InfoSecurity Compliance Are you ready to be regulated? Presented by: Umesh Verma CEO, BLUE LANCE 02.26.04.

Slides:

Advertisements

Similar presentations

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Advertisements

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 10 Privacy Policy © Routledge Richard.

Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Il-Sung Lee Senior Program Manager Microsoft Corporation SESSION CODE: DAT302.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.

Security Controls – What Works

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

WELCOME Annual Meeting & Compliance Seminar. Code of Conduct - Impact on Corporate Culture by Andy Greenstein Knight Capital Group, Inc.

University of Alaska System and UAF Information Technology Security Review 2007.

HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.

Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)

U.S. Financial Regulations

Name of presenter(s) or subtitle Privacy laws and their impact on research David W. Stark MRIA B.C. Chapter November 2, 2005.

HIPAA PRIVACY AND SECURITY AWARENESS.

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

Ideal Jobs FBI. Field Criminal Justice Criminal Justice is study of the law and is mostly of thinking of the Criminal mind. Jobs: Local law Enforcement:

Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

Enforceable Codes of Conduct: Accredited Third-Party Certification for Food U.S. Federal Trade Commission November 29, 2012 Charlotte A. Christin U.S.

Federal Agencies and Laws for Consumer Rights

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

The Federal Bureaucracy Mr. Stroman US Government.

Compliance August 18, Agenda Outline Status Draft of Answers.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Culture Clash: Law, Business and Technology Mitch Dembin Chief Security Advisor (US) Microsoft Corporation.

1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.

FEDERAL RESERVE CONTROLS THE NATION’S MONEY SUPPLY LOWERS AND RAISES INTEREST RATES.

Agencies of the Executive Branch Decisions made by any agency of the Executive Branch are considered an executive order and have the power of LAW!!!

Legal and Ethical Issues Chapter 6 Section 1 Govt. and Laws.

Chapter 6 legal and ethical issues Section 6.1 Government and Laws

Government functions in the Economy  Stabilize the economy  Provide Public Goods  Regulation of Business, Labor, Agriculture  Redistribute Income…Entitlements.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

 Health Insurance and Accountability Act Cornelius Villalon Jr.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.

Objective 4.1 Structure of the Executive Branch ARTICLE II EXECUTIVE BRANCH.

Denise Chrysler, JD Director, Mid-States Region

Clinical Trials Validation, 21 CFR Part 11 Compliance

Federal Agencies and Laws for Consumer Rights

Monitoring Agents for Control and Compliance

Regulatory Compliance

Contingent Workforce: Global Privacy Laws Overview

Securing Critical Assets: Arizona’s Security & Privacy Initiatives

Disability Services Agencies Briefing On HIPAA

HIPAA Pros - Minimum Necessary

Duty 4 - Systems NOCTI.

LT: Explain the roles government plays in our free enterprise system

Acquire knowledge of the impact of government on business activities to make informed economic decisions 5.04.

Making Your IRBs and Clinical Investigators HIPAA-Ready

Duty 4 - Systems NOCTI.

Strategies to Comply with the HPAA Privacy Rule Before the HIPAA Security and Enforcement Rules are Final Presented by: Steven S. Lazarus, PhD, FHIMSS.

Duty 4 - Systems NOCTI.

Presentation transcript:

InfoSecurity Compliance Are you ready to be regulated? Presented by: Umesh Verma CEO, BLUE LANCE

InfoSecurity -Are you ready? Does your company process electronic protected health information (EPHI)? HIPAA Subtitle F; 45 CFR (Parts 160, 162, 164) Does your company receive and process protected personal information (PPI)/financial data that belongs to individuals? GLBA Title V - Privacy; 12 CFR Part 30 and other CFRs Can the FBI review your company’s business records, including electronic computer records as part of the effort to fight terrorism? USA Patriot Act Sections 215

InfoSecurity -Are you ready? Does your company submit data electronically to the Food and Drug Administration? FDA Modernization Act of CFR Part 11 Does your company process personal data that belongs to individuals that are citizens of any country in the European Union? Directive 95/46/EC Article 17 Does your company process certain types of unencrypted personal information belonging to California Citizens? SB 1386 Does your company process information belonging to an agency or department in the Federal Government? FISMA Sections 302 and 303

Is your company a financial institution that is required by the Federal Reserve to maintain capital reserves? Does your company have a published privacy policy or have made public proclamations about the quality of your information security? Is your company an outside service provider/vendor that processes “protected data” belonging to a regulated client? Federal Trade Commission Act Section 5(a) Any of the above. BASEL II Section V InfoSecurity -Are you ready? Is your company a public company, have ambitions to become a public company or are you a public accounting firm? Sarbanes Oxley Act of 2002 Sections 302 and 404

Business Impact? Will the immaturity of your infosecurity practices impact your ability to do business? –Are you directly or indirectly regulated? –What future regulatory changes are forthcoming? Do you recognize an emerging “cultural trend”? Can you afford to wait for an “enforcement action” before being motivated to make a needed investment in security? –Will you have enough time to act, when action is needed?

Business Impact? Are you willing to lose business opportunities by failing to pass a “due diligence” review? Can you withstand a public disclosure that your internal security has been compromised? Do you have the resources to implement an effective infosecurity practice? –People; Money; Tools; Knowledge –Are you able to meet the spirit of ISO 17799? Policy, Procedures, Baseline Security,...

Compliance Strategies Consider outsourcing opportunities to experienced practitioners –Information Technology Services (Tier 1, Tier 2) –Information Security Services When necessary and cost-justified, roll your own security –Implementing an internal Information Security Practice –Professionally managed – Ideally CISSP managed Hybrid strategies – more likely for most organizations –Because there is much to do as per ISO –You cannot outsource all infosecurity processing Dealing with application specific information access requirements.