Medicaid MITA: Innovative COTS solutions for IT Risk Management



Similar documents
Confidence in the Cloud Five Ways to Capitalize with Symantec

The Impact of HIPAA and HITECH

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Consulting Services for Veritas Storage Foundation

Optimizing the Data Center for Today s State & Local Government

Simplify Your Windows Server Migration

Veritas Cluster Server by Symantec

Small and Midsize Business Protection Guide

Data Sheet: Storage Management Veritas Virtual Infrastructure Bringing enterprise-class storage management to virtual server environments

Optimizing the Data Center for Today s Federal Government

Data Sheet: Disaster Recovery Veritas Volume Replicator by Symantec Data replication for disaster recovery

How To Monitor Your Entire It Environment

Data Sheet: Backup & Recovery Symantec Backup Exec 12.5 for Windows Servers The gold standard in Windows data protection

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

Leveraging a Maturity Model to Achieve Proactive Compliance

Cyber Security Services: Data Loss Prevention Monitoring Overview

Symantec NetBackup 7 Clients and Agents

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Mayur Dewaikar Sr. Product Manager Information Management Group Symantec Corporation

recovery at a fraction of the cost of Oracle RAC

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Data Sheet: Storage Management Veritas CommandCentral Storage 5.1 Centralized visibility and control across heterogeneous storage environments

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Veritas Cluster Server from Symantec

Payment Card Industry Data Security Standard

Enterprise Vault 10 Feature Briefing

Powering Linux in the Data Center

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Demystifying Virtualization for Small Businesses Executive Brief

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Veritas Replicator from Symantec

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Cloud Storage Backup for Storage as a Service with AT&T

Database Storage Management with Veritas Storage Foundation by Symantec Manageability, availability, and superior performance for databases

WHITE PAPER: HIGH CUSTOMIZE AVAILABILITY AND DISASTER RECOVERY

Virtual Machine Protection with Symantec NetBackup 7

MITA Information Series

Improve Backup Performance by Upgrading to Symantec Backup Exec 12.5 with Service Pack 2

Confidently Virtualize Business-critical Applications in Microsoft Hyper-V with Symantec ApplicationHA

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Symantec Backup Exec 2010

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

Altiris Server Management Suite 7.1 from Symantec

Veritas NetBackup 6.0 Server Now from Symantec

WHITE PAPER: ENTERPRISE SECURITY. Symantec Backup Exec Quick Recovery and Off-Host Backup Solutions

Taking the Leap to Virtualization

A Guide Through the BPM Maze

Data Sheet: Archiving Symantec Enterprise Vault Discovery Accelerator Accelerate e-discovery and simplify review

Solution Overview: Data Protection Archiving, Backup, and Recovery Unified Information Management for Complex Windows Environments

INFORMATION PROTECTED

Symantec NetBackup 7.5 for VMware

Best Practices for Managing Storage in the Most Challenging Environments

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

Altiris IT Management Suite 7.1 from Symantec

Symantec Enterprise Vault for Lotus Domino

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Mobile Management for Configuration Manager 7.2

V1.4. Spambrella Continuity SaaS. August 2

Injazat s Managed Services Portfolio

Solution Brief: Enterprise Security

Veritas NetBackup 6.0 Database and Application Protection

Altiris IT Management Suite 7.1 from Symantec

Data Sheet: Archiving Altiris Client Management Suite 7.0 from Symantec Deploy, manage, secure, and troubleshoot

Symantec Protection Suite Add-On for Hosted and Web Security

Minimize the impact of downtime and disruption. Replace time-consuming manual processes with fast, automated recovery.

Archiving, Backup, and Recovery for Complete the Promise of Virtualization

Data Sheet: Backup & Recovery Symantec Backup Exec System Recovery The Gold Standard in Complete Windows System Recovery

Data Sheet: Data Protection Veritas NetBackup 6.5 NetBackup Enterprise Server- Next Generation Data Protection

Deploying Global Clusters for Site Disaster Recovery via Symantec Storage Foundation on Infortrend Systems

INSIDE. Securing Network-Attached Storage Protecting NAS from viruses, intrusions, and blended threats

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Symantec Protection Suite Small Business Edition

Symantec Client Management Suite 8.0

Optimized data protection through one console for physical and virtual systems, including VMware and Hyper-V virtual systems

How To Buy Nitro Security

Symantec Backup Exec System Recovery

Symantec Server Management Suite 7.6 powered by Altiris technology

Sygate Secure Enterprise and Alcatel

Data Sheet: Endpoint Management Altiris Client Management Suite 7.0 Deploy, manage, secure, and troubleshoot

