment, Payment, and Health Care Operations. Any such plans must provide reasonable and workable exemptions for emergency situations where human life is at risk. Priority rating = High
19 Training and Education Recommendation Section 5.2.5: Direct an entity designated by the State to develop an education and training program with a security risk and awareness curriculum to provide organizations that t exchange health information with options for implementing the framework requirements, social engineering techniques, and holding their users accountable for adhering to the safeguards. Priority rating = High
20 Chartering Additional Workgroups oups Recommendation e o Section 7.1.1: The HIT Commission should establish a working group on security and privacy legislative issues related to health information sharing. Priority rating = High
21 Chartering Additional Workgroups oups Recommendation e o Section 7.1.2: The HIT Commission should establish a working group on establishing a Michigan Identity Trust Federation to enable secure identity management for use in the Michigan HIE. Priority rating = High
22 Identity Trust Federation Recommendation Section 6.3.2: The HIT Commission should encourage the State of Michigan to endeavor to build an Identity Trust Federation that can operate and register as a Trust Framework Provider within the Federal Identity, Credentialing and Access Management (FICAM) Trust Framework Provider Adoption Process (TFPAP). This will allow identities within the Michigan HIE Identity Trust Federation to be trusted for access to systems operated by the Federal government such as those used for managing Medicare and Medicaid benefits. Priority rating = High
23 Identity Trust Federation Recommendation Section 6.3.3: The HIT Commission should establish a formal mechanism to continue to monitor Federal efforts such as National Strategy t for Trusted Identity in Cyberspace (NSTIC), which h is also developing models for trusted identity federations. NSTIC is strongly behind the idea of trust federations as the right model, as opposed to a single government operated identity management system. Priority rating = High
24 Chartering Additional Workgroups oups Recommendation e o Section 7.1.3: The HIT Commission should encourage funding for one or more pilot projects in establishing a framework for an HIE Identity Federation and working operational models for such an identity federation. Pi Priority it rating = High
25 Cyber Liability Recommendation Section 4.1.1: Direct an entity designated by the State to create a liability risk assessment program, based in part on the MiHIN sub- state t HIE security audit program and the Nebraska HIE model, where the entity designated by the State and/or its approved contractors shall offer the Risk Assessment Plus audit program. This audit program will provide organizations with the basic HIPAA risk assessment, a vulnerability penetration test and remediation services. Priority rating = High
26 Risk Assessment e and Mitigation Recommendation e o Section 5.3.2: Direct an entity designated by the State to provide an online security risk assessment tool and/or audit service (at an affordable fee). Said entity should also develop and issue a request for qualifications (RFQ) to identify companies that can conduct a risk assessment in accordance with established program requirements. Approved companies will provide to organizations that exchange health information and their participants/users online security risk assessment tools and/or auditing services as well as discounted rates when purchasing a full security audit. Priority rating = High
27 Identity Trust Federation Recommendation Section 6.3.1: The HIT Commission should endorse an Identity Trust Federation approach versus a centralized model. Priority rating = High
Final Recommendations for the HIT Commission
CHARTERED BY THE MICHIGAN HEALTH INFORMATION NETWORK SHARED SERVICES Health Information & Cyber Security In Michigan Final Recommendations for the HIT Commission First Quarter 2013 This white paper outlines
More informationMaintaining the Privacy of Health Information in Michigan s Electronic Health Information Exchange Network. Draft Privacy Whitepaper
CHARTERED BY THE MICHIGAN HEALTH INFORMATION NETWORK SHARED SERVICES MIHIN OPERATIONS ADVISORY COMMITTEE (MOAC) PRIVACY WORKING GROUP (PWG) Maintaining the Privacy of Health Information in Michigan s Electronic
More informationIdentity: The Key to the Future of Healthcare
Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital
More informationFederal Identity, Credential, and Access Management Trust Framework Solutions. Overview
Federal Identity, Credential, and Access Management Trust Framework Solutions Overview Version 1.0 02/07/2014 Questions? Contact the FICAM TFS Program Manager at TFS.EAO@gsa.gov 1 Table of Contents 1.
