Regulatory Compliance

Slides:



Advertisements
Similar presentations
Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.
Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Recent IT Security Breaches & How Organizations Prepare Evan McGrath Spohn Consulting May 23, 2015.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Electronic Records Management: What Management Needs to Know May 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
AUGUST 25, 2015 Cyber Insurance:
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
HIPAA Compliance. What is it? The federal Health Insurance Portability and Accountability Act of Ensures the privacy rights of patients.
AICP New England 13 th Annual Education Day PRIVACY Jenny Erickson Vice President, Legislative and Regulatory Affairs The Life Insurance Association of.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Connecting the Dots A Practical Approach to Integrating Compliance, Risk and Quality Jody Ann Noon RN, JD Partner Health Care Regulatory Practice.
Compliance August 18, Agenda Outline Status Draft of Answers.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.
Western Asset Protection
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Chapter 4: Laws, Regulations, and Compliance
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
Shared Services and Third Party Assurance: Panel May 19, 2016.
Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.
An Information Security Management System
Performing Risk Analysis and Testing: Outsource or In-house
Privacy & Information Security Basics
The Demand for Audit and Other Assurance Services
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA.
Session 11 Other Assurance Services
E&O Risk Management: Meeting the Challenge of Change
Vendor Management & Business Value
Chapter 3: IRS and FTC Data Security Rules
IS4680 Security Auditing for Compliance
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
General Counsel and Chief Privacy Officer
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Disability Services Agencies Briefing On HIPAA
Canadian Auditing Standards (CAS)
CIT 485: Advanced Cybersecurity
HIPAA Policy & Procedure Strategies
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Colorado “Protections For Consumer Data Privacy” Law
School of Medicine Orientation Information Security Training
Presentation transcript:

Regulatory Compliance Mary Gardner

Compliant vs. Secure

Security – CIA Triad

Regulations and Standards Description Triggers Requirements HIPAA Requires that protected health Information (PHI) be maintained in a secure and confidential manner Billing Self-Insured Companies Business Associate Agreements Encryption of PHI Standards for Deidentification Breach Notification Policy and Standards for Protection of Data GLBA Requires that Customers Personally Identifiable Information be secured regardless of where it lives. Also allowed for Investment and Savings banking to be offered at one institution. Chartered as a financial institution under the guidance of the OCC, SEC Protection of PII Vendor Security Required Information Security Function SOX Sarbanes – Oxley act required controls be maintained around financial reporting data. Those controls must be certified by independent 3rd party Publically traded companies Integrity of Accounting Data Self –Assessment Program Attestation of Controls PCI Payment Card Industry Standard requires the protection of cardholder account information Companies Processing Payment card Information Requirements Based on Annual Transaction Volumes Encryption or Obfuscation of Account Numbers Annual Assessment Program FISMA Federal Information Security Management Act Requires Institutions Gathering or Processing Information on the Governments behalf Handle that data according to risk based standards Contractual Requirements Stipulation of Certain Grants or Information Sharing Agreements Encryption of Sensitive Information Risk Assessment Program Identification and Notification of Breach State Breach Laws Many States Require that Individuals be Notified in the Event of the Breach of Their Personally Identifiable Information (PII) Public or Private Sector Entities Storing or Processing PII Encryption of PII

HIPAA Compliance Security Rule http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf Oversight By the Office of Civil Rights (OCR)

HIPAA Compliance Privacy Rule Generally Managed By Chief Privacy Officer http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/ index.html

HIPAA Compliance Consequences Notification Costs Fines Ponemon Institute - $200.00/incident/record Fines Alaska Department of Health 1.7MM Unencrypted Laptop Stolen from Car Idaho Fined $50,000 for loss of 441 records Tennessee Blue Cross Blue Shield 1.5MM

Legal is Your Best Friend Expertise to Wade through Legalese Knowledge on Navigating Partners and Vendors Can Assist with Internal an External Auditors

Audit Necessary Evil Prepare for the Audit Unbiased Assessment Leverage with Senior Management Prepare for the Audit Where Possible Help set the Scope Understand your Weaknesses and Create Plans to Address them Where Possible have an Internal Audit Performed Prior to a Compliance Audit

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.