Presentation is loading. Please wait.

Presentation is loading. Please wait.

REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.

Published byStewart McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services."— Presentation transcript:

1 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Scott C Pettigrew Practice Consultant Privacy & Security Tools Overview

2 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services The Approach 2 PrepareIdentifyPrioritizeMitigate

3 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services 3 PrepareIdentifyPrioritizeMitigate Prepare: Gather the knowledge, organizational information, and expertise to successfully perform a Privacy & Security audit.

4 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Gather Knowledge Research How do the Privacy & Security rules affect your organization? What are the possible implications if a breach occurs? Perform Site Inventory What technology is used in your practice? Do these items transmit, process, or store EPHI? Do you have a set of relevant policies and procedures? Where are they located? When were they last updated? When did you last review with your staff? 4 PrepareIdentifyPrioritizeMitigate

5 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Assemble Your Team Internal Resources Who in your organization has the most knowledge about technology and how it’s used? Provider involvement is critical! External Resources IT Vendor Parent or Affiliate Organization IT Security Staff EHR Vendor Regional Extension Center Security Organizations 5 PrepareIdentifyPrioritizeMitigate

6 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Tools: Preparation HIT Security Risk Assessment Questionnaire: Inventory Assets (Preparation) 6 PrepareIdentifyPrioritizeMitigate

7 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services 7 PrepareIdentifyPrioritizeMitigate Identify: Assess each functional area and technology resource where EPHI is processed, stored, or transmitted to find areas of vulnerability.

8 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Facility Walkthrough Tools: Identification 8 PrepareIdentifyPrioritizeMitigate

9 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Tools: Identification Risk Assessment Questionnaire: Screening Questions (Step 1) 9 PrepareIdentifyPrioritizeMitigate

10 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services 10 PrepareIdentifyPrioritizeMitigate Prioritize: Examine each possible vulnerability, honestly rating the current systems’ effectiveness, likelihood of breaches, and the impact a breach would have.

11 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Tools: Prioritization Risk Assessment Questionnaire: People & Processes (Step 2a) 11 PrepareIdentifyPrioritizeMitigate

12 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Tools: Prioritization Risk Assessment Questionnaire: Technology (Step 2b) 12 PrepareIdentifyPrioritizeMitigate

13 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services 13 PrepareIdentifyPrioritizeMitigate Mitigate: For each identified area of vulnerability, maximize the effectiveness of existing controls, and minimize both the possibility of breach and the extent of damage should an unavoidable breach take place.

14 REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services Tools: Mitigation Risk Assessment Questionnaire: Findings – Remediation (Step 3) 14 PrepareIdentifyPrioritizeMitigate

Download ppt "REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services."

Similar presentations

1 www.vita.virginia.gov IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1, 2013 www.vita.virginia.gov.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
A Brief Overview of Emergency Management Office of Emergency Management April 2006 Prepared By: The Spartanburg County Office of Emergency Management.

A Brief Overview of Emergency Management Office of Emergency Management April 2006 Prepared By: The Spartanburg County Office of Emergency Management.
SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,

SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.

EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Vulnerability Assessments

Vulnerability Assessments
Development plan and quality plan for your Project

Development plan and quality plan for your Project
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Involuntary Resettlement 0P 4.12: Financial Intermediaries and Resettlement Planning Instruments.

Involuntary Resettlement 0P 4.12: Financial Intermediaries and Resettlement Planning Instruments.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Practical Information on Crisis Planning: A Guide for Schools and Communities U.S. Department of Education August 2004.

Practical Information on Crisis Planning: A Guide for Schools and Communities U.S. Department of Education August 2004.
Security Assessments FITSP-A Module 5

Security Assessments FITSP-A Module 5

Similar presentations

Ads by Google