Host-based Protection for ATM's

How to Manage Critical Data Stored in Microsoft Exchange Server By Hitachi Data Systems

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

How To Protect Your Network From Attack From A Network Security Threat

Direct virtual machine creation from backup with BMR

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Reducing the cost and complexity of endpoint management

Protect Microsoft Exchange databases, achieve long-term data retention

Symantec AntiVirus Enterprise Edition

Instant Recovery for VMware

Symantec NetBackup Snapshots, Continuous Data Protection, and Replication

Transcription:

Medicaid MITA: Innovative COTS solutions for IT Risk Management

White Paper: COTS Solutions for MITA 2.0 Medicaid MITA: Innovative COTS solutions for IT Risk Management Contents Introduction to MITA & Symantec......................................................................... 1 MITA Technical Principles, Goals, and Objectives........................................................... 2 The Role of MITA's Service Oriented Architecture (SOA)..................................................... 3 How Are Services Built?.................................................................................. 3 The MITA Technical Capability Matrix (TCM)................................................................ 4 How Symantec Can Help.................................................................................. 5 1. Security and Privacy Compliance Automation............................................................ 5 2. High Availability & Disaster Recovery.................................................................... 6 3. Service Oriented Architecture.......................................................................... 8 4. Secure Web Interfaces................................................................................. 8 Summary............................................................................................... 9 Apendix A.............................................................................................. 10

Introduction to MITA & Symantec This paper provides an overview of the MITA Technical Architecture and discusses key areas of potential contribution to implementation of this framework from one the world's leading IT security and infrastructures software solution providers, Symantec. The goal of this paper is to facilitate discussion and familiarization of the Symantec Commercial Off-the-Shelf (COTS) offerings for those who find themselves charged with the implementation of anew MITA aligned Medicaid enterprise. Symantec understands that MITA is helping to foster integrated business and IT transformation across the Medicaid enterprise, putting business needs first in order to improve the administration of the Medicaid program, focusing on cost control, and is intended to improve interoperability for state Medicaid organizations. Briefly stated, the MITA Framework describes an approach for modernizing and improving Medicaid program business processes and IT infrastructure. It includes a logical Technical Architecture (TA) for the Medicaid enterprise to align the common elements of state implementations, thereby creating an infrastructure for information exchange. Based on this approach, Symantec helps MMIS developers seek to: Identify common requirements (i.e., Business Services and Technical Services) Develop implementation standards Identify and develop selected reusable components Create and maintain enterprise models Figure 1-1 describes the overall process for developing the MITA Technical Architecture. The web link below provides a further overview of MITA from the Centers for Medicare & Medicaid Services (CMS) http://www.cms.hhs.gov/medicaidinfotecharch/downloads/mitaoverview.pdf 1

Figure 1-1. Devloping the MITA Technical Architecture MITA Technical Principles, Goals, and Objectives The MITA technical Principles, Goals, and Objectives, simply put, support the creation of a new MITA aligned Medicaid enterprise that carries improvement of the state Medicaid program into the next generation and beyond. Technical principles will shape MITA's definition and a particular state's implementation of the Medicaid Enterprise Architecture. From the Symantec perspective, relevant technical principles include: Implementation neutral - states will continue to be responsible for selecting their own implementation technology (e.g., J2EE,.Net, etc.). Platform independent - application software and infrastructure components should be developed for reusability and platform independence. Adaptable, extensible, and scalable. Open technology and standards based - the advantages of standardization (e.g., data sharing and interoperability) should be leveraged. Security and privacy must be integrated and embedded throughout MITA. Interoperability standards are established and followed. Quality data is enabled to support good decision making. Current and proven technology is selected. 2

The Role of MITA's Service Oriented Architecture (SOA) Service-Oriented Architecture (SOA) is a software design strategy that packages common functionality and capabilities (referred to as services) with standard, well-defined service interfaces to provide formally described functions that can be invoked using a published service contract. A service can be built using new applications, legacy applications, COTS software, or all three. SOA meets the MITA objectives of reusability and interoperability. Over time, SOA will tie together the key features of MITA to achieve interoperability and data sharing across the Medicaid enterprise and ultimately among states and other data-sharing entities With SOA, business needs - not technology - drive the enterprise. The intent of SOA is to enable the user to think in a business-centric way without being concerned with the IT implications. Conversely, it enables the introduction of IT without "upsetting the applecart" of the enterprise business. How Are Services Built? To illustrate how services are built using SOA, Figure 3-6 shows some of the key pieces of a Business Service. Each service has an Interface Services Layer that includes security services which inspect incoming messages to verify that the message originator is authorized to invoke the service. For example, only designated Medicaid staff members are authorized to approve claims. 3