More informationExecutive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014
Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to
More informationTHE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY
THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions
More informationNational Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity
National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationNew York State Department of Financial Services. Update on Cyber Security in the Banking Sector: Third Party Service Providers
New York State Department of Financial Services Update on Cyber Security in the Banking Sector: Third Party Service Providers April 2015 Update on Cyber Security in Banking Sector: Third-Party Service
More informationReport: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business
S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business
More informationHIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com
HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions
More informationNIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions
More information[Year] State of Michigan MiHIN Shared Services Operational Plan
[Year] State of Michigan MiHIN Shared Services Operational Plan Table of Contents 1 Stakeholder Approvals...1 2 Executive Summary...1 2.1 Governance...2 2.2 Finance...2 2.3 Technical Infrastructure...3
More informationDepartment of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT
Department of Veterans Affairs VA DIRECTIVE 6510 Washington, DC 20420 Transmittal Sheet VA IDENTITY AND ACCESS MANAGEMENT 1. REASON FOR ISSUE: This Directive defines the policy and responsibilities to
More informationTo: CHIME Members From: CHIME Public Policy Staff Re: Summary - Interoperability Section (Sec. 3001) of the 21 st Century Cures Legislation
To: CHIME Members From: CHIME Public Policy Staff Re: Summary - Interoperability Section (Sec. 3001) of the 21 st Century Cures Legislation Purpose: Below is an overview of the section of the 21 st Century
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationIAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope
IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com
More informationHealth Information Technology
Background Brief on September 2014 Inside this Brief Terminology Relevant Federal Policies State HIT Environment, Policy, and HIT Efforts Staff and Agency Contacts Legislative Committee Services State
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationWorking Group on. First Working Group Meeting 29.5.2012
Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of
More informationIdentity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board
Federal CIO Council Information Security and Identity Management Committee Identity, Credential, and Access Management An information exchange For Information Security and Privacy Advisory Board Deb Gallagher
More informationHealthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council
Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,
More informationPreparing for HIPAA and Meaningful Use Compliance Audits
Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com
More informationLegislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence
Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence December 6, 2012 Michael Greenberger Professor of Law Founder and Director, CHHS Legislative Proposals Maryland
More informationHealthTECH Workforce Forum Presents: Electronic Health Records Adoption: Driving to 2015 and Beyond
HealthTECH Workforce Forum Presents: Electronic Health Records Adoption: Driving to 2015 and Beyond May 19 th, 2011 EHR Implementation Panel Moderator: Paula J. Magnanti, MT(ASCP) Founder & Managing Principal
More informationHealth Homes Implementation Series: NYeC Privacy and Security Toolkit. 16 February 2012
Health Homes Implementation Series: NYeC Privacy and Security Toolkit 16 February 2012 1 Agenda What are the New York ehealth Collaborative (NYeC) and the Regional Extension Center? What are Health Homes?
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More informationDEPARTMENT OF MEDICAL ASSISTANCE SERVICES VULNERABILITY ASSESSMENT AND NETWORK PENETRATION TEST JUNE 2009
DEPARTMENT OF MEDICAL ASSISTANCE SERVICES VULNERABILITY ASSESSMENT AND NETWORK PENETRATION TEST JUNE 2009 AUDIT SUMMARY Our vulnerability assessment and network penetration test of the Department of Medical
More informationState of Minnesota. Enterprise Security Program Policy. Office of Enterprise Technology. Enterprise Security Office Policy. Version 1.
State of Minnesota Enterprise Security Program Policy Office of Enterprise Technology Version 1.00 Approval: Gopal Khanna (Signature on file with the ESO) 06/22/2009 State Chief Information Officer Signature
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationHIPAA Audits Are Here!
HIPAA Audits Are Here! How to prepare for and what to expect when OCR comes knocking May 12, 2016 James B. Wieland, Principal, Ober Kaler Emily H. Wein, Principal, Ober Kaler David Holtzman, VP of Compliance,
More informationJuly 6, 2015. Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263
July 6, 2015 Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263 Re: Security Over Electronic Protected Health Information Report 2014-S-67
More informationWhat is required of a compliant Risk Assessment?
