Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology,

Slides:

Advertisements

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Advertisements

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

Leading Change Melanie Nelson – Cerner Corporation

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Security Controls – What Works

Virtual Event Solutions When Webconferencing is not the Right Tool Enterprises are turning to webcasting and virtual events to deliver their message to.

Proposed Meaningful Use Criteria for Stage 2 and 3 John D. Halamka.

Secure Your Future Now ….. Logical Access Control and Data Security Brought to you by Support & Maintenance by DCS Global Info.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

MEANINGFUL USE UPDATE 2014 Mark Huang, M.D. Chief Medical Information Officer Rehabilitation Institute of Chicago Associate Professor Department of PM.

Adapting to a Mobile IT Landscape: From IT Silo to Enterprise Strategy Kimberly Hancher Chief Information Officer (CIO) U.S. Equal Employment Opportunity.

MARISA TORRIERI Associate Editor, Physicians Practice.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 5 Personal Health Records Electronic Health Records for Allied.

A First Look at Meaningful Use Stage 2 John D. Halamka MD.

Meaningful Use Stage 2 Esthee Van Staden September 2014.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

HIT Policy Committee Accountable Care Workgroup – Kickoff Meeting May 17, :00 – 2:00 PM Eastern.

Saeed A. Khan MD, MBA, FACP © CureMD Healthcare ACOs and Requirements for Reporting Quality Measures Meaningful Use Are you still missing out? © CureMD.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

EcGroup Inc. MHD = SMS + XDW + XDS Commentary and proposed modifications regarding the IHE MHD Profile. July 5 th,

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Information Security Technological Security Implementation and Privacy Protection.

A First Look at Meaningful Use Stage 2 John D. Halamka MD.

Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.

Medicaid EHR Incentive Program For Eligible Professionals Overview of the Proposed 2015 Modification Rule Kim Davis-Allen Outreach Coordinator

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Meaningful Use Presentation for Fall Faculty Meeting October 24, 2014.

Affordable Healthcare IT Solutions. MU RX Compliance with Meaningful Use Stage 2.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

EMR Remedies Electronic Health Record Solutions Copyright – EMR Remedies Corporate Overview and General Information on Federal.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

State HIE Program Chris Muir Program Manager for Western/Mid-western States.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

Component 11: Configuring EHRs Unit 2: Meaningful Use of the Electronic Health Record (EHR) Lecture 1 This material was developed by Oregon Health & Science.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Unit 1b: Health Care Quality and Meaningful Use Introduction to QI and HIT This material was developed by Johns Hopkins University, funded by the Department.

1 Data use, data sharing and information governance Geraint Lewis Chief Data Officer, NHS England Mark Golledge Programme Manager in.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Component 3-Terminology in Healthcare and Public Health Settings Unit 15-Overview/ Introduction to the EHR This material was developed by The University.

Working with HIT Systems

Christopher H. Tashjian, MD, FAAFP July 23, 2013, Washington D.C.

Component 11/Unit 2a Meaningful Use of the Electronic Health Record (EHR)

Identity Assurance Emory University Security Conference March 26, 2008.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Copyright © 2007 Siemens Medical Solutions USA, Inc. All rights reserved. Assessing Your Needs and Preparing RFPs… Brian Anderson Southeast Zone MedSeries4.

About Softex Mission Statement: “To provide innovative security software products and solutions for computing devices” Softex was founded in 1992 by IBM.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

 2014 Diagnotes, Inc. – Confidential & Proprietary Spring Into Quality Symposium March 14, 2014.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.

Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance.

Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

Q K-12 Blueprint Overview. 2 The K-12 Blueprint offers resources for education leaders involved in planning and implementing personalized learning.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

DATA SECURITY FOR MEDICAL RESEARCH

Mobile Device Management

The Practical Side of Meaningful Use:

CyberSecure: Your Medical Practice

New type of devices for identification of users of “Raiffeisen ONLINE” – Hardware and Software Tokens.

Presentation transcript:

Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology, WebMD Health Services October 30, 2013

MISSION: To provide expert guidance that inspires people to take charge of their health. WHAT WE DO: We offer health, wellness, and care transparency solutions that help large organizations with complex populations improve people’s health, productivity, and happiness. WHS Key Statistics 500 Employees Over 225 Customers Registered Users: 7.1 million Activated personal health records: 4.7 million Completed health assessments: 1.5 million per year

© WebMD Health Services Group, Inc. All rights reserved. 3 Meaningful Use of Electronic Health Records is a United States National Imperative This mandate isn’t just about improving care coordination and quality … it is also about patient engagement

© WebMD Health Services Group, Inc. All rights reserved. 4 Stage 2 of of the CMS Incentive Program Sets Goals for Patient Engagement  Core Measure 7: Provide patients the ability to view online, download and transmit their health information within four business days of the information being available to the EP.  Core Measure 17: Use secure electronic messaging to communicate with patients on relevant health information.

© WebMD Health Services Group, Inc. All rights reserved. 5 Electronic Health Information Providers Face Stringent Security and Privacy Requirements HIPAA Omnibus Rule for 2013: “Significant risk of harm” test replaced by more objective “probability of compromise” test.  Regulatory (HIPAA, HITECH) drivers  Patient / user trust and brand reputation

© WebMD Health Services Group, Inc. All rights reserved. 6 There are Competing Forces at Play When it Comes to Electronic Health Information Access  Ease of use and access from a wide range of devices (desktops, tablets, smartphones) is key to driving patient engagement Yet  Providers must still ensure robust authentication standards are in place

© WebMD Health Services Group, Inc. All rights reserved. 7 Example: Mobile App Authentication  WebMD Health Services recently shipped a native iOS and Android “tiny habits” app called “Daily Victory”  Key attributes:  No access to or sharing of personal health information  Allows user to share daily wellness activities with WebMD and a small social network  Authentication:  Initial authorization code to provision app  No password or PIN required  Revocable access

© WebMD Health Services Group, Inc. All rights reserved. 8 Evaluate Authentication Needs based on Risk and Engagement Requirements Sensitivity of InformationHighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent Mobile Fitness Tracker Patient / Physician Communication Blood Sugar Tracker Health Information Research Personal Health Record “In Case of Emergency” E-cards? Provider Medical Imaging Mobile Viewer

© WebMD Health Services Group, Inc. All rights reserved. 9 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Sensitivity of Information

© WebMD Health Services Group, Inc. All rights reserved. 10 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Initial one-time authentication with optional or automatic “remember me” for future visits. Possible remote revocation (e.g., “forget this device”). Sensitivity of Information

© WebMD Health Services Group, Inc. All rights reserved. 11 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Short PIN or similar shorter- than-password code for application entry after initial authentication Sensitivity of Information

© WebMD Health Services Group, Inc. All rights reserved. 12 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Sensitivity of Information Full (presumably strong) password required for access to any personal information.

© WebMD Health Services Group, Inc. All rights reserved. 13 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Variable level of authentication based on pre-determined risk of both the current user session as well as the intended user activity. Sensitivity of Information

© WebMD Health Services Group, Inc. All rights reserved. 14 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Use at least two factors (know / has / is) for authentication. Rotating tokens, SMS codes, “dongles”, and biometrics are examples. Sensitivity of Information

© WebMD Health Services Group, Inc. All rights reserved. 15 Closing Thoughts Context is critical! Know your risks and adapt your approach accordingly. Engagement can suffer in the face of enhanced authentication strength. When appropriate, allow the user to manage their own risk.

Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology, WebMD Health Services October 30, 2013