Presentation is loading. Please wait.

Presentation is loading. Please wait.

University Health Care System 1 HTM 660 Systems Management and Planning May 2014.

Published byMarianna Franklin Modified over 9 years ago

Similar presentations

Presentation on theme: "University Health Care System 1 HTM 660 Systems Management and Planning May 2014."— Presentation transcript:

1 University Health Care System 1 HTM 660 Systems Management and Planning May 2014

2 Introduction/Purpose Background Process Utilized Chart linking projects to HCO’s strategies and goals Prioritized Portfolio with Budget Tactical Plan Questions & Answers 2

3 Introduction/Purpose /Background The project steering committee is requesting approval for the acquisition of FireEye security system. Objective - In order to prevent future data breaches that our organization has recently experienced when thousands of patients health records were accessible online, our project will focus on acquiring a high level software security application called FireEye. The software product, FireEye, will meet all of the needs of the project. 3

4 Project Steering Committee 4 CIO CFO CNA Project manager Representatives from nursing, medical assistants, and office manager. IT support will be engaged in the last phase of implementation.

5 Background HIPPA Violation Post Breach Response Record $4 Million Settlement Preventative Action Plan 5

6 Scope of Work FireEye: 95% of All Networks are Compromised (FireEye.com)FireEye.com Upgrade Current Security System Server Upgrade Integration Timeline Project Measurement and Budget Maintain - Speed, Accuracy Protection for clinicians and patients data 6

7 Scope of Work Continued 7 Timeline - 1 Year 3 Phases Fiscal Year 2015 Department Needs - Representatives from all sectors * Our project team is dedicated to deliver advanced data threat protection of patients health information by acquiring FireEye throughout the University Health Care system.

8 8 Ensure communication modes and data storage points, including web browsing, email, content security, endpoint security, and forensic analysis are secure. Develop New Protocol - Firewall Virus scanner Reporting Universal adoption of FireEye technology in every hospital and medical center, which would enable a uniform standard of security across the healthcare system. Measured - Decrease % Leaks Increase Security Decrease Organizational Liability Increase % Leaks Identified at Stage 1 Deliverables

9 9 High % of staff who use the system successfully Low incidence of lost data Physical modes of security can still be implemented: Security guards monitor computers All employees must change passwords every three months All staff must file a report for every breach Finally, these reports must be filed to HIPAA authorities within a timely manner of the incident. FireEye is believed to be a means to make EHR data more secure and breaches more easily identified. Deliverables Continued

10 10 Timeline TaskDeadline Analysis and contractingSeptember-15-2014 Hard ware and software installationOctober-01-2014 Registration interfaceNovember-03 -01 Update HER systemDecamber-01-14 Staff TrainingDecember -15-14 System set upJanuary -05-2015 IT staff trainingJanuary-12-2015 Go live dateJanuary -20-2015

11 11 Budget Highlight Project NameOperating Cost Capital budget$100,000 Software$30,000 Hardware$15,000 Access points$10,000 Operation Maintenance cost$10,000 First year services$15,000 Security guard on computer$6,500 Simulation test (trial period)$5,000 Staff training$8,500

12 Major Stakeholders Project Manager Project Steering Committee C Level Executives Current IT Staff New IT Staff FireEye Vendor Solutions Team 12

13 13 All hospital executives (CEO, CIO, CFO) are responsible for making policies to keep the system compliant with HIPAA regulations. The entire IT department must develop and maintain a tightly monitored electronic information system employing a firewall, antivirus software and a two-factor authentication access. Finally, all hospital staff, all the way down to the custodial staff, must remain vigilant of their own and others’ behavior. Any unauthorized verbal or written sharing of patient information must be immediately reported, and the offending employee given a warning or reprimanding. *The system encourages proper resources be maintained post procurement of information systems. Without access to support, the possibility of a fall could occur. Project Support and Authority

14 University Health Care employees are willing to change business operations to take advantage of the functionality offered by the new FireEye security technology. Management will ensure that project team members are available as needed to complete project tasks and objectives. The project team will participate in the timely execution of the FireEye Project Plan (i.e., focus meetings when required). 14 Assumptions and Dependencies

15 15 Failure to rollout new security system within the time specified in the project timeline will result in project delays. Project team members will adhere to all project guidelines. Mid and upper management in including nurse management leaders will foster support to the project goals and objectives. The FireEye Project Plan may change as new information and issues are revealed. Assumptions and Dependencies Continued

16 Constraints 16 Project funding sources are limited. Due to the estimated budget cost resource availability is inconsistent. Internet connections could be affected due to slower rate of connectivity because of the new implemented security system.

17 Known Risks 17 Cost - $100,00 per Installation Operating Costs & Hidden Costs Additional Risks Unknown *Furthermore, access is never 100% secure. The system is designed to be highly accessible to authorized figures, but must be closely guarded against unauthorized use. If a password leaks, a logged in computer is left unattended or any patient information is written on paper and left unattended, this could constitute a security breach, even with FireEye. If any part of confidential patient information (no matter how small) is leaked, it constitutes a breach of patient privacy.

18 Procurement Items 18 Identifying relevant information systems Conducting a risk assessment Implementing a risk management program Acquiring IT systems and services Creating and deploying policies and procedures

19 Creating and Deploying Policies and Procedures 19 All policies and procedures will receive a refresh post acquisition allowing staff time to assimilate to new critical measures. New items will align with HIPPA regulations and also take into account any new software or hacking awareness learnings from recent retail data breaches in a sister industry. Content has the ability to be procured and distributed in a wide ranging variety across the internet and the challenge will be to learn from those around us in creating a new set of privacy policies and procedures to protect patients.

20 Q/A Thank You 20

Download ppt "University Health Care System 1 HTM 660 Systems Management and Planning May 2014."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.

SLIDE 1 Westbrook Technologies from Fortis: A Healthcare Solution for Medical Records, Billing and HIPAA.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”

Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Electronic Health Records Danielle P. Berthelot, RHIA Director, Health Information Management and Cancer Registry Privacy Officer Woman’s Hospital.

Electronic Health Records Danielle P. Berthelot, RHIA Director, Health Information Management and Cancer Registry Privacy Officer Woman’s Hospital.
Iron Mountain’s Email Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.

Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
Security Controls – What Works

Security Controls – What Works
Clinical Information System Implementation Project Prepared for Clinical Affairs Committee December 4, 2002.

Clinical Information System Implementation Project Prepared for Clinical Affairs Committee December 4, 2002.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
IT Governance and Management

IT Governance and Management
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

Similar presentations

Ads by Google