Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO.

Published byMichelle Weber Modified over 11 years ago

Similar presentations

Presentation on theme: "HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO."— Presentation transcript:

1 HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO Treadstone 71 www.treadstone71.com jbardin@treadstone71.com

2 Agenda From Threat Agent to Safeguard The NSA IAM Method Criticality of Information Matrix Systems Criticality Matrix OCTAVE SM Method Human Actors Using Network Access Threat Profile: System Problems Basic Risk Profile Initial Findings Scorecards HIPAA & ISO17799 Roadmap Q&A

3 Vulnerabilities available for exploit

4 Threat Agent Threat Vulnerability Risk Asset (ePHI) Exposure Safeguard Gives rise to Exploits Leads to Can damage And causes an Can be countermeasured by Directly affects

5 ConfidentialityIntegrityAvailability Patient Records Medical Staff Records Employee Records Vendor Contracts Employee Health Records Legal Files (lawsuit information) Contracts w/Agency People Meeting Minutes (Board) Survey Reports (Joint Commission (Medicare/Medicaid) Docs – Security Eng Tests & Inspections Patient Accounts Financial Audits Planning Documents (Strategic/Master Facility Plan) Payroll Records Psych/Drug/Alcohol/HIV Criticality of Information Matrix HMMMHMMM M M M M M M H H H H HHHHHHHHHH H H H H H H M H H H HMMMHMMM M M M M M M H H H H M M National Security Agency Information Assurance Methodology

Download ppt "HIPAA Security: Case Studies for Small to Medium Health Organizations (Compliance Methods) Jeff Bardin, CISSP, CISM, NSA IAM, OCTAVE SM Principal & CSO."

Similar presentations

W E S T V I R G I N I A 2012 School Health Profiles Report Weighted Principal Survey Results.

W E S T V I R G I N I A 2012 School Health Profiles Report Weighted Principal Survey Results.
Vendor Management September 7 th 2007 James Mahan, Vice President Yankee Alliance.

Vendor Management September 7 th 2007 James Mahan, Vice President Yankee Alliance.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
M I N N E S O T A 2012 School Health Profiles Report Weighted Principal Survey Results.

M I N N E S O T A 2012 School Health Profiles Report Weighted Principal Survey Results.
Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.
© 2009 Cengage Learning. All Rights Reserved. Electronic Health Records.

© 2009 Cengage Learning. All Rights Reserved. Electronic Health Records.
HIPAA Security Rule November 16 th, 2004 ISSA/ISC ² Secure SD Security Conference, San Diego, CA Sean Lewis CISSP (ISSAP, ISSEP, ISSMP), CISA, SSCP, TICSA,

HIPAA Security Rule November 16 th, 2004 ISSA/ISC ² Secure SD Security Conference, San Diego, CA Sean Lewis CISSP (ISSAP, ISSEP, ISSMP), CISA, SSCP, TICSA,
Practice Management Tool Kit 2006 Georgia Medical Fair September 8 & 9, 2006.

Practice Management Tool Kit 2006 Georgia Medical Fair September 8 & 9, 2006.
W Y O M I N G 2014 School Health Profiles Report Weighted Principal Survey Results.

W Y O M I N G 2014 School Health Profiles Report Weighted Principal Survey Results.
MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.

MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.
C. P. Mansoor S. Ahmed M. Com, PGDBA.  Not confined to Independent Audit  Systematic Examination of  Records  Procedures  Systems  Operations.

C. P. Mansoor S. Ahmed M. Com, PGDBA.  Not confined to Independent Audit  Systematic Examination of  Records  Procedures  Systems  Operations.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Similar presentations

Ads by Google