HIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com



Similar documents
Cloud Data Security. Sol Cates

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

Using Encryption and Access Control for HIPAA Compliance

The Impact of HIPAA and HITECH

HIPAA and HITECH Compliance for Cloud Applications

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist.

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

The Challenges of Applying HIPAA to the Cloud. Adam Greene, Partner Davis Wright Tremaine LLP

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

COMPLIANCE ALERT 10-12

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA COMPLIANCE AND

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

HIPAA Violations Incur Multi-Million Dollar Penalties

efolder White Paper: HIPAA Compliance

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

The Basics of HIPAA Privacy and Security and HITECH

Overview of the HIPAA Security Rule

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA Compliance and the Protection of Patient Health Information

Joe Dylewski President, ATMP Solutions

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

HIPAA Compliance Guide

Isaac Willett April 5, 2011

HIPAA Compliance Guide

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Healthcare Compliance Solutions

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

HIPAA Compliance: Are you prepared for the new regulatory changes?

Lessons Learned from HIPAA Audits

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

SECURETexas Health Information Privacy & Security Certification Program FAQs

Securing Oracle E-Business Suite in the Cloud

HIPAA Security Rule Compliance

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives

HIPAA/HITECH Compliance Using VMware vcloud Air

Vormetric Encryption Architecture Overview

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

The HIPAA Security Rule: Cloudy Skies Ahead?

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

Datto Compliance 101 1

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

HIPAA BUSINESS ASSOCIATE AGREEMENT

OCR/HHS HIPAA/HITECH Audit Preparation

WHITEPAPER Complying with HIPAA LogRhythm and HIPAA Compliance

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

New HIPAA regulations require action. Are you in compliance?

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

University Healthcare Physicians Compliance and Privacy Policy

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment

HIPAA PRIVACY AND SECURITY AWARENESS

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

SECURITY RISK ASSESSMENT SUMMARY

HIPAA Privacy and Security

HIPAA, PHI and . How to Ensure your and Other ephi are HIPAA Compliant.

Vendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire

Cloud Computing and HIPAA Privacy and Security

Introducing the NASW Updated Sample HIPAA Privacy Forms and Policies

Secure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC

Transcription:

HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com

Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide No: 2 Copyright 2014 Vormetric, Inc. All rights reserved.

HIPAA/HITECH Act Requirements Notify individuals of breach of unsecured health information Information is only secured if it is encrypted or destroyed Encryption must meet NIST 800-111 encryption requirements Keys must be kept on a separate device than the data Only FIPS approved encryption algorithms can be used Omnibus Rule - Expands HIPAA requirements to business partners of payers, providers and clearinghouses

Potential Consequences of Non-Compliance: Increased Enforcement and Penalties (fines) HITECH Act included provisions for increased enforcement of HIPAA Privacy and Security Rules: Requires HHS to formally investigate any complaint of a violation of HIPAA if a preliminary investigation indicates a possible violation due to willful neglect, and to impose civil penalties for these violations. Allows state Attorneys General to bring civil actions in federal court on behalf of state residents if there is reason to believe that the interest of one or more residents has been threatened or adversely affected by a person who violates HIPAA.

My Simple View of the World

Where is the Data? Data Centers Physical Virtual Outsourced Clouds Private, Public, Hybrid Multiple vendors Trial Analysis Research PHI Credit Cards HR Files Finance Files Customer Stats Contracts Call Records Customer Records Plans Source Code Big Data Sources Nodes Results Physical Servers Local offices and retail locations Labs

Challenges in complying with HIPAA/HITECH The security requirements, taken independently of one another, can prove costly and time-consuming to implement adequately. Typically, various solutions may have to be integrated to provide adequate protection for dispersed data and implementations can prove to be very complex. Protecting unstructured data. While some types of data, such as credit card data or social security numbers, can be readily located and protected, unstructured data frequently found in EMRs can be more difficult to protect. The data may consist of a variety of file types. Patient record forms, medical imagery files, and other file types that are not easily protected due to being highly distributed environments. Controlling access to ephi while encryption protects data, robust policy and encryption key management is required to prevent unauthorized access or disclosure of PHI.

Simplifying with Vormetric Slide No: 8 Copyright 2014 Vormetric, Inc. All rights reserved.

Partnerships and Certifications Assures high performance and confidence Slide No: 9 Copyright 2014 Vormetric, Inc. All rights reserved.

Vormetric Data Security Platform Solves inefficiencies of point product solutions Vormetric Transparent Encryption Vormetric Application Encryption and Tokenization with Dynamic Data Masking Structured Databases Big Data File and Volume Level Encryption Access Control Audit Logs Vormetric Cloud Encryption Gateway S3 and Box Encryption, Control, Audit Trails Unstructured Files Applications Big Data Field Level Data Encryption Field Preserving Tokenization with Dynamic Data Masking Vormetric Security Intelligence Splunk HP ArcSight IBM QRadar LogRhythm PaaS, IaaS, SaaS Intel Security ESM FireEye TAP Vormetric Key Management KMIP Compliant Oracle and SQL Server TDE Certificate Storage Vormetric Data Security Manager Key and Policy Manager

Data Security as a Service Offerings Vormetric Cloud Partners With Vormetric, we ve added new capabilities to extend data security practices to our customer implementations across our managed cloud platform. John Engates CTO Slide No: 11 Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Using Vormetric to Comply with HIPAA HITECH A comprehensive solution for protection of ephi in any environment on any data. Applications, file types, and even operating systems. Structured and unstructured data, including big data and databases (DB2, Oracle, SQL, Informix etc.) Private, Public and Hybrid Clouds Vormetric Data Encryption offers: Strong data security controls, leveraging both encryption and policy-based access controls, separation of duties Auditing Capabilities Heterogeneous systems Managed via a centralized policy and key management console Whitepaper: http://enterprise-encryption.vormetric.com/wp-simplifying-hipaa-hitechcompliance.html

Questions? Sol Cates CSO @solcates scates@vormetric.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information