1 1.02 Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Slides:



Advertisements
Similar presentations
Ethics, Privacy and Information Security
Advertisements

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Security Controls – What Works
Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
Information Security Information Technology and Computing Services Information Technology and Computing Services
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Securing Information Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Network and Internet Security and Privacy.  Two of the most common ways individuals are harassed online are  cyberbullying – children or teenagers bullying.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
BUSINESS B1 Information Security.
1.1 System Performance Security Module 1 Version 5.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
13-1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter 13 Information Technology for Business.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Design of Health Technologies lecture 22 John Canny 11/28/05.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Data Security.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
Chap1: Is there a Security Problem in Computing?.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Security and Ethics Safeguards and Codes of Conduct.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Securing Information Systems
Securing Information Systems
Final HIPAA Security Rule
County HIPAA Review All Rights Reserved 2002.
Health Care: Privacy in a Digital Age
Introduction to the PACS Security
Presentation transcript:

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar & Associates, LLC, former HIPAA Compliance Officer for Providence Health Plans

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 2 Presentation Overview What are the worries Internal & External Risks Steps to address risks What is a firewall and why is it needed Malicious code or viruses Transmitting information securely Resources Summary

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 3 What are the Worries Wireless security Portable devices Encryption/secure messaging Access control (including remote access) Employees and hackers

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 4 What are the Worries Employee termination Risk assessment Policies and procedures Social engineering Controlling access to your facility

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 5 What are the Worries Media disposal and re-use Staff training Anti-virus/spyware Password management Disaster planning

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 6 Steps to Take Risk assessment essential Risk management needed follow up Senior management buy in – risk avoidance isn’t always free Monitoring and auditing Utilize appropriate technology

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 7 Steps to Take Regulatory watch Open the closet – avoid hiding security and privacy incidents Stay current Take advantage of industry partnerships Consistency

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 8 Steps to Take The need to protect facilities and equipment Data center – critical to your business Changing locks and key cards Temporaries, contractors & volunteers Social engineering

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 9 Steps to Take Workstation security Secure storage (i.e., file cabinets, medical record shelving, etc.) Portable devices & dangers of theft and loss Remote access or teleworking Physical transport of PHI (media & hardware)

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 10 Steps to Take Policies and procedures Access control & Role-based access Password management Encryption or secure messaging Malicious code Spam

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 11 Steps to Take Internet use and misuse Intrusion detection Vulnerability detection Audit logs Backup & recovery Disaster & recovery/business continuation plan

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 12 Steps to Take Operating system security Laptop/PDA encryption Termination procedures Disposal of hardware and data Fitting technical security measures to need

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 13 Steps to Take Appointment of a security officer Staff training needs Cultural change Sanctions & enforcement Managing your workforce

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 14 Steps to Take Defining roles and “need to know” Minimum necessary applies Auditing requirements Record retention & retrieval Confidential faxing and other forms of sensitive communication

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 15 Firewalls & Why Use Them Allows wanted electronic traffic in and out of your organization Blocks damaging electronic traffic Firewall logs and what they mean Security against hackers

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 16 Firewalls & Why Use Them Hardware versus software firewalls – what’s the difference? Available even to smallest organizations Hackers look for openings Protect your health information Acts as security guard

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 17 Viruses, trojans and worms Spyware Malicious cookies Spam threats Malicious Software

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 18 Anti-virus software and its use Anti-spyware and its use Anti-spam software and its use Built for small to large organizations The layered approach Malicious Software

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 19 “Clear text” versus encryption What is encryption? Compressed files not encryption File transfer protocol Virtual private networks Transmission Security

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 20 Web messaging Public key infrastructure Secure web sites Why encrypt? Inexpensive solutions Transmission Security

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 21 Resources Center for Medicare & Medicaid Services HIPAA Web Site: ault.asp ault.asp National Institute of Standards & Technology (NIST): Workgroup for Electronic Data Interchange:

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 22 Resources HIPAA Assessment: w/nchicahipaa_earlyview_tool.htm w/nchicahipaa_earlyview_tool.htm SANS: (ISC) 2 : HIMSS:

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 23 Resources The First Steps Toward Security: cles/HealthData%20Mgmnt6-26.pdf cles/HealthData%20Mgmnt6-26.pdf RSA: Tunitas Group: National Institute of Health (regulatory information):

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 24 Nothing is risk free Remember to pay attention to internal and external threats Simple solutions equal quick compliance and sound business practice Firewalls are mandatory Malicious code or software can shut down your business Secure transmission of health information – accessible and necessary Summary

April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 25 Question & Answer Chris Apgar, CISSP President Apgar & Associates, LLC SW 62 nd Place Portland, OR (503) (voice) (503) (fax) (503) (mobile)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.