Figure 3-6. The General Structure of Business Services The MITA Technical Capability Matrix (TCM) Maturing a state's technical capability over time, and helping keep up with the constantly changing technical landscape is the charge of the MITA TCM. Technical capabilities are assigned to a maturity level based on the maturity level of the business process that they are enabling and on the MITA principles, goals, and objectives. Technical capabilities can affect multiple business processes but also provide benefits to stakeholders. While business capabilities are mapped to Business Services, technical capabilities are mapped to Technical Services. Technical capabilities are associated with IT solutions or enablers. MITA technical capabilities fall into categories and subcategories. The top-level categories are as follows: Business-enabling services Access channels Interoperability channels Data management and data sharing Performance measurement Security and privacy (S&P) Adaptability and extensibility 4

How Symantec Can Help Symantec is uniquely positioned to assist states by integrating mature and service oriented solutions to support the MITA Enterprise Service Bus in four key areas. 1. Security & Privacy Compliance Automation 2. High Availability and Disaster Recovery 3. Service Oriented Architecture (SOA) 4. Secure Web Interfaces In each of these areas, Symantec has demonstrated market leadership with COTS solutions that adapt to our customers' business needs. These solutions align with MITA's Principles, Goals, and Objectives by being: operating system and hardware independent adaptable, extensible, and scalable standards based and leveraging open technology current and proven technology A table of how these solutions map into specific MITA Technical Capabilities Matrix requirements is included in Appendix A 1. Security and Privacy Compliance Automation The MITA TA will increase the use of data and technical standards to improve the cost effectiveness of IT development. The use of data standards will promote data consistency and enhanced sharing through common data-access mechanisms. The use of technical standards (e.g., open standards) will help integrate COTS solutions and encourage reuse of solutions within and among states to reduce development costs and development risk. MITA defines security and privacy capabilities and weaves them into the TA. The MIT TA protects the Medicaid enterprise against known threats and, through evolution of the TA, respond to new threats. The MITA Framework does not include state-specific security and privacy concerns. Automation of the privacy and security compliance management functions can yield significant operating cost savings and reduced errors. Symantec delivers automation through the combination of the following COTS solutions: Symantec Control Compliance Suite (CCS) CCS helps maintain control of the shifting changes in the Medicaid enterprise that leaves the organization exposed to both internal and external security and privacy risks. It captures desired IT policies and then delivers automated compliance management against those policies. 5

Reduces the cost of compliance by automating the assessment of IT policies against industry regulations and best practices Scans for vulnerabilities that could allow for debilitating Denial of Service (DoS) attacks Produces reports that detail existing vulnerabilities and required remediation Pre-populated templates for national standards (HIPPA, etc) with flexibility to build templates for unique state requirements. Symantec Data Loss Prevention (DLP) DLP ensures the confidential data at the storage and network (data rest and in-motion) is identified, monitored and prevented from leaving the trusted network. This applies to data at-rest (in the data-base) as well as data in-motion (writes to a USB memory stick, copy into a spreadsheet, etc.) Discovers where confidential data is stored Monitors how confidential data is being used Block and logs policy violations Symantec Security Information Manager (SIM) SIM enables organizations to collect, store, and analyze log data as well as monitor and respond to security events to meet IT risk and compliance requirements. Compliance and audit reporting Log retention and retrieval Real-time threat analysis Symantec Critical System Protection (SCSP) SCSP is a multi-layer security solution for servers that detects abnormal system activities, as well as prevents and blocks viruses and worms, hacking attacks, and zero day vulnerability attacks. Exploit prevention techniques shield operating Systems, applications, and services by acceptable behaviors for each function Protects systems from misuse by authorized people and programs through system and device controls that lock down configuration settings, file systems, and the use of removable media 2. High Availability & Disaster Recovery Symantec delivers high availability and disaster recovery solutions via an adaptable, standards based approach across multiple O/S and hardware platforms for MITA's Enterprise Service Bus systems. Solutions include clustering for highly 6

