iphones, ipads and HIPAA Compliance: A How To Guide

Similar documents
McAfee Enterprise Mobility Management

1 Mobile Device Management

Mobile Device Management for CFAES

Symantec Mobile Management 7.1

Symantec Mobile Management 7.2

Symantec Mobile Management for Configuration Manager 7.2

Athena Mobile Device Management from Symantec

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

CHIS, Inc. Privacy General Guidelines

MDM Mobile Device Management

Symantec Mobile Management 7.1

The User is Evolving. July 12, 2011

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Symantec Mobile Management Suite

How To Write A Mobile Device Policy

Total Enterprise Mobility. Norbert Elek

When enterprise mobility strategies are discussed, security is usually one of the first topics

Ensuring the security of your mobile business intelligence

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Managing Mobility. 10 top tips for Enterprise Mobility Management

Salmon Group, Inc. An 8(a) Certified, Veteran owned company

The Essential Security Checklist. for Enterprise Endpoint Backup

ForeScout MDM Enterprise

Embracing Complete BYOD Security with MDM and NAC

The ForeScout Difference

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider)

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Advanced Configuration Steps

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

SOTI Inc. Presents. Andrew Aldis - Presale and professional service engineer jayp@soti.net.

McAfee Enterprise Mobility Management

Cisco Mobile Collaboration Management Service

Mobile Device Management (MDM) Policies. Best Practices Guide.

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

The CIO s Guide to HIPAA Compliant Text Messaging

Quick Start Guide. Version R9. English

Mobile Device Management (MDM) Policies

Kony Mobile Application Management (MAM)

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

What We Do: Simplify Enterprise Mobility

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

How To Protect Your Mobile Devices From Security Threats

Wireless Infusion Pumps: Securing Hospitals Most Ubiquitous Medical Device

PMDP is simple to set up, start using, and maintain

Ensuring the security of your mobile business intelligence

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

AirWatch Solution Overview

IT Resource Management & Mobile Data Protection vs. User Empowerment

Good for Enterprise Good Dynamics

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

The Future of Mobile Device Management

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

BYOD and Its Impact on IT. Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment

Introduction to Centerprise International Limited

IBM Cognos Mobile Overview

M a as3 6 0 fo r M o bile D evice s

MAM - Mobile Application Management

How To Manage A Mobile Device Management (Mdm) Solution

HIPAA and HITECH Compliance for Cloud Applications

Dell World Software User Forum 2013

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Students Mobile Messaging Registration & Configuration

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

IBM Endpoint Manager for Mobile Devices

Mobile App Containers: Product Or Feature?

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

Mobile Device Management

Develop HIPAA-Compliant Mobile Apps with Verivo Akula

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

Service Definition Nine23 MDM

Research Information Security Guideline

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

ios Enterprise Deployment Overview

HIPAA Security Alert

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

A CIO s Guide To Mobility Management

Mobile Device Management and Security Glossary

Transcription:

Welcome iphones, ipads and HIPAA Compliance: A How To Guide

New Possibilities Create Challenge and Risk Possibility Risk Challenge

What We ll Explore Today Choosing a mobile device platform Instituting an IT mobility management framework Empowering healthcare IT to proactively identify and resolve HIPAA violations & provide proof of compliance

Attendee Profile

Possibility Choosing the Right Device

Mobile Devices Bring Utility for the Entire Organization Hospital Pharmacy Field Triage Homecare Teaching

Poll Question Which of the following tasks or capabilities do you plan for ipads/ ipods/iphones (select up to 3): Lab orders & results Clinical decision support Medical image viewing E-prescribing Prescription drug referencing General administration including billing, coding & claims

Best Fit Form factor Apps Cost

What s the Right Device?? Things to consider: Native data protection? Secure and flexible app distribution? Native integration with existing IT infrastructure? 9

Security Not All Devices are Equal

There s an App for That App Store for third party apps Reduces barriers to homegrown innovation 7000

Poll Question What is the expected timeframe for your ios pilot or deployment? Immediately Next 3 months Next 6 months Next 12 months Not sure

Challenge Instituting Mobility Management

Rapid Expansion of Mobility in Healthcare First Wave Mobility Second Wave Mobility Mobile Applications 1 è 10+ Mobile Platforms 1 è 5 Mobile Devices 5 è 50+ Enterprise Mobility Management Mobile Users 20% è 80% 14

