Challenges of Securing Clinical Data in a Cloud- centric World Patty Furukawa – Assistant Dean for IT University of California-Irvine School of Law Doug.

Slides:

Advertisements

Similar presentations

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.

Advertisements

Network Systems Sales LLC

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Rodney Buike IT Pro Advisor, Microsoft Canada

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

Thoughts on Technology Issues for Small Business Data Security for Mobile Access Devices.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,

Addressing Information Security at Heller October 16, 2013 secureHeller.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Mobility Methods for document access while away from the office.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Genius Bar. 2 Module 1: Introduction to the VA Mobile Health Provider Program Module 2: Lifeproof Case Module 3: iPad Essentials Module 4: Device Security.

Penn State University College Of Education Understanding College of Education Resources.

New Data Regulation Law 201 CMR TJX Video.

November 2009 Network Disaster Recovery October 2014.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security Technological Security Implementation and Privacy Protection.

Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

DAY TO DAY USAGE OF THE NETWORK for academic and administrative support (How we make it work) Presented by: Donnie Mize, Network Manager, FTCC Wanda Jones,

Copyright 2003 CCNA 3 Chapter 7 Switch Configuration By Your Name.

1 CCNA 3 v3.1 Module 6 Switch Configuration Claes Larsen, CCAI.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

Group 2: Marco Hidalgo Wesley Lao Michelle Marquez-Lim

Security considerations for mobile devices in GoRTT

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Cyber Security & Fraud – The impact on small businesses.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

SPH Information Security Update September 10, 2010.

Note1 (Admi1) Overview of administering security.

Chapter 2 Securing Network Server and User Workstations.

Small Business Security Keith Slagle April 24, 2007.

EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

Office of Diversity and Inclusion Management Information Systems Network Orientation and Policies

Using technology to teach? We provide assistance and classroom support.

Sydney Region Servers. Windows 2003 Standard Configuration Able to be supported remotely Antivirus updates managed from server.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

© 2013 Toshiba Corporation B2B PC Training Mailer - Toshiba Device Access Control.

MIS323 – Business Telecommunications Chapter 10 Security.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.

Computer Security Sample security policy Dr Alexei Vernitski.

SY0-401 COMPTIA Security+ Certification Exam Vcepracticetest.com.

Component 8/Unit 1bHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 1b Elements of a Typical.

CompTIA Security+ Certification Exam SY

Clouding with Microsoft Azure

Working at a Small-to-Medium Business or ISP – Chapter 8

Before the talk… Zix Mail is the approved encrypted platform, we will have training on this soon. Citrix Sharefile has been approved for use for.

CompTIA Security+ Study Guide (SY0-401)

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

DETAILED Global CYBERSECURITY SURVEY Summary RESULTS

12 STEPS TO A GDPR AWARE NETWORK

Get to Know Your “W” Drive

Bethesda Cybersecurity Club

Security week 1 Introductions Class website Syllabus review

PLANNING A SECURE BASELINE INSTALLATION

Anyshare solution.

Introduction to the PACS Security

Presentation transcript:

Challenges of Securing Clinical Data in a Cloud- centric World Patty Furukawa – Assistant Dean for IT University of California-Irvine School of Law Doug Edmunds – Assistant Dean for IT University of North Carolina School of Law

UC Irvine School of Law Founded in 2009 Clinical program began in Fall 2011 Deployed Time Matters in Spring 2012 Switched to Clio in Fall 2012

Academic Year clinics – “firm” policy for information security 4 clinics – not under our “firm” policy Approximately 140 students 8 full-time faculty 7 adjunct faculty 1 clinic administrator

UNC School of Law Founded in 1845 Clinical program optional for 3Ls Case Master used circa Time Matters used from 2005 – 2011 (fall) Clio deployed fall 2011

Academic Year clinics all operating under same “firm” policies 1 center for civil rights, non-clinical, needs vary Approximately 70 students (only 3Ls) 8 full-time faculty 3 full-time staff

Survey Results Conducted via Teknoids listserv – May 2013 Responses from most US geographic regions + 1 from Canada Indicative of hesitation toward a move to the cloud Concerns mainly about data control

Do you have any formal procedures in place to monitor how clinical data are being stored? 13 out of 14 institutions answered no. Yes - Yes - “We utilize encryption on the server and have full logging turned on for all clinical data.” No - “We need to develop better policies for monitoring this. Although almost all of our data are stored within Clio, some users are still saving data to their network drive (I recently learned), which is not what we would like.”

What types of tools, if any does your IT unit provide and support to help secure clinical information? (institutions w/ local storage) Main campus ITS Security department Time Matters passwords & port limitation Documentation on disk encryption Limiting access to clinical data only to workstations in the clinic Strict policies VPN for faculty Separate server for clinical data

What types of tools, if any does your IT unit provide and support to help secure clinical information? (institutions w/ cloud storage) Encryption (flash drives, laptop HDs) Password protection (at file level) Data scanning software DLP (data loss prevention) through McAfee Virtualization (Citrix) Secure through middleware Logoff script to remove temp files

Information Security Topics Organizational and personal risks Stolen credentials (phishing attempts, malware) Socially engineered threats Mobile devices Physical security Cloud services

Best Practices Not all cloud-providers are created equal – differentiation is crucial! Educate your users on the various risks Develop written SOP and security policies Involve your university counsel and security officers Carefully review SLAs and contracts Backup your data

References & Resources Cisco IronPort (secure ) – Watchdox Citrix ShareFile – Apple Forum (scripting temp file removal) –

Questions? Doug Edmunds Patty Furukawa