Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.

PublishHillary Gilmore Modified over 8 years ago

Similar presentations

Presentation on theme: "Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful."— Presentation transcript:

1 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful Use Incentives and Security Risk Assessments Jose Martinez, CCNP, CCVP, MCSA Network Engineer October 7 th, 2014

2 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Objectives Explain security risk assessments and discuss why they are beneficial Discuss the five most common reasons for security breaches in the healthcare field Discuss the five most common security risks we’ve encounter at Texas Community Health Centers and learn how to mitigate them

3 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What is a security risk assessment? Helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards Helps reveal areas where your organization’s protected health information (PHI) could be at risk Covered entities are required by HIPAA security rules to conduct a risk assessment of their healthcare organization

4 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What are the benefits? Spurs discussion about current policies, procedures, and security practices Boosts communication Security risk assessments are also part of incentive programs such as Meaningful Use

5 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What is a security breach? A breach is defined as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.” Source: www.hrsa.gov

6 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential The 5 Most Common Security Breaches 1.Lost/stolen equipment or printed material 2.Compromised password 3.Out-of-date software / Software vulnerabilities 4.Poor employee security practices 5.Malware/virus infections

7 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential The 5 most common security risks found in Texas CHCs 1.Unencrypted portable devices 2.Weak password policies or enforcement 3.Outdated software 4.Missing a centralized anti-virus solution 5.Poor user permissions on file shares or desktops

8 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Unencrypted portable devices Implement BitLocker or other disk encryption tool Implement a policy prohibiting PHI on any portable devices Use encrypted USB devices Why? Unencrypted devices are the number one reason for security breaches Whether or not the data on the device is used, it is still considered a security breach

9 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Weak Passwords Revisit your password policy Consider increasing minimum password length to at least 8 characters with complexity Enforce your existing policies Why? Hackers have complied password files with billions of real passwords that have been exposed through security breaches As of 2011, available commercial products claim the ability to test up to 2,800,000,000 passwords a second on a standard desktop computer using a high-end graphics processor.

10 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Outdated software Implement WSUS for Windows Updates Consider systems management software for other updates such as Adobe Flash, Adobe Reader, Sun Java, etc. Create a list of software used by the organization Why? Most hackers exploit vulnerabilities found in old software Victims are sometimes targeted but most attackers are opportunistic

11 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: No Centralized AV Solution Implement a centralized anti-virus solution Assign someone to keep track of anti-virus definition updates (small environments) Why? No insight to the status of clients without checking each computer individually Greater control over virus definition updates and outbreaks

12 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential What can I do?: Poor user permissions Implement Active Directory Lock down the permissions on folders with sensitive data Document the location of all PHI in your environment Why? Improperly set permissions can lead to unauthorized access Remove administrator rights to user desktops

13 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Questions? ?

14 Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Contact JJ Martinez CCNP CCVP MSCA Network Engineer 512-329-5959 x2100 jmartinez@tachc.org

Download ppt "Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security EVMS Health Services 2004 Training.

Similar presentations

Ads by Google