HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO.

Slides:

Advertisements

Similar presentations

W E S T V I R G I N I A 2012 School Health Profiles Report Weighted Principal Survey Results.

Advertisements

Vendor Management September 7 th 2007 James Mahan, Vice President Yankee Alliance.

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA

M I N N E S O T A 2012 School Health Profiles Report Weighted Principal Survey Results.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

© 2009 Cengage Learning. All Rights Reserved. Electronic Health Records.

HIPAA Security Rule November 16 th, 2004 ISSA/ISC ² Secure SD Security Conference, San Diego, CA Sean Lewis CISSP (ISSAP, ISSEP, ISSMP), CISA, SSCP, TICSA,

Practice Management Tool Kit 2006 Georgia Medical Fair September 8 & 9, 2006.

W Y O M I N G 2014 School Health Profiles Report Weighted Principal Survey Results.

MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.

C. P. Mansoor S. Ahmed M. Com, PGDBA.  Not confined to Independent Audit  Systematic Examination of  Records  Procedures  Systems  Operations.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Copyright © 2010, 2003 by Saunders, an imprint of Elsevier Inc. All rights reserved. 1 Medical Office Administration 2nd edition Brenda A. Potter, CPC.

The Chicken or the Egg: A study of Risk Management and Strategic Planning Presented by Raven Henderson Raven Lane, LLC.

Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Directory Services in the Health Care Enterprise Toward a Consolidated Infrastructure Ronald B. Williams Application and Security Architectures Technology.

HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.

 Family Support Agency Family Resource Centre Review June 2009 Internal Audit Services.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

S U B U R B A N C O O K C O U N T Y 2012 School Health Profiles Report Weighted Principal Survey Results.

RISK MANAGEMENT FOR THE CHIROPRACTIC SPORTS PHYSICIAN.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

Eliza de Guzman HTM 520 Health Information Exchange.

IT Internal Audit “Hot Topics” April 2011 Agenda Survey Overview Survey Results IT Internal Audit Hot Topics Overview – Social Media and Social Networking.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Risk Assessment: Key to a successful risk management program Sixteenth National HIPAA Summit Timothy H Rearick, MBA, PMP August 22, 2008.

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.

1 Challenges for Protecting the Privacy of Health Information: Required Certification Can Leave Common Vulnerabilities Undetected Ben Smith, Andrew Austin,

Jeff Miller Tamra Pawloski IT Procurement Summit headline news…

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Copyright © Emerson Strategic Group, Inc. All Rights Reserved 1 Ninth National HIPAA Summit Auditing for Privacy Compliance: A Case Study September.

REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.

Security Compliance …from Planning to Practice Sharon A. Budman Director of HIPAA Privacy & Security September 13, 2004 © University of Miami Office of.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

© 2009 Cengage Learning. All Rights Reserved. Regulating Hospitals.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.

Copyright © 2011 Delmar, Cengage Learning. ALL RIGHTS RESERVED. Discussion Insurance Fraud For this Discussion board, let’s look at a case study. While.

Board Financial Oversight Governing Board Online Training Module.

I N D I A N A 2014 School Health Profiles Report Weighted Principal Survey Results.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

UNIT 7 seminar! All about HIPAA, confidentiality and PHI!

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

and Security Management: ISO 28000

Business Continuity Plan Training

OSG Computer Security Plans

Security Management Practices

What is Enrollment Advocate?

Cyber Protections: First Step, Risk Assessment

Joe Frisino Standards Development and Performance Measurement

Information Security based on International Standard ISO 27001

Risk Analysis and HIPAA Security

Secretary for Information Security

Joe Frisino Standards Development and Performance Measurement

Healthcare IT Security and Compliance

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Emerging Audit and Internal Control Issues

Chapter 1 Key Security Terms.

HIPAA Security Risk Assessment (SRA)

Presentation transcript:

HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO Treadstone 71

Agenda From Threat Agent to Safeguard The NSA IAM Method Criticality of Information Matrix Systems Criticality Matrix OCTAVE SM Method Human Actors Using Network Access Threat Profile: System Problems Basic Risk Profile Initial Findings Scorecards HIPAA & ISO17799 Roadmap Q&A

Vulnerabilities available for exploit

Threat Agent Threat Vulnerability Risk Asset (ePHI) Exposure Safeguard Gives rise to Exploits Leads to Can damage And causes an Can be countermeasured by Directly affects

ConfidentialityIntegrityAvailability Patient Records Medical Staff Records Employee Records Vendor Contracts Employee Health Records Legal Files (lawsuit information) Contracts w/Agency People Meeting Minutes (Board) Survey Reports (Joint Commission (Medicare/Medicaid) Docs – Security Eng Tests & Inspections Patient Accounts Financial Audits Planning Documents (Strategic/Master Facility Plan) Payroll Records Psych/Drug/Alcohol/HIV Criticality of Information Matrix HMMMHMMM M M M M M M H H H H HHHHHHHHHH H H H H H H M H H H HMMMHMMM M M M M M M H H H H M M National Security Agency Information Assurance Methodology