Presentation is loading. Please wait.

Presentation is loading. Please wait.

© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc. 11705 Lightfall Court Columbia, MD 21044 A Blumberg Capital, Valley Ventures and Intel Capital Funded.

Published byVerity Lester Modified over 9 years ago

Similar presentations

Presentation on theme: "© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc. 11705 Lightfall Court Columbia, MD 21044 A Blumberg Capital, Valley Ventures and Intel Capital Funded."— Presentation transcript:

1 © by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc. 11705 Lightfall Court Columbia, MD 21044 A Blumberg Capital, Valley Ventures and Intel Capital Funded Security Company Gary Christoph, Ph.D. Sr. VP Government and Healthcare gchristoph@seclarity.com 410-884-1313 April 8, 2005 HIPAA Strategies

2 © by Zephra Corporation 2002, Slide: 2 © by Seclarity Inc. 2004, Slide: 2© by Seclarity Inc. 2005, Slide: 2 The Issue Recent Compliance Mandates (HIPAA, GLBA, SarbOx, etc.) are (unfortunately) strong security drivers Network Security is Hard and Expensive Use a “Common Sense” approach

3 © by Zephra Corporation 2002, Slide: 3 © by Seclarity Inc. 2004, Slide: 3© by Seclarity Inc. 2005, Slide: 3 Administrative Procedures Technical Security Services Not currently required Electronic Signature Physical Safeguards General Rules Limitations Technical Security Mechanisms HIPAA Title II Administrative Simplification Transaction Standards Standard Code Sets Unique Health Identifiers Security Privacy Chain of Trust Agreement Certification, Secure Workstation Physical Access Controls, Media Controls, etc. Security Awareness PHI data elements defined Notice of Privacy Practices mandated Consent required for routine use Authorization required for non-routine use Business associate contracts required Designated Privacy Officer stored, in any medium (electronic, paper, oral) Data Authentication Internal Audit, Training, Written Policies & Procedures, etc. Training Basic Network Safeguards Integrity and Protection Basic Network Safeguards Integrity and Protection Access Controls Authorization Access Controls Authorization Entity Authentication Covers Protected Health Information (PHI) transmitted or Minimum necessary disclosure/use of data

4 © by Zephra Corporation 2002, Slide: 4 © by Seclarity Inc. 2004, Slide: 4© by Seclarity Inc. 2005, Slide: 4 What Does HIPAA Really Require? YOU MUST: Think about the risks you face Develop coherent, enforceable policy Write it down Implement/operate whatever controls this requires Train/educate staff Periodically test & document

5 © by Zephra Corporation 2002, Slide: 5 © by Seclarity Inc. 2004, Slide: 5© by Seclarity Inc. 2005, Slide: 5 Policy is not written down Written policy is not followed Implementations are not “fire and forget” Consultants aim to make money, not fix the problem Compliance Issues:

6 © by Zephra Corporation 2002, Slide: 6 © by Seclarity Inc. 2004, Slide: 6© by Seclarity Inc. 2005, Slide: 6 People are involved  People are neither repeatable nor logical  People on the job make inappropriate assumptions Technical Solutions are too complex  Point products do not tile the floor  Management of many solutions is not easy or cheap  Pace of technological change adds new vulnerabilities (e.g., wireless) Administrative Solutions that are not  Processes get in the way of work  Controls violated without your knowledge or without consequence Hard NW Security/Privacy Issues:

7 © by Zephra Corporation 2002, Slide: 7 © by Seclarity Inc. 2004, Slide: 7© by Seclarity Inc. 2005, Slide: 7 Decide what is important to protect Find a simple way to protect it Document it A Simple Strategy:

8 © by Zephra Corporation 2002, Slide: 8 © by Seclarity Inc. 2004, Slide: 8© by Seclarity Inc. 2005, Slide: 8 The Regs were written to be scalable and technology neutral. Why? Rules have to cover everything from a one- person Dentist’s office in Podunk, Missouri, to Johns Hopkins Hospital It economically makes no sense to require everyone to have the same controls Technology evolves Therefore: The solution must fit the need

9 © by Zephra Corporation 2002, Slide: 9 © by Seclarity Inc. 2004, Slide: 9© by Seclarity Inc. 2005, Slide: 9 Technical Solution Target Want transparency  Easy for users to comply  Easy for admins to enforce Want universality  Everywhere same policy enforced the same  Use technology to reduce administrative controls Want simplicity  Complexity is the enemy  Easy to manage Want verifiability  Documentable Want cheap  Do not want to go out of business

10 © by Zephra Corporation 2002, Slide: 10 © by Seclarity Inc. 2004, Slide: 10© by Seclarity Inc. 2005, Slide: 10 A Simplified View of a Contemporary “Secured” Network: VPN IDS Proxy Wireless Remote users With Software VPN agents Unencrypted Traffic Encrypted Traffic Internet Firewall Unencrypted Traffic

11 © by Zephra Corporation 2002, Slide: 11 © by Seclarity Inc. 2004, Slide: 11© by Seclarity Inc. 2005, Slide: 11 A Simple view of an Endpoint-Secured Network: Wireless Remote user Encrypted Traffic Internet Firewall Encrypted Traffic

Download ppt "© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc. 11705 Lightfall Court Columbia, MD 21044 A Blumberg Capital, Valley Ventures and Intel Capital Funded."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Information Security Policies and Standards

Information Security Policies and Standards

Similar presentations

Ads by Google