Your SlideShare is downloading. ×
Software for HIPAA Compliance and Enterprise Risk Analysis R ISK W ATCH ®
Tally of improperly accessed UCLA patient records tops 1,000 The number of patients whose hospital records were improperly...
New Health-care Privacy Laws Increase Fines for up to $50,000 for HIPAA Compliance in California <ul><li>Health care organ...
HHS slaps Providence Health with $100,000 fine <ul><li>WASHINGTON – The  Department of Health and Human Services  has levi...
New Emphasis on Risk Analysis <ul><ul><li>Importance of Information Technology </li></ul></ul><ul><ul><li>IT has become th...
Increased Requirements for  Security Risk Assessments <ul><li>HIPAA was one of the first requirements for comprehensive ri...
R ISK W ATCH ® <ul><li>Incorporates continually updated regulatory requirements and guidelines, including NPRM (ISO, HIPAA...
RiskWatch Uses Compliance Regulations,  Standards and Guidelines <ul><li>Information Security/ISO 17799 </li></ul><ul><li>...
WHAT’S RISKWATCH?   <ul><li>Since 1993, RiskWatch has been the Leader in  Security Risk Assessment Software </li></ul><ul>...
RiskWatch Solutions <ul><li>RiskWatch for HIPAA Compliance </li></ul><ul><li>RiskWatch for Hospital Security (Physical) </...
RISKWATCH ®  Value <ul><li>Reduces time  involved in performing a Risk Analysis by 70% </li></ul><ul><li>Users are able to...
Data Aggregation & Analysis Patient Info. Software Automatically Analyzes  Over 3 Million  Linking Relationships Risk = As...
RISKWATCH ®  Risk Assessment Process Automated Survey Management Process Management Data Aggregation &  Analysis Content (...
RiskWatch Clients                
RiskWatch is The First Choice in Security Risk Assessment Software <ul><li>Proven Methodology - Field Tested with   Hospit...
Why RiskWatch Stays Number One <ul><li>“ What sets RiskWatch apart from its competitors is its focus on risk analysis for ...
RiskWatch Elevates  IT Security Compliance  Up to the Boardroom <ul><li>Discovers and validates vulnerabilities present in...
Progress at a Glance – Tracks the Case
ELEMENTS OF A METRICS-BASED  RISK ASSESSMENT APPROACH ASSETS THREATS VULNERABILITIES LOSSES SAFEGUARDS
ADAPTABLE FOR EITHER  QUALITATIVE  (COMPLIANCE ONLY) ASSESSMENTS OR  FULL RISK ASSESSMENTS  <ul><li>Analyst has  full cont...
Use Inventory Information or  Asset Configuration Tool based on  Standard Capital Expenditures Allocation Tables
RISKWATCH PROVIDES AGGREGATED THREAT DATA OR INPUT YOUR OWN ORGANIZATIONAL DATA SUCH AS INCIDENT REPORT DATA <ul><li>Quant...
THREAT TABLE  IS  FULLY CUSTOMIZABLE  BY THE USER BASED ON INCIDENT  DATA OR PEN TEST DATA
INCLUDES ALL RELEVANT VULNERABILITY AREAS
QUESTIONS CAN BE TAILORED BY THE USER AND CATEGORIES CAN BE SELECTED FOR EACH  SPECIFIC ANALYSIS <ul><li>Questions Follow ...
Each question uses actual security regulations as control standards and is linked to appropriate Functional Areas
Respondents Can Answer Questions over the Web with full ASP functionality
<ul><li>Questions Follow Audit Format </li></ul><ul><li>Control Standard, Question Statement </li></ul><ul><li>and Related...
INCLUDES ALL RELEVANT  IT CONTROL CATEGORIES
EACH POTENTIAL SAFEGUARD INCLUDES DEFAULT VALUES FOR COST, MAINTENANCE AND LIFE CYCLE
RESULTS FROM THE RISK ASSESSMENTS <ul><li>Measurable data which can be benchmarked  </li></ul><ul><li>Prove validity of fi...
The Case Summary Report Is  Pre-Written for Management
EASY TO UNDERSTAND  GRAPHS ILLUSTRATE OVERALL COMPLIANCE VS. NON-COMPLIANCE
Vulnerability Distribution Report Shows the Weak Compliance by Requirement
Track Compliance by Individual 26 % - Computer Security  Manager 27 % -  ISO Compliance Officer 12 %  - CTO 11 %  - Financ...
Vulnerability reports include complete audit trails and powerful analysis tools
SAFEGUARD REPORT -- RECOMMENDED CONTROLS BY RETURN ON INVESTMENT
Demonstrates Overlapping Layers of Protection by Implementing Top 20 Controls
THE BOTTOM LINE  HIPAA-Watch Ensures Ongoing  Compliance Measurement and Validation <ul><li>Data Security/Privacy regulati...
RiskWatch, Inc. [email_address] Caroline Hamilton 410-224-4773 x105 www.riskwatch.com
Upcoming SlideShare
Loading in...5
×

RiskWatch for HIPAA Compliance™

1,707

Published on

RiskWatch for HIPAA Compliance™ is the top-rated total HIPAA compliance software that meets the risk analysis requirement and also does a TOTAL HIPAA COMPLIANCE ASSESSMENT! Use it on your laptop, desktop, server or over the web.

RiskWatch for HIPAA Compliance™ includes the entire HIPAA standard and NIST 800-66 and questions are separated by role including Medical Records, Clinical Staff, Database Administrator, etc. RiskWatch worked with regulators and auditors to make sure your RiskWatch for HIPAA Compliance™ assessment will stand up to the strictest audit. It also includes a Project Plan (in MS Project and Excel) so you can plan every aspect of your project.

RiskWatch for HIPAA Compliance™ writes all the reports for you automatically -- including charts, graphs and detailed information. The Case Summary Report includes Compliance vs. Non-Compliance graphs, where the non-compliance came from, how compliance matches requirements, and answers mapped by individual name or job category. The report can be edited to add photos, network diagrams, etc. RiskWatch for HIPAA Compliance™produces many other reports, including recommendations for improving your compliance profile. It also provides recommendations for risk mitigation and shows potential solutions by Return On Investment. Most importantly -- RiskWatch for HIPAA Compliance™ creates management level reports with complete audit trails and easy to understand recommended mitigation solutions included, and ranked by Return On Investment. Data can also be ported directly in your Business Continuity and Disaster Recovery plans.

Now also Includes Pandemic Flu Assessment! Consistently rated as the best software for HIPAA compliance, RiskWatch for HIPAA Compliance™ is used by hundreds of hospitals, health plans, insurance companies, academic medical centers and consulting organizations to meet HIPAA requirements. RiskWatch users include University of Miami, Sparrow Hospital, BlueShield of California, University of New Mexico, University of West Virginia, Harvard Pilgrim, Sisters of Mercy and St. John\'s Hospital.

Published in: Technology, Business
2 Comments
1 Like
Statistics
Notes
  • Write a comment...
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • The only comprehensive, economical, easy-to-use, do-it-yourself HIPAA compliance solution endorsed by medical associations and recommended by malpractice carriers nationwide. Is an easy and affordable way of providing HIPAA training that can be taken at your employee’s convenience and less expensive?
    The training covers HIPAA Basics, the Privacy and the Security rule. It must develop an internal benchmarking system• Implement safeguards as soon as possible• Evaluate current administrative, physical and technical safeguards It includes an online quