Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kit Robinson Director Data Loss Prevention and HIPAA.

Published byMichelle Weber Modified over 11 years ago

Similar presentations

Presentation on theme: "Kit Robinson Director Data Loss Prevention and HIPAA."— Presentation transcript:

1 Kit Robinson Director kit.robinson@vontu.com Data Loss Prevention and HIPAA

2 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. ID Theft Tops FTC's List of Complaints For the 5 th straight year, identity theft ranked 1 st of all fraud complaints. 10 million cases of Identity Theft annually. 59 percent of companies have detected some internal abuse of their networks

3 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Changing Threats to Data Security

4 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Top 10 Most Frequent Incidents 1.Patient PHI sent to partner, again, and again 2.Employee 401k information sent outbound and inbound 3.Payroll data being sent to home email address 4.Draft press release to outside legal council 5.Financial and M&A postings to message boards 6.Source code sent with resume to competitor 7.SSNs…and thousands of them 8.Credit Card or account numbers….and thousands of them 9.Confidential patient information 10.Internal memos and confidential information

5 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Data Loss Prevention 1.Where is my confidential data stored? –Data at Rest 2.Where is my confidential data going? –Data in Motion 3.How do I fix my data loss problems? –Data Policy Enforcement Three Key Customer Challenges

6 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Why Data Loss Prevention is a Priority Compliance Brand and Reputation Protection Remediation Cost 1:400 messages contain confidential information 1:50 network files are wrongly exposed The Risk

7 American National Insurance Company Business Drivers –Protect policy holder information –Protect employees PHI –Layered approach with email encryption –HIPAA Compliance Why Vontu Was Selected –Ability to prevent policy breaches –Integration with PGP encryption American National Insurance Results –Monitor all protocols –Prevention activated with PGP within two months –Automated enforcement –Encrypt all emails with employee or patient information Fortune 583 Market Cap $3.25B Revenue $2.9B Employees 4,200 Industry: Insurance Vontu Solution 1.Monitor 2.Prevent

8 American Association of Retired Persons Business Drivers –Protect membership information –Protect Social Security Numbers –Protect credit card numbers and PCI compliance –Protect confidential documents Why Vontu Was Selected –Ability to block/quarantine messages –High degree of accuracy –Ability to delegate incident response to business units AARP Results –Secure partner communications –Efficiency in investigations –Updating insecure business processes Fortune 583 Market Cap $3.25B Revenue $2.9B Employees 2,670 Vontu Solution 1.Monitor 2.Prevent

9 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Enforce Policies to Reduce Risk Incidents Enforcement Levels 1.Remediation 2.Notification 3.Prevention and Protection How is Risk Reduced? –Fix broken processes –Educate workforce –Notify policy violators –Notify management –Protect files –Prevent incidents BaselinePrevention & Protection RemediationNotification 100 80 60 40 20 0

10 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Unified Data At Rest and Data in Motion Protection Intellectual Property Source Code Design Documents Patent Applications Patient Data Social Security Numbers Non-Public Information Credit Card Numbers Corporate Data Financials Merger & Acquisitions Strategy and Planning Employee Data Social Security Numbers Employee Contact Lists 401K and Benefits Info

11 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Discover and Protect Confidential Data at Rest Define Confidential Data Policy Run Scan and Discover Exposed Data Enforce Policy by Automatically Protecting Files Report on Risk and Compliance Remediate Incidents 1 2 3 4 5

12 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Monitor and Prevent Confidential Data in Motion Employee Sends Confidential Data Vontu Detects or Prevents Incident Vontu Notifies Employee Report on Risk and Compliance Vontu Workflow Automates Remediation 12 3 4 5

13 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Secure Messaging Solution Employee sends confidential data Vontu detects incidents Vontu tags email message Report on Risk and Compliance PGP automatically encrypts tagged messages 12 3 4 5

14 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Vontu covers HIPAA Vontu HIPAA Policy How Vontu Detects HIPAA 1.Exact Patient Data –Social Security Numbers –Health Insurance Card Numbers –First Name, Last Name –Address & Phone Numbers WITH 2.Drug, Disease, Treatments –Medical Disease Keywords –Medical Treatment Keywords –Drug Keywords EXCEPT 3.Specific TPO Partners Individually Identifiable Health Information Identifies the individual AND Past, present, or future physical or mental health or condition of an individual OR The provision of health care to an individual OR The past, present, or future payment for the provision of health care to an individual NOT Communications with Treatment, Payment, Operations (TPO) partners Health Insurance Portability & Accountability Act 1996

15 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Healthcare Solution Pack Solution PackData Loss Priorities & PolicyRoles & Responsibilities HealthcareCompliance –Regulations (HIPAA) –M&A language Patient & Employee Data –Account info –Personal info –Enrollment info –Employee benefit info –Pharmacy info –Insurance Claim info Confidential Data –Rate Calculators –Financial info –M&A info –General confidential docs Security Services Responder –Front line for remediation –Fan-out to extended remediation team Security Services Manager –Escalations within the Security Services Compliance Officers –Compliance & incident trends –Risk scorecards Internal Auditors –Compliance & incident trends –Risk scorecards HR/Employee Relations –Incidents that lead to employee termination Legal/Privacy Officers –Investigate incidents to mitigate legal actions –Compliance & incident trends –Risk scorecards Investigations & Forensics –Focused investigation on specific employees Business Unit Managers –Corporate involvement on escalated incidents Executives (trends & dashboards) –Risk trends and performance metrics –Risk dashboards

16 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Data Loss Prevention Requirements Discover and Protect Confidential Data at Rest Monitor and Prevent Confidential Data in Motion Accurate Detection Across All Content and Groups Automate Enforcement and Response Workflow Encryption Visibility and Control Safeguard Employee Privacy Proven Global Scale and Architecture

17 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Self-Risk Assessment 1.How many emails leave your company with PHI? 2.Who is sending the confidential information? 3.What are your most offensive protocols? 4.How many of these emails violated a regulation? 5.What is your risk level compared to that of peer companies or competitors?

18 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. High 721 incidents High 10,178 incidents Very High 78 incidents Medium 939 incidents High 624 incidents Data in Motion Risk Assessment Scorecard Severity x Frequency = Risk Priority DataSeverity of LossData at Rest HIPAA High Patient Data High Physician Referral High CA 1386 High Research High Very High High FrequencyRiskFrequency High 256 incidents High 2178 incidents Medium 9 incidents Medium 132 incidents High 24 incidents Very High High Risk Very High Medium

19 © 2006 Vontu, Inc. Proprietary and Confidential. All Rights Reserved. Data Loss Prevention In Summary Reduce Risk of Data Loss Reduce Financial Loss Protect Brand and Reputation Demonstrate Compliance Vontu met all our requirements to meet the highest degree of compliance with both our own data security policies and state and federal regulations Charles Addison CIO American National Insurance

20 Kit Robinson Director kit.robinson@vontu.com Data Loss Prevention and HIPAA

Download ppt "Kit Robinson Director Data Loss Prevention and HIPAA."

Similar presentations

HIPAA and Joint Commission Requirements Compared and Contrasted

HIPAA and Joint Commission Requirements Compared and Contrasted
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in e-mails Integrated.

1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
A Do-It Yourself Guide (Sort of…) Veritas Solutions Group, LLC

A Do-It Yourself Guide (Sort of…) Veritas Solutions Group, LLC
Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Founded 1993 Primary focus – Enterprise Risk Management Solutions COMPANY PROFILE.

Founded 1993 Primary focus – Enterprise Risk Management Solutions COMPANY PROFILE.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
Www.accessdata.com Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)

Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
© Chery F. Kendrick & Kendrick Technical Services.

© Chery F. Kendrick & Kendrick Technical Services.
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.

Similar presentations

Ads by Google