available servers, data backup and recovery for speedy recovery of lost data, and storage management to minimize the costs associated with the data growth. Veritas Cluster Server (VCS) VCS is the industry's leading clustering solution for reducing both planned and unplanned downtime. By monitoring the status of applications and automatically moving them to another server in the event of a fault, VCS can dramatically increase the availability of an application or database. VCS addresses the following critical business service issues: Application and hardware failures resulting in lost revenue and productivity Need applications up and running 24X7 in a cost effective manner Disaster recovery/ business continuity plans to meet IT governance and compliance requirements Single architecture for local, metro area and wide area failover Veritas NetBackup (NBU) NBU delivers advanced disk-based data protection, archival, and recovery management that scales to protect the largest UNIX, Windows, Linux, and NetWare environments. NBU offers a single console for management of all backup and recovery operations. Advanced reporting on backup and recovery operations enables service level management of all protected data in your enterprise to enable data protection as a service offering supporting the MITA Enterprise Service Bus. Key NBU business services include: Integrated data archiving, migration, and retention capabilities Solutions to meet backup and recovery windows or SLAs Different islands of data protection according to business, service level, and location Minimized capital and operational costs for data storage and protection Storage Management Effective management of storage and server hardware can enhance MMIS system performance and reduce capital cost outlays for unnecessary hardware. Veritas Storage Foundation and Command Central provide valuable capabilities to manage cost and performance Veritas Storage Foundation (SF) SF provides a complete solution for heterogeneous online storage management. It includes a standard set of integrated tools to centrally manage explosive data growth, maximize storage hardware investments (including heterogeneous new and existing systems), provide data protection and adapt to changing business requirements. Storage Foundation helps solve the following critical business issues: 7

Reduction of point tools for storage management Automation of routine storage management tasks and data migration Tiered storage Reduction of planned and unplanned downtime Command Central Storage (CCS) VCC is a storage resource management solution that provides centralized visibility and control across physical and virtual heterogeneous storage environments. It includes a capacity planning solution enabling organizations to reclaim wasted storage and reduce capital and operational costs. Command Central Storage addresses critical business issues such as: Providing end-to-end visibility from application to spindle in physical and virtual server and storage environments Increasing storage utilization and reducing power costs Scalable, heterogeneous storage management across SAN (FC and iscsi), NAS and DAS environments including support for replication solutions like SRDF Improving storage operational efficiency and reduces risk and downtime 3. Service Oriented Architecture By definition, MITA is a Service-Oriented Architecture (SOA). It must be flexible to adopt data and industry standards and promote the development of new standards when needed. It must promote the use of data and technical standards to improve the cost effectiveness of IT development. It must adhere to technical standards, specifically open standards to facilitate integration of COTS solutions. Finally, it will need to address the developing national standards for health and data exchange. Symantec Management Platform Symantec Management Platform is an Open Collaborative Architecture with an integrated developer program to establish greater interoperability with Symantec solutions and provide customers and integrators with the ability to integrate their applications with the Symantec Management Platform offerings: Robust approach to interoperability and solution building Leverages standard Web services and workflow management 4. Secure Web Interfaces MITA standards facilitate the "Web 2.0" goal of extending web interfaces to members, providers, and other users of MMIS systems. However, security and privacy issues become significant when sensitive MMIS data is extended to these users, 8

especially when it extends beyond the secure confines of the network perimeter. Symantec addressed this concern by providing a highly secure application virtualization solution. Symantec Application Virtualization To optimize efficiency and usability, a Medicaid "Web 2.0" application needs to be able to extend system web access to the remote locations where providers, members and other users sit. Often, the greatest barrier to this capability is the concerns about the vulnerability of sensitive data when it is extended outside the secure perimeter of the MMIS enterprise. Symantec can provide maximum privacy protections to a secure a web client that is accessed from a "dirty" environment (a PC infected with malware, viruses, screen scrapers, etc. - and no VPN) and be fully protected from the malicious code. We do this through an endpoint virtualization solution that delivers all of the protections that reside within the secure MMIS network perimeter to the remote web session. The web client is also housed in a very safe shell that is not subject to vulnerabilities on the local machine. Through this approach, we can deliver the highest degree of protections to the sensitive information that is exchanged via remote web clients. Summary MITA is transforming the design, operations, and costs associated with running an MMIS system. Symantec can support this effort by profiding COTS solutions for: Keeping MMIS data highly available at a reasonable cost, even in the event of a catastrophic system failure. Providing automation to the ongoing processes associated with regulatory compliance for HIPPA, state privacy laws, and other regulations. Delivering a framework to fully implement a Service-Oriented Architecture (SOA) around the MMIS solution to optimize automation and reduce ongoing management cost. Maintaining highly secure web interfaces for members, providers, operators, and others users of the MMIS system. Symantec looks forward to collaborating in this vitally important area. Symantec invites discussion with all interested parties - government agencies, healthcare providers, other software providers, and consulting and integrator firms to enhance and achieve the MITA vision. 9

Apendix A 10

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. For specific country offices and Symantec World contact numbers, please visit Headquarters our website. 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA +1 (408) 517 8000 1 (800) 721 3934 www.symantec.com Copyright 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 8/2009 20052750

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information