Relational Security Corporation

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.

Managing Organizational Control

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

1 1 Risk Management: How to Comply with Everything July 11, 2013.

Building a Medical Records Compliance Program for Your Office: Charles B. Brownlow, OD, FAAO December 17, 2012.

Understanding & Managing Risk

Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting

U.S. General Services Administration General Services Administration Policy, the Procurement Process, the Buy Accessible Wizard, and Purchasing Section.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

Farm Business Planning Dr. Laurence M. Crane

Enterprise Resource Planning ERP Systems

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Understanding Farm Business Records and Accounting Karisha Devlin Agriculture Business Specialist.

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Software Asset Management

Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

COSO Framework Update IIA Columbus Chapter May 17, 2013

Self Assessment Feedback Logistics R Us GOLD Member.

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

Corporate Governance: Basel II and Beyond Corporate Governance Program for Bank Directors of Indian Banks Mumbai December 14, 2005.

WorkflowOne Healthcare Print and Document Management Solutions that address IDNs supply chain, financial performance and patient outcome objectives.

ARMICS Randy Sherrod, Internal Audit Manager – Department of Behavioral Health and Developmental Services.

1. 2 IMPORTANCE OF MANAGEMENT Some organizations have begun to ask their contractors to provide only project managers who have been certified as professionals.

Sarbanes-Oxley section 404 How To Achieve Compliance.

1 This Presentation is printed on recycled materials.

PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

Preston Alderman MSDE, Director of Audit.  As recipients of federal and state funds we are charged with ensuring that the funds are adequately accounted.

Keeping Control of the Money January Introduction. The National Member Services Committee has developed a series of National Education Seminars.

State Diamond Trader Strategic Plan 2012/13. Introduction The State Diamond Trader (SDT): Has been in operation for 5 years Has 92 registered clients.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

Topic 5 Initiating a project

Tracking Assets Spot Audit Inventory Accounting The University of Texas at Austin.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.

Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

Michael Wright • Chief Security Officer • Tech Lock

Business & Society ETLW 302

Information and Systems Security/Compliance

District and Club Qualification

Internal Control Principles

CPA Gilberto Rivera, VP Compliance and Operational Risk

Identity and Access Management

Data Minimization Framework

Open Topic Jimmy Nolan.

Michigan Department of Education

Disaster Recovery Policy & Procedures

Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.

Audit Planning and Analytical Procedures

Microsoft SAM for Hosting (SPLA)

Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.

Internal control objectives

IS4680 Security Auditing for Compliance

CMGT 431 Competitive Success/snaptutorial.com

CMGT 431 Education for Service-- snaptutorial.com.

CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.

CMGT 431 Teaching Effectively-- snaptutorial.com.

Carrier panel discussion March 2018

RECORDS AND INFORMATION

Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.

for the year ended 31 December 2016

Drew Hunt Network Security Analyst Valley Medical Center

District and Club Qualification

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

HIPAA Security Risk Assessment (SRA)

Process and Procedure Documentation

Presentation transcript:

Relational Security Corporation Kevin C. Day CTO Relational Security Corporation www.RSAM.net “Making your HIPAA Security Efforts Last” Round One is coming to a close But the Fun is far from over!

Make your Efforts Stand the Test of Time Many organizations have not had the time & resources to do a thorough job Most likely the direction & approach changed several times throughout the process. While focusing so much on getting to D-Day, have they acquired processes and tools that will maintain the compliance? Time to take a look and see what we have

You Can’t Maintain Compliance if… Your HIPAA budget is drastically cut after D-Day! There is no formal process to review & update your policies & procedures You don’t continually validate that the policies are being followed You can’t continually & consistently update your Risk Assessment (not “annual” but “continual”) You don’t have a Risk Inventory (where is the ePHI?) to enforce your standards and monitor compliance You have not incorporated Change Management processes that ensure changes to the environment follow the standards

Reviewing the Risk Assessment Your Risk Assessment will continue to be the key to Compliance. If one day you look and realize your risk assessment is no longer accurate… you are no longer HIPAA Compliant! Was it is truly thorough? Did we get enough details? Were the results actionable? Did we rush to meet the deadline? Are processes and tools in place to: Review it? Update it (newly acquired assets & changes to existing assets)? Make continual use of the results? Will it withstand investigation?

Make your Processes and Tools Last HIPAA will not be the end of the saga….. Sarbanes Oxley or its equivalent will soon apply to everyone. Make sure your existing work & tools can expand beyond “HIPAA”.

Don’t Think your Done! Continue to Expand your efforts What was considered as the basis for “reasonable control” in Year 1 will certainly not be reasonable in Years 2, 3 & 4. After major risks are addressed, other risks which were once “unreasonable” will now be within reach You must continually expand your assessment and standards to include stronger controls In 2006 you can’t just review the 2005 documents and say “everything is the same… so we are done”

Learning from Other Industries Common Pain-Points we hear from the financial industry (GLBA) We thought the regulations were broad enough to take a high-level approach…. when we were finally audited the inspectors demanded details How can you secure data if you don’t even know where it resides? How can you security your applications if you don’t even have a detailed list of their controls Three years ago we spent a great deal of time and effort in our compliance efforts. Now that we are actually being audited I find most of my data is 3 years old!

Will I be compliant next year?

kday@relsec.com www.RSAM.net Thank You Contact Information: Kevin C. Day kday@relsec.com www.RSAM.net