What is required of a compliant Risk Assessment? ACR 2 Solutions President Jack Kolk discusses the nine elements that the Office of Civil Rights requires Covered Entities perform when conducting a HIPAA
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationPast vs. Present: Third Party Risk
Past vs. Present: Third Party Risk Kevin O Sullivan and Hicham Chahine 3 rd Party Risk, Crowe Horwath LLP April 30th, 2015 Agenda Drivers pushing Third Party Risk Past vs. Present Events and Trends Vendor
More informationState Medicaid HIT Plan RFP #20100308. Responses to Submitted Questions. Section 1.1 of the RFP states in part the following.
State Medicaid HIT Plan RFP #20100308 Responses to Submitted Questions Question # RFP Section # RFP Page # Question Response Section 1.1 of the RFP states in part the following. 1 1.1 5 "This Request for
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 NARUC Winter Committee Meeting Committee & Staff Committee on Critical Infrastructure February 15,
More informationGuidance on Risk Analysis Requirements under the HIPAA Security Rule
Guidance on Risk Analysis Requirements under the HIPAA Security Rule Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationDEPARTMENT OF MEDICAL ASSISTANCE SERVICES VULNERABILITY ASSESSMENT AND NETWORK PENETRATION TEST FEBRUARY 2007
DEPARTMENT OF MEDICAL ASSISTANCE SERVICES VULNERABILITY ASSESSMENT AND NETWORK PENETRATION TEST FEBRUARY 2007 AUDIT SUMMARY Our vulnerability assessment and network penetration test of the Department of
More informationELECTRONIC HEALTH RECORDS. Nonfederal Efforts to Help Achieve Health Information Interoperability
United States Government Accountability Office Report to Congressional Requesters September 2015 ELECTRONIC HEALTH RECORDS Nonfederal Efforts to Help Achieve Health Information Interoperability GAO-15-817
More informationHow to Use the NYeC Privacy and Security Toolkit V 1.1
How to Use the NYeC Privacy and Security Toolkit V 1.1 Scope of the Privacy and Security Toolkit The tools included in the Privacy and Security Toolkit serve as guidance for educating stakeholders about
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationHealth Care - Meaningful Use of HITECH
Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center My Definition of Meaningful Use Processes and
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationInformation Security Program
Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationJoe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
More informationHEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY
More information1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection
U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to () require a State to report data under subsection (a); or () require a non-federal
More informationFollowing is a discussion of the Hub s role within the health insurance exchanges, the results of our review, and concluding observations.
Testimony of: Kay Daly Assistant Inspector General for Audit Services Office of Inspector General, U.S. Department of Health and Human Services Hearing Title: The Threat to Americans Personal Information:
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,
More informationNIST Cybersecurity Framework. ARC World Industry Forum 2014
NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy
More informationSingle Sign-On (SSO), Identity Exchange Hub, Remote Identity Proofing
Single Sign-On (SSO), Identity Exchange Hub, Remote Identity Proofing Brian Seggie Director of Security 1 Why are we doing this? Leverage large MICAM investment ($30 M) Improve identity verification to
More informationHEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES
HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare
More informationGuidance for Addressing Cybersecurity in the Chemical Sector. Version 2.0 December 2004
Guidance for Addressing Cybersecurity in the Chemical Sector December 2004 Legal and Copyright Notice The Chemical Industry Data Exchange (CIDX) is a nonprofit corporation, incorporated in the State of
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationTackling the Information Protection Essentials of Health Information Exchange. Carol Diamond, MD, MPH Managing Director, Markle Foundation
Tackling the Information Protection Essentials of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation Connecting for Health A Public Private Collaborative Convened and
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More informationGAO. HEALTH INFORMATION TECHNOLOGY Efforts Continue but Comprehensive Privacy Approach Needed for National Strategy. Testimony
GAO For Release on Delivery Expected at 2:00 p.m. EDT Tuesday, June 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Information Policy, Census, and National
More informationPrivacy Risk Assessments
Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationModerated by: Paul M. Schwartz Berkeley Law School Fourth Annual BCLT Privacy Forum March 13, 2015. Data Security Issues
Moderated by: Paul M. Schwartz Berkeley Law School Fourth Annual BCLT Privacy Forum March 13, 2015 Data Security Issues Roadmap I. Introduction: Data Security II. Top Three Data Security Issues or Trends
More informationU.S. Department of Energy Washington, D.C.
