Presentation is loading. Please wait.

Presentation is loading. Please wait.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

Published byDarren Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of."— Presentation transcript:

1 Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of the hospital (if you don’t know where it goes, you cannot maintain its privacy and provide adequate security)  Establish better communications amongst all HIPAA Team Members and throughout the hospital.  Create physical and information security policies and procedures. Educate all staff. Institutionalize this training (HR).  Remove ‘Discards’ from the hallway in the old building. The discards contain PHI and are accessible from both inside and out.  Medical Records room (dictation) needs to be secured at all times since PHI is fully accessible and there is no one to prevent entry.  Secure all non-essential hospital external access doors at all times.  Establish patch management program for server and maintain proper patch levels.

2 Initial Findings  Heliport needs to be cleared of vehicles at all times versus an after-the-fact removal of vehicles.  Take backups offsite for storage on all critical systems.  Asset management inventory of all IT hardware and software (if you don’t know what it is, you cannot secure it).  Stop the practice of faxing lab information to non- securely located fax machines and to non-essential personnel. Principle of least privilege applies.  Create and maintain network diagrams.  Establish a password management program with strong passwords and 60 day changes.  Provide external storage to critical systems

3 Initial Findings  Ensure anti-virus software is on all critical servers.  Establish electronic audit logs and event monitoring.  Review the use of modems to critical systems as a vendor method for updating and maintenance as an appropriate method of access. Identify capability of audit logs for the modems.  Create a video surveillance policy and educate staff on the uses of this security solution.  Principle of Least Privilege needs to be applied online and in physical security situations.

4 ScoreCards 0 Non-Existent — Management processes are not applied at all 1 Initial — Processes are ad hoc and disorganized 2 Repeatable — Processes follow a regular pattern 3 Defined — Processes are documented and communicated 4 Managed — Processes are monitored and measured 5 Optimized — Best practices are followed and automated National Security Agency’s Information Assurance Capability Maturity Model Rating (NSA IA-CMM)

5 ScoreCards 0 Non-Existent — Management processes are not applied at all 1 Initial — Processes are ad hoc and disorganized 2 Repeatable — Processes follow a regular pattern 3 Defined — Processes are documented and communicated 4 Managed — Processes are monitored and measured 5 Optimized — Best practices are followed and automated National Security Agency’s Information Assurance Capability Maturity Model Rating (NSA IA-CMM) Flow of PHI was not included in the Privacy effort

Download ppt "Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of."

Similar presentations

CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Security Controls – What Works

Security Controls – What Works
© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)

© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Session 3 – Information Security Policies

Session 3 – Information Security Policies

Similar presentations

Ads by Google