Data Breach Working Group

Slides:

Advertisements

Similar presentations

Lesson 2 Communication as a Key Role. For additional information or questions please contact Toledo-Lucas County Health Department APC:

Advertisements

David Assee BBA, MCSE Florida International University

CHASE Audit Software David Hewitt IT Director HASTAM.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.

0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.

0-1 Team 1 Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auto-Owners.

0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Effective Core Groups Findings from the thematic core group audit.

New Data Regulation Law 201 CMR TJX Video.

Eliza de Guzman HTM 520 Health Information Exchange.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Unit 3: Identifying and Safeguarding Vital Records Unit Introduction and Overview Unit objective:  Describe the elements of an effective vital records.

Using REDCap (Research Electronic Data Capture) as a tool to perform research studies Abstract ID no. IRIA-1076.

Confidential CFR Part 11 Public Meeting The Role of the Technology Provider in the Pharmaceutical Industry Jean Paty, Ph.D. Co-founder.

Improving COI Information Management Special Projects COI Committee Lois Brako, Assistant Vice President for Research Regulatory Compliance Oversight June,

PCI-DSS: Guidelines & Procedures When Working With Sensitive Data.

U.S. Department of Education Assistive Technology Program.

FEPRE IT Presentation Peter Dolukhanov. Aims & Objectives Give an overview of the current proposed IT infrastructure Discuss and get feedback on the current.

Introduction Training. Training contents Introduction What is LXRMTK? How can LXRMTK be used? Where can LXRMTK be used? Who can use LXRMTK? History of.

ACC 542 homework / acc542homeworkdotcom. ACC 542 Entire Course ACC 542 Week 1 Individual Assignment Computer Information System Brief ACC 542 Week 2 Learning.

Gold Scout Mate Badge. Warren Oak Campsite District campsite at Warren Oak, Staplow, north of Ledbury, offers year round use. Warren Oak is a large 15.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Incident Response Comes of Age

Michael Wright • Chief Security Officer • Tech Lock

The Role of the Technology Provider in the Pharmaceutical Industry

Cloud service for clinical trials

iSecurity Compliance with HIPAA

Office 365 Security Assessment Workshop

Conducting Effective CAPA Following an Audit

Chapter 7: Introduction to Data Communications and Networking

MISY3321- Intro. to Information Assurance

Microsoft 365 Get help with regulatory compliance

ITIS 1210 Introduction to Web-Based Information Systems

GUIDE TO USINg REDCAP for the elf study

Understanding HIPAA Dr. Jennifer Lu.

GDPR Awareness and Training Workshop

Office of Nuclear Materials Safety and Safeguards

Why BOW-TIE & HAZID monitor?

Why HAZOP-SIL monitor? Knowing what should be done for: HAZOP-SIL

Reporting personal data breaches to the ICO

NEBOSH Fire Certificate Practicable Application

Why HSEMS monitor? Knowing what should be done for:

G.D.P.R General Data Protection Regulations

Software Assurance Maturity Model

SBS Vendor Management™

PhUSE Data De-Identification Working Group

Why PTW (SIMOP) monitor?

Why JHA monitor? Knowing what should be done for: Job Hazard Analysis

Why HSE Plan monitor? Knowing what should be done for: HSE Plan

County HIPAA Review All Rights Reserved 2002.

This presentation has been prepared by Vault Intelligence Limited (“Vault") and is intended for off line demonstration, presentation and educational purposes.

Why SCE monitor? Knowing what should be done for:

Thursday, June 5 10: :45 AM Session 1.01 Tom Walsh, CISSP

IMPLICATIONS OF GDPR ROBERT BELL.

Why Interface monitor? Knowing what should be done for:

GDPR Data Collection and PII Team: Shannon Labout

Quality Assurance Framework

Managing the IT Function

Organizational Standards

Security week 1 Introductions Class website Syllabus review

Data Transparency Safeguard and Processes Working Group

Why Sub-System monitor?

Why QRA monitor? Knowing what should be done for:

Breaking Factors into Smaller Factors

Why SIMOP monitor? Knowing what should be done for SIMOP

Data Privacy by Design Expanding Security for bepress Users

Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.

Presentation transcript:

Data Breach Working Group Data breaches – a brief history and current best practices for prevention Barbara Rusin Jean-Marc Ferran Megan Schmidt

Brief Outline of Work Introduction to Data Breaches and GDPR Data breach categories Accidental/Incidental Breaches Misdirected emails, unattended hardcopies or workstations, verbal breaches, saving data to the wrong drive(s) Jean-Marc Database Access and Communications Database access controls, software access limitations, software/systems validations, audit trail functionality and reviews, internal and external hacking, cloud- vs. server-associated risks Barbara Working with Clinical Sites/CROs Breaches at clinical sites, encryption at rest and during transmission, ensuring appropriate encryption and hacking safeguards at multiple entities, contracts and data limitations, vendor oversight Megan

Brief Outline of Work (continued) Discussion within each category Tangible examples Causes of historical breaches Adequacy of management Best practices from these examples, regulations, guidance, etc. Summary of GDPR requirements and best practice recommendations

Current Status Team members are working on gathering information for assigned section(s) Additional Volunteers Needed! Further break down categories into smaller units Add new categories Work as teams of 2 or more on each defined category Contact Lauren White (lauren@phuse.eu) or Barbara Rusin (brusin@mmsholdings.com)