Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Slides:



Advertisements
Similar presentations
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Advertisements

IT Security Policy Framework
DRIVING DOD POLICY FOR COMMON CRITERIA TESTING OF IT PRODUCTS Wanda Nuckolls, Product Security Project Manager Canon U.S.A., Inc. Government Marketing.
Chapter 11 by Dee McGonigle, Kathleen Mastrian, and Nedra Farcus
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Information Security Policies Larry Conrad September 29, 2009.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
2 The Use of Health Information Technology in Physician Practices.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)
© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.
Information Security Framework & Standards
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
The Use of Health Information Technology in Physician Practices
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
HIPAA EFFECTS OF HEALTH CARE LEGISLATION. Evaluation of the influences of HIPAA  How it affected health care system  How it works as a law  Changes.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Lecture 11: Law and Ethics
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
CSCE 548 Secure Software Development Security Operations.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Chapter 4: Laws, Regulations, and Compliance
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
CSCE 727 Awareness and Training Secure System Development and Monitoring.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
Employability Laws Matt Haller. Americans with Disabilities Act – 1990 (ADA) Nation's first comprehensive civil rights law addressing the needs of people.
EMPLOYABILITY LAWS Owen weaver. AMERICANS WITH DISABILITIES ACT – 1990 (ADA) Nation's first comprehensive civil rights law addressing the needs of people.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.
Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.
Law and Ethics INFORMATION SECURITY MANAGEMENT
Health Insurance Portability and Accountability Act
An Information Security Management System
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Regulatory Compliance
HIPAA.
Secure Electronic Transaction
Health Insurance Portability and Accountability Act
IS4680 Security Auditing for Compliance
Presentation transcript:

Brief Synopsis of Computer Security Standards

Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards and legislation have been created to support the tenets of information systems security.

1968 NBS National Bureau of Standards does a study of US Government's computer security needs.

1972 NBS & ACM NBS in collaboration with ACM (Association for Computing Machinery) sponsor their first conference on computer security

1974 TEMPEST Establishes standards for shielding eminations

1977 NBS & ANSI NBS sponsors workshops to audit and evaluate computer system security. ANSI (American National Standards Institute) adopts DES, the data encryption standard. This is the official standard encryption for unclassified data 1986 NSA no longer endorses DES

1980 Computer Security Center Department of Defense establishes the Computer Security Center within the NSA

1983 TCSEC Orange Book Release DOD releases the “Trusted Computer System Evaluation Criteria”, TCSEC Affectionately known as the “Orange Book”, because of its orange cover. Revised in 1985 Retired in 2002

1984 NSTISSP National Security on Telecommunications and Automated Information Systems Security, gave the NSA the authority to advise the private sector on computer security

1986 Computer Fraud and Abuse Act Establishes legal action against unauthorized or fraudulent access to government computers and electronic data.

1987 Computer Security Act Government agencies must have a well defined information system security plan

Common Criteria Developed during the 1990s in Europe then established later in Canada. Superseded the TCSEC (Orange Book) circa 2002.

1996 HIPAA Health Insurance Portability and Accountability Act Among other things, it establishes standards for electronic health care transactions Establishes the importance of privacy and security for health care data

1999 Gramm Leach Bliley Act Contains a financial privacy rule requires financial institutions to design, implement, and maintain safeguards to protect customer information.

2002 SOX Sarbanes-Oxley Among other things, impacts internal controls of data relevant to the auditing of records belonging to publicly traded companies.

2002 FISMA Federal Information Security Management Act Each federal agency must develop, document, and implement an agency wide security program to protect their information systems data and infrastructure.

2004 PCI SSC Payment Card Industry Security Standards Council Establishes a minimum level of security for merchants and card issuers

2009 HITECH Act Heath Information Technology for Economic and Clinical Health Designed to further support HIPAA rules. Addresses privacy and security concerns associated with the electronic transmission and storage of health information.