U.S. Department of Energy Washington, D.C. ORDER DOE O 206.2 Approved: SUBJECT: IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT (ICAM) 1. PURPOSE. To establish requirements and responsibilities for DOE s identity,
More informationNIST Cybersecurity Framework What It Means for Energy Companies
Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber
More informationRECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP
RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP 1. Identity Ecosystem Steering Group Charter The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy), signed by President
More informationSINGLE SIGN ON FOR HEALTHCARE PROVIDERS AND CONSUMERS
Use Case Summary NAME OF UC: SINGLE SIGN ON FOR HEALTHCARE PROVIDERS AND CONSUMERS Sponsor(s): Michigan Department of Community Health Date: 12/18/14 The purpose of this Use Case Summary is to allow Sponsors,
More informationHIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com
HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationThe CAG An Earthquake in Security Compliance and How Security Is Measured ALAN PALLER DIRECTOR OF RESEARCH SANS INSTITUTE APALLER@SANS.
The CAG An Earthquake in Security Compliance and How Security Is Measured ALAN PALLER DIRECTOR OF RESEARCH SANS INSTITUTE APALLER@SANS.ORG An Earthquake In Security Compliance The unpleasant wake up call
More informationEvaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
More informationThe President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.
The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The Executive Order calls for the development of a voluntary risk based Cybersecurity Framework
More informationSECURITY WEAKNESSES IN DOT S COMMON OPERATING ENVIRONMENT EXPOSE ITS SYSTEMS AND DATA TO COMPROMISE
FOR OFFICIAL USE ONLY SECURITY WEAKNESSES IN DOT S COMMON OPERATING ENVIRONMENT EXPOSE ITS SYSTEMS AND DATA TO COMPROMISE Department of Transportation Report No. FI-2013-123 Date Issued: September 10,
More informationHow To Understand And Understand The Benefits Of A Health Insurance Risk Assessment
4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationBuilding Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
More informationLibrary Guide: HIPAA
Library Guide: HIPAA Page 2 Table of Contents Overview...2 Course Descriptions: Privacy and Security Library: Business Practices to Protect Personal Health Information (HIPAA05)... 3 HIPAA: General Awareness
More informationGovernment Access to Personal Medical Information Task Force C.R.S 24-72-603 (as amended by HB 14-1323)
Government Access to Personal Medical Information Task Force C.R.S 24-72-603 (as amended by HB 14-1323) KATE KIEFERT, TASK FORCE CO-CHAIR RONNE HINES, TASK FORCE CO-CHAIR Agenda HB 14-1323 Key Objectives
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationHIPAA Audits and Compliance: What To Expect From Regulators and How to Comply
HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply October 18, 2013 ACEDS Membership Benefits Training, Resources and Networking for the ediscovery Community Exclusive News and
More informationHealth Information Technology
Background Brief on September 2012 Inside this Brief Federal Level State Level Privacy and Security Laws Finance Staff and Agency Contacts Legislative Committee Services State Capitol Building Salem, Oregon
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Human Resource (HR) and Security Awareness July 2014 Agenda Questions & Follow-Up Open Questions Policy Workshop Overview
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationNIST Cyber Security Activities
NIST Cyber Security Activities Dr. Alicia Clay Deputy Chief, Computer Security Division NIST Information Technology Laboratory U.S. Department of Commerce September 29, 2004 1 Computer Security Division
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationECRC Privacy and Security Subcommittee, DTC and TIF-S Recommendations for Five Central Security Program Initiatives
ECRC Privacy and Security Subcommittee, DTC and TIF-S Recommendations for Five Central Security Program Initiatives ECRC Subcommittee Web Application Vulnerability Scanning DTC (6/1/0) TIF (23/3/0) All
More informationEstablishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology
Establishing A Multi-Factor Authentication Solution Report to the Joint Legislative Oversight Committee on Information Technology Keith Werner State Chief Information Officer Department of Information
More informationLEVERAGING HEALTH INFORMATION EXCHANGE TO CREATE A CONNECTED CARE COMMUNITY
LEVERAGING HEALTH INFORMATION EXCHANGE TO CREATE A CONNECTED CARE COMMUNITY Sue Schade, MBA, FCHIME, FHIMSS Chief Information Officer University of Michigan Hospitals and Health Centers Objectives Why?
More informationApril 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC
April 28, 2014 Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC RE: Information Technology Sector Coordinating Council (IT SCC)
More information