Poll Question What management challenges do you anticipate as you roll out mobile devices such as the ipad (select up to 3)? Process for secure configuration and deployment Deploying and managing approved apps Ensuring mobility is auditable and compliant Identifying rogue or unauthorized devices Readying the Help Desk for support calls

Extending IT Control & Scale to Mobility EMM Enterprise Mobility Management provides a single point of control to proactively manage the entire mobile lifecycle for today and the future 7 steps to ready for the second wave of mobility 16

1. Adopt a Mobility Management Platform Key Considerations Mobility is key to the whole organization Diversity across devices & apps drives up complexity curve Recommendations Adopt a modular platform that is extensible over time new capabilities address new challenges Platforms integrate with existing IT infrastructure, people and process Group different classes of users & establish appropriate policies & procedures

2. Organize for Mix of Employee-Liable Devices Key Considerations Workers are using their own personal devices for work Most organizations have never allowed employee technology Recommendations Create formalized procedures & processes for allowing EL Create formal policy & enforce signed EULA agreements Use security software that controls ephi, but also preserve user s personal data Deploy Automated Asset Management to track & control

3. Organize for ipad in the Workforce Key Considerations Tablets present new opportunities for point-of-use Applications and LOB scenarios are driving demand These devices are more akin to smartphones then laptops Recommendations Tap your existing mobile IT specialists to support and roll out Provide cross-os tools and monitoring Extend existing laptop and mobile security standards

4. Organize for 2+ Devices per Mobilized Employee Key Considerations Smartphones, Tablets & Laptops are optimized for different tasks Tablets do not necessarily replace laptops, esp. content creation Users will want consistency of service across devices Seeing strong mix of iphone+ipad Recommendations Plan for most users having multiple devices Ensure approaches & technologies can easily accommodate

5. Organize for 2-3 Mobile Applications Key Considerations Expect strong demand for apps Mail-first will extend to LOB & Rolebased app requests Look to existing application portfolio for mobile app extensions Recommendations Deploy Application Catalog for OTA app management of internal apps and App Store Apps Deploy Asset Management to track & control Leverage device security for internal apps and native app security for third party apps

6. Organize for 2+ Support Issues per Mobile User Key Considerations Industry benchmarks show avg. organization has 2-4 issues per mobile user per year Service Desk teams typically have zero visibility into device status Service Desk teams lack training & access to myriad of devices & apps Recommendations Employ Tiered Mobility Support Strategy Deploy Automated Support Management

Console Visibility is Essential Automatically identifies specific failure with no manual hunting Alerts to detected problem 1-Click Fix-It to take action fast Simple step-by-step resolutions with embedded Best-Practice Knowledgebase 23

7. Organize for Managing Risk Key Considerations Typically cannot exactly match current PC-based policies & procedures Security capabilities moving targets & vary over time Recommendations Leverage AD/LDAP & extend existing policies Deploy Automated Security Management Deploy Automated Compliance Enforcement & Governance

Risk Ensuring HIPAA Compliance in Mobility

Mobile Security for Healthcare is Complex ephi universe is broad Data are individually identifiable if they include any of the 18 types of identifiers Hospital electronic patient records Hospital email & medical school email Homecare healthcare records Clinical drug trial results Device universe is diverse Different form factors, mobile operating systems and capabilities Security will vary by mobile operating system and vendor Devices can be owned by the employer or the employee

Security ROI Typical HIPAA Violation ~ $150,000

Poll Question What regulatory mandates apply to your organization (chose all that apply)? HIPAA GLBA FERPA Sarbanes-Oxley Pharma (FDA, DEA) Other

Mobility Assessment HIPAA Criteria Question Mobile Device Is all Electronic Protected Health Information (ephi) stored on a mobile device protected by password access and data 1 Workforce security encryption? 2 Security incident procedures 3 Contingency plan 4 Workstation security Are users required to report lost devices? Do you have backup and restore capabilities that ensures the integrity of ephi if the device is lost or damaged during an emergency or disaster? Do you limit network access based on user compliance with security policies? 5 Device and media control 6 Access control 7 Audit control 8 Integrity 9 Person or entity authentication 10 Transmission security If a device is lost or removed from service, do you wipe it to ensure that ephi is removed from the device? Do you have the ability to prevent users from installing third party applications on corporate devices? Have you implemented audit controls to record and examine activity on remote devices that contain or use ephi? Do you have security compliance management and reporting facilities to ensure that user compliance is maintained while also providing evidence for external HIPAA compliance audits? Does your authentication management solution for mobile devices support password policies beyond simple PIN or password? Do mobile devices use a secure VPN or SSL connection to transmit ephi over the internet?

