CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information

Transcription

1 September 14, 2010 CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information 2010 Kroll Ontrack Inc.

2 Agenda Introduction 1

3 Agenda Introduction About AHA Solutions 2

4 Agenda Introduction About AHA Solutions Why Safeguard PHI with Data Eraser and Recovery? 3

5 Agenda Introduction About AHA Solutions Why Safeguard PHI with Data Eraser and Recovery? Protecting Personal Healthcare Information (PHI) 4

6 Agenda Introduction About AHA Solutions Why Safeguard PHI with Data Eraser and Recovery? Protecting Personal Healthcare Information (PHI) Patient Data Security and Protection 5

7 Agenda Introduction About AHA Solutions Why Safeguard PHI with Data Eraser and Recovery? Protecting Personal Healthcare Information (PHI) Patient Data Security and Protection 100% Accessibility to Patient Records 6

8 Agenda Introduction About AHA Solutions Why Safeguard PHI with Data Eraser and Recovery? Protecting Personal Healthcare Information (PHI) Patient Data Security and Protection 100% Accessibility to Patient Records Data Management Regulations and Compliance 7

9 Introduction Today s Presenters TBD, AHA Solutions Ken Gibson, Kroll Ontrack Purpose Enhance the security of personal healthcare information (PHI) 8

10 Introduction Today s Presenters TBD, AHA Solutions Ken Gibson, Kroll Ontrack Purpose Plan Enhance the security of personal healthcare information (PHI) Use data destruction and data recovery practices 9

11 Introduction Today s Presenters TBD, AHA Solutions Ken Gibson, Kroll Ontrack Purpose Plan Payoff Enhance the security of personal healthcare information (PHI) Use data destruction and data recovery practices Mitigate organizational risk and increase patient safety and protection 10

12 About AHA Solutions AHA Solutions, Inc. is a resource to hospitals pursuing operational excellence 11

13 About AHA Solutions AHA Solutions, Inc. is a resource to hospitals pursuing operational excellence As an American Hospital Association (AHA) member service, AHA Solutions collaborates with hospital leaders and market consultants to conduct product due diligence and identify solutions to hospital challenges in the areas of finance, human resources, patient flow and technology 12

14 About AHA Solutions The American Hospital Association has awarded Kroll Ontrack exclusive endorsement of its data erasure and data recovery solutions 13

15 About AHA Solutions The American Hospital Association has awarded Kroll Ontrack exclusive endorsement of its data erasure and data recovery solutions Scalability Variety of products/services 14

16 About AHA Solutions The American Hospital Association has awarded Kroll Ontrack exclusive endorsement of its data erasure and data recovery solutions Scalability Variety of products/services Verification tools Ensuring erasure and recovery (including encryption of recovered data) 15

17 About AHA Solutions The American Hospital Association has awarded Kroll Ontrack exclusive endorsement of its data erasure and data recovery solutions Scalability Variety of products/services Verification tools Ensuring erasure and recovery (including encryption of recovered data) Comprehensive data management solutions One-stop shop 16

18 About AHA Solutions The American Hospital Association has awarded Kroll Ontrack exclusive endorsement of its data erasure and data recovery solutions Scalability Variety of products/services Verification tools Ensuring erasure and recovery (including encryption of recovered data) Comprehensive data management solutions One-stop shop Ability to respond rapidly to large-scale, emergency situations Customer service and dedicated account teams 17

19 Why Safeguard PHI with Data Destruction and Recovery? Mitigate Risks and Vulnerabilities Save Costs Increase Efficiencies Protect Patients Evade data breach Circumvent insurance fraud Avert treatment malpractice Prevent patient identity theft Prevent security breach costs Minimize downtime Reduce regulatory compliance penalties and fees Streamline data disaster emergency preparedness Assist with regulatory compliance Direct and fast track access to solutions Enable 100% accessibility to patient records Prevent unauthorized access to records Increase patient quality care and safety 18

20 Protecting Personal Healthcare Information Risks In hospitals alone, over 1.5 million names were exposed during data breaches in 2006 and 2007 (HIMSS Analytics) 19

21 Protecting Personal Healthcare Information Risks In hospitals alone, over 1.5 million names were exposed during data breaches in 2006 and 2007 (HIMSS Analytics) Studies place the average cost of a data breach as high as $6.3 million per incident (HIMSS Analytics) 20

22 Protecting Personal Healthcare Information Risks In hospitals alone, over 1.5 million names were exposed during data breaches in 2006 and 2007 (HIMSS Analytics) Studies place the average cost of a data breach as high as $6.3 million per incident (HIMSS Analytics) Security breaches where sensitive data is stolen cost U.S. corporations $250 billion annually (U.S Commerce Dept.) 21

23 Protecting Personal Healthcare Information Data Breach Case Studies Examples of recent security breaches that could have been avoided if data had been properly erased: British Telecommunications (BT) Study BBC documentary Drives purchased at auctions included confidential data Discovered payroll info, business s, employee names/photos Sensitive data on old hard drives Bank account information sold for less than 20 22

24 Protecting Personal Healthcare Information Prevention 90 percent of all security breaches are self-inflicted and avoidable (Gartner) 23

25 Protecting Personal Healthcare Information Prevention 90 percent of all security breaches are self-inflicted and avoidable (Gartner) Large U.S. companies spent approximately $60 billion on IT security in 2006 (Info-Tech Research Group) 24

26 Protecting Personal Healthcare Information Prevention 90 percent of all security breaches are self-inflicted and avoidable (Gartner) Large U.S. companies spent approximately $60 billion on IT security in 2006 (Info-Tech Research Group) Despite IT security advances, critical risks remain 25

27 Protecting Personal Healthcare Information Prevention 90 percent of all security breaches are self-inflicted and avoidable (Gartner) Large U.S. companies spent approximately $60 billion on IT security in 2006 (Info-Tech Research Group) Despite IT security advances, critical risks remain Most organizations underestimate true impact and frequency of data breach 26

28 Protecting Personal Healthcare Information Vulnerabilities Unauthorized access to personal healthcare information can be used to Collect insurance payments for services never received Secure treatment for someone other than the insured individual Steal patient identity and engage in other fraudulent acts 27

29 Protecting Personal Healthcare Information Patient Expectations Patients expect their sensitive medical information to be well protected and accessible 28

30 Protecting Personal Healthcare Information Patient Expectations Patients expect their sensitive medical information to be well protected and accessible When expectation of privacy is breached, patients lose confidence 29

31 Protecting Personal Healthcare Information Patient Expectations Patients expect their sensitive medical information to be well protected and accessible When expectation of privacy is breached, patients lose confidence 100% accessibility to patient records is crucial to avoid vulnerabilities 30

32 100% Accessibility to Patient Records Challenges Losing access to data due to system or drive failures, accidental deletion or natural disasters is common 31

33 100% Accessibility to Patient Records Challenges Losing access to data due to system or drive failures, accidental deletion or natural disasters is common The amount of electronic data hospitals store has increased exponentially over the past few years 32

34 100% Accessibility to Patient Records Challenges Losing access to data due to system or drive failures, accidental deletion or natural disasters is common The amount of electronic data hospitals store has increased exponentially over the past few years Proactively planning for a data loss dramatically reduces downtime when a data loss event occurs 33

35 100% Accessibility to Patient Records Challenges Losing access to data due to system or drive failures, accidental deletion or natural disasters is common The amount of electronic data hospitals store has increased exponentially over the past few years Proactively planning for a data loss dramatically reduces downtime when a data loss event occurs Having the right data at the right time can mean saving a patient s life! 34

36 Data Management Regulations and Compliance Given patient privacy requirements, protecting sensitive data is of the utmost importance to healthcare organizations 35

37 Data Management Regulations and Compliance Given patient privacy requirements, protecting sensitive data is of the utmost importance to healthcare organizations Both HIPAA and the HITECH Act are focused on the security of data and protecting Personal Healthcare Information (PHI) 36

38 Data Management Regulations and Compliance Given patient privacy requirements, protecting sensitive data is of the utmost importance to healthcare organizations Both HIPAA and the HITECH Act are focused on the security of data and protecting Personal Healthcare Information (PHI) Healthcare providers face many unique challenges with technological advancements and meeting regulatory compliance standards 37

39 Data Management Regulations and Compliance Many legal standards contain penalties and fees for noncompliance 38

40 Data Management Regulations and Compliance Many legal standards contain penalties and fees for noncompliance The need to be compliant around healthcare is constantly growing 39

41 Data Management Regulations and Compliance Many legal standards contain penalties and fees for noncompliance The need to be compliant around healthcare is constantly growing Healthcare organizations need to mitigate the risks of unauthorized exposure to private patient data 40

42 Summary 2010 Kroll Ontrack Inc.

43 Summary Personal healthcare information (PHI) is critically vulnerable Readily accessible to the right people at the right time (recovery) Unattainable to the wrong people at all times (erasure) 42

