Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 1.02 Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Published byShawn Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "1 1.02 Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &"— Presentation transcript:

1 1 1.02 Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar & Associates, LLC, former HIPAA Compliance Officer for Providence Health Plans

2 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 2 Presentation Overview What are the worries Internal & External Risks Steps to address risks What is a firewall and why is it needed Malicious code or viruses Transmitting information securely Resources Summary

3 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 3 What are the Worries Wireless security Portable devices Encryption/secure messaging Access control (including remote access) Employees and hackers

4 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 4 What are the Worries Employee termination Risk assessment Policies and procedures Social engineering Controlling access to your facility

5 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 5 What are the Worries Media disposal and re-use Staff training Anti-virus/spyware Password management Disaster planning

6 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 6 Steps to Take Risk assessment essential Risk management needed follow up Senior management buy in – risk avoidance isn’t always free Monitoring and auditing Utilize appropriate technology

7 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 7 Steps to Take Regulatory watch Open the closet – avoid hiding security and privacy incidents Stay current Take advantage of industry partnerships Consistency

8 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 8 Steps to Take The need to protect facilities and equipment Data center – critical to your business Changing locks and key cards Temporaries, contractors & volunteers Social engineering

9 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 9 Steps to Take Workstation security Secure storage (i.e., file cabinets, medical record shelving, etc.) Portable devices & dangers of theft and loss Remote access or teleworking Physical transport of PHI (media & hardware)

10 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 10 Steps to Take Policies and procedures Access control & Role-based access Password management Encryption or secure messaging Malicious code Spam

11 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 11 Steps to Take Internet use and misuse Intrusion detection Vulnerability detection Audit logs Backup & recovery Disaster & recovery/business continuation plan

12 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 12 Steps to Take Operating system security Laptop/PDA encryption Termination procedures Disposal of hardware and data Fitting technical security measures to need

13 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 13 Steps to Take Appointment of a security officer Staff training needs Cultural change Sanctions & enforcement Managing your workforce

14 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 14 Steps to Take Defining roles and “need to know” Minimum necessary applies Auditing requirements Record retention & retrieval Confidential faxing and other forms of sensitive communication

15 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 15 Firewalls & Why Use Them Allows wanted electronic traffic in and out of your organization Blocks damaging electronic traffic Firewall logs and what they mean Security against hackers

16 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 16 Firewalls & Why Use Them Hardware versus software firewalls – what’s the difference? Available even to smallest organizations Hackers look for openings Protect your health information Acts as security guard

17 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 17 Viruses, trojans and worms Spyware Malicious cookies Spam E-mail threats Malicious Software

18 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 18 Anti-virus software and its use Anti-spyware and its use Anti-spam software and its use Built for small to large organizations The layered approach Malicious Software

19 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 19 “Clear text” versus encryption What is encryption? Compressed files not encryption File transfer protocol Virtual private networks Transmission Security

20 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 20 Web messaging Public key infrastructure Secure web sites Why encrypt? Inexpensive solutions Transmission Security

21 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 21 Resources Center for Medicare & Medicaid Services HIPAA Web Site: http://www.cms.hhs.gov/hipaa/hipaa2/def ault.asp http://www.cms.hhs.gov/hipaa/hipaa2/def ault.asp National Institute of Standards & Technology (NIST): http://www.nist.govhttp://www.nist.gov Workgroup for Electronic Data Interchange: http://www.wedi.orghttp://www.wedi.org

22 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 22 Resources HIPAA Assessment: http://www.nchica.org/activities/EarlyVie w/nchicahipaa_earlyview_tool.htm http://www.nchica.org/activities/EarlyVie w/nchicahipaa_earlyview_tool.htm SANS: http://www.sans.orghttp://www.sans.org (ISC) 2 : http://isc2.orghttp://isc2.org HIMSS: http://himss.orghttp://himss.org

23 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 23 Resources The First Steps Toward Security: http://www.bindview.com/Resources/Arti cles/HealthData%20Mgmnt6-26.pdf http://www.bindview.com/Resources/Arti cles/HealthData%20Mgmnt6-26.pdf RSA: http://www.RSA.comhttp://www.RSA.com Tunitas Group: http://www.tunitas.com/http://www.tunitas.com/ National Institute of Health (regulatory information): http://list.nih.govhttp://list.nih.gov

24 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 24 Nothing is risk free Remember to pay attention to internal and external threats Simple solutions equal quick compliance and sound business practice Firewalls are mandatory Malicious code or software can shut down your business Secure transmission of health information – accessible and necessary Summary

25 April 7, 2005Presenter - Chris Apgar, CISSP Apgar & Associates, LLC 25 Question & Answer Chris Apgar, CISSP President Apgar & Associates, LLC 10730 SW 62 nd Place Portland, OR 97219 (503) 977-9432 (voice) (503) 245-2626 (fax) (503) 816-8555 (mobile) Capgar@easystreet.com

Download ppt "1 1.02 Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &"

Similar presentations

Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.

12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Similar presentations

Ads by Google