Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
David Assee BBA, MCSE Florida International University
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Regulations What do you need to know?.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Privacy and Security Risks in Higher Education
Information Security Technological Security Implementation and Privacy Protection.
PCI requirements in business language What can happen with the cardholder data?
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA COMPLIANCE WITH DELL
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.
Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Utilizing the CMS Security Risk Assessment Tool Liz Hansen, PCMH CEC, ICD-10 PMC Special Consultant, GA-HITEC Member Manager, GaHIN
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
MU and HIPAA Compliance 101 Robert Morris VP Business Services Ion IT Group, Inc
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Small Business Security Keith Slagle April 24, 2007.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Computer Security By Duncan Hall.
Health Insurance Portability and Accountability Act By Bradley Gleich.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
How to Survive a HIPAA Audit Compliance Counsel February 2014.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
PHI Breach PHI Breach Dealing Breach With HIPAA Guidelines Guidelines.
Encrypted from CDS Office Technologies
East Carolina University
Answer the questions to reveal the blocks and guess the picture.
Chapter 3: IRS and FTC Data Security Rules
Drew Hunt Network Security Analyst Valley Medical Center
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Introduction to the PACS Security
Presentation transcript:

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful Use Incentives and Security Risk Assessments Jose Martinez, CCNP, CCVP, MCSA Network Engineer October 7 th, 2014

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Objectives Explain security risk assessments and discuss why they are beneficial Discuss the five most common reasons for security breaches in the healthcare field Discuss the five most common security risks we’ve encounter at Texas Community Health Centers and learn how to mitigate them

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What is a security risk assessment? Helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards Helps reveal areas where your organization’s protected health information (PHI) could be at risk Covered entities are required by HIPAA security rules to conduct a risk assessment of their healthcare organization

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What are the benefits? Spurs discussion about current policies, procedures, and security practices Boosts communication Security risk assessments are also part of incentive programs such as Meaningful Use

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What is a security breach? A breach is defined as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.” Source:

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential The 5 Most Common Security Breaches 1.Lost/stolen equipment or printed material 2.Compromised password 3.Out-of-date software / Software vulnerabilities 4.Poor employee security practices 5.Malware/virus infections

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential The 5 most common security risks found in Texas CHCs 1.Unencrypted portable devices 2.Weak password policies or enforcement 3.Outdated software 4.Missing a centralized anti-virus solution 5.Poor user permissions on file shares or desktops

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Unencrypted portable devices Implement BitLocker or other disk encryption tool Implement a policy prohibiting PHI on any portable devices Use encrypted USB devices Why? Unencrypted devices are the number one reason for security breaches Whether or not the data on the device is used, it is still considered a security breach

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Weak Passwords Revisit your password policy Consider increasing minimum password length to at least 8 characters with complexity Enforce your existing policies Why? Hackers have complied password files with billions of real passwords that have been exposed through security breaches As of 2011, available commercial products claim the ability to test up to 2,800,000,000 passwords a second on a standard desktop computer using a high-end graphics processor.

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Outdated software Implement WSUS for Windows Updates Consider systems management software for other updates such as Adobe Flash, Adobe Reader, Sun Java, etc. Create a list of software used by the organization Why? Most hackers exploit vulnerabilities found in old software Victims are sometimes targeted but most attackers are opportunistic

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: No Centralized AV Solution Implement a centralized anti-virus solution Assign someone to keep track of anti-virus definition updates (small environments) Why? No insight to the status of clients without checking each computer individually Greater control over virus definition updates and outbreaks

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Poor user permissions Implement Active Directory Lock down the permissions on folders with sensitive data Document the location of all PHI in your environment Why? Improperly set permissions can lead to unauthorized access Remove administrator rights to user desktops

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Questions? ?

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Contact JJ Martinez CCNP CCVP MSCA Network Engineer x2100