44 Summary Personal healthcare information (PHI) is critically vulnerable Readily accessible to the right people at the right time (recovery) Unattainable to the wrong people at all times (erasure) Patient data security and protection procedures are crucial Unauthorized access to data jeopardizes patient care and safety Displaced treatment Misdiagnosis Improper medical procedures performed on wrong patient Patient identity fraud 43

45 Summary Healthcare organizations need 100% accessibility to patient records Missing data impacts process efficiencies Inaccessible data reduces hospitals ability to provide proper, timely patient care 44

46 Summary Healthcare organizations need 100% accessibility to patient records Missing data impacts process efficiencies Inaccessible data reduces hospitals ability to provide proper, timely patient care Data management regulations and compliance requirements are increasing and becoming far more complex Emergency preparedness and disaster recovery planning is a must 45

47 Summary Healthcare organizations need 100% accessibility to patient records Missing data impacts process efficiencies Inaccessible data reduces hospitals ability to provide proper, timely patient care Data management regulations and compliance requirements are increasing and becoming far more complex Emergency preparedness and disaster recovery planning is a must By having a simple data destruction and data recovery plan in place, your organization and patients will be protected. 46

48 Goals and Solutions 2010 Kroll Ontrack Inc.

49 Goals and Solutions Raise awareness in your organization about vulnerabilities associated with personal healthcare information (PHI) 48

50 Goals and Solutions Raise awareness in your organization about vulnerabilities associated with personal healthcare information (PHI) Keep data secure and out of the wrong hands Implement simple techniques for protecting and securing patient data via data destruction 49

51 Goals and Solutions Keep patient records 100% accessible Lost data can be recovered! is better than a cure 50

52 Goals and Solutions Keep patient records 100% accessible Lost data can be recovered! is better than a cure Develop a simple and streamlined data disaster emergency preparedness plan Hospitals need a recovery plan to overcome vulnerabilities and interruptions 51

53 Goals and Solutions Benefits A secure data destruction tool will: Keep data out of the wrong hands Reduce risks of data breach Enhance patient data protection and security Increase patient quality care and safety Assist with regulatory compliance 52

54 Goals and Solutions Benefits A secure data destruction tool will: Keep data out of the wrong hands Reduce risks of data breach Enhance patient data protection and security Increase patient quality care and safety Assist with regulatory compliance 100% accessibility to patient records through a data recovery plan will: Enhance patient data protection and security Increase patient quality care and safety Assist with regulatory compliance 53

55 Closing 2010 Kroll Ontrack Inc.

56 About Kroll Ontrack Kroll Ontrack provides technology-driven solutions to help organizations protect, recover, search, analyze and present data efficiently and cost effectively Data eraser Data recovery As well as paper and electronic discovery, computer forensics, ESI consulting and trial and presentation services 55

57 About Kroll Ontrack Kroll Ontrack provides technology-driven solutions to help organizations protect, recover, search, analyze and present data efficiently and cost effectively Data eraser Data recovery As well as paper and electronic discovery, computer forensics, ESI consulting and trial and presentation services Kroll Ontrack helps clients manage information in preparation of, or response to, a dispute or incident 56

58 About Kroll Ontrack World s largest data recovery service provider Ontrack Data Recovery Offices in 20+ countries; including multiple U.S. locations More than 150 data recovery engineers worldwide Remote, in-lab and on-site recovery options 24/7 data recovery service and customer support 57

59 About Kroll Ontrack World s largest data recovery service provider Ontrack Data Recovery Offices in 20+ countries; including multiple U.S. locations More than 150 data recovery engineers worldwide Remote, in-lab and on-site recovery options 24/7 data recovery service and customer support Most comprehensive data eraser solution suite Ontrack Eraser for secure data destruction Do-it-yourself software Data eraser services Degausser hardware 58

60 It s not a matter of if an incident will occur, but when... Are you prepared? Protect your healthcare organization from becoming the next headline! 59

61 Benefits for Hospitals and Healthcare Organizations Data Recovery & Erasure Solutions Data Protection ADVANTAGE Program for Healthcare Free media evaluations and reports 15% membership discounts on data recovery services 5 free hard drive eraser services with every 25 eraser services purchased Data recovery and data eraser software discounts Free consulting and 24/7 service Media disposal and recycling Access to online tools Membership ID for quick, streamlined service Expedited service for AHA members Streamlined procurement process 60

62 Contact Information Get Prepared For more information about data eraser or data recovery Call: Click: Stay Prepared Activate your free membership Data Protection ADVANTAGE Program for Healthcare Organizations Call: Ken Gibson Click: 61

63 2010 Kroll Ontrack Inc.