Implementing HIPAA Security for Mobility

Automated Policy Management Apple APNS 2 1 Active Directory 3 MDM Server Leverage Active Directory for authentication, authorization and group-based policies Actions in Active Directory trigger policy updates to device Policies changes are transparent to the user 31

Native Security Enforcement Authentication & Authorization Access Control Data Protection Malware Protection Strong passcodes Digital certificates Keychain services Integration with RSA and other 3 rd party capabilities WiFi VPN Hardware encryption Wipe Encrypted backups Runtime protection Mandatory code signing 250+ Settings and Policies 32

Automated Compliance Management Monitor the device and back-end IT systems " " " Unmanaged devices Lost devices Rogue devices Devices out of IT spec User is unauthorized Tailored Actions by compliance violation Quarantine device Selective wipe Full wipe Notify user Notify IT stakeholders Incident Reports Archived Data for Audit & Compliance 33

Centrally Enforce & Track Security Compliance Automatically tracks & detects security & policy violations Automatically tracks & isolates rogue devices 34

Compliance Enforcement Spans All of IT Quickly identify compliance actions that have completed 1 Click Fix-It take next step actions as needed when user calls 35

Let s Review HIPAA Criteria Question Mobile Device 1 Workforce security Is all Electronic Protected Health Information (ephi) stored on a mobile device protected by password access and data encryption? Native Security 2 Security incident procedures Are users required to report lost devices? Proactive Compliance 3 Contingency plan Do you have backup and restore capabilities that ensures the integrity of ephi if the device is lost or damaged during an emergency or disaster? Encrypted itunes 4 Workstation security Do you limit network access based on user compliance with security policies? Automated Compliance 5 Device and media control 6 Access control 7 Audit control 8 Integrity 9 Person or entity authentication 10 Transmission security If a device is lost or removed from service, do you wipe it to ensure that ephi is removed from the device? Do you have the ability to prevent users from installing third party applications on corporate devices? Have you implemented audit controls to record and examine activity on remote devices that contain or use ephi? Do you have security compliance management and reporting facilities to ensure that user compliance is maintained while also providing evidence for external HIPAA compliance audits? Does your authentication management solution for mobile devices support password policies beyond simple PIN or password? Do mobile devices use a secure VPN or SSL connection to transmit ephi over the internet? Automated Compliance Native Security & Automated Compliance Automated Compliance Automated Compliance Third party apps Native Security

BoxTone Meets All of Your Mobility Needs Automated Security and MDM for HIPAA Compliance Auto-enforce security on employee devices Auto-detect compliance violations, quarantine & selective wipe OTA self-provisioning of devices OTA App deployment via enterprise app catalog Full reporting for compliance verification and auditing Full Lifecycle Management for Scale and Control Single point of control Automated Level 1-3 support Mobile Analytics to optimize performance and ensure high reliability 37

Our Customers Have Made Us the Industry Standard Healthcare BCBS Kaiser Permanente MD Anderson UPMC US Army Medical Veterans Affairs Medical Suppliers Abbott Bristol-Myers Squibb Eli Lilly McKesson Merck Roche Government California OIT EPA House of Reps Justice Department Ontario State Department Financial Services Barclays Citi JPMC Lincoln Financial PNC Wells Fargo MSP & Outsourcing CSC Dell (Perot) Deloitte HP Services IBM Global Services Xerox (ACS) Retail & Media COX ebay News Corp/Fox Staples Virgin Media Houghton Mifflin Energy & Utilities Constellation Energy Exelon Mirant SCANA WE Energies Westar Energy Manufacturing Bombardier Caterpillar Henkel Honeywell Northrop Grumman Texas Instruments

Get This How To Guide Mobile Security for HIPAA Compliance

Questions? Dan Dearing Group Director, Mobile Strategies BoxTone ddearing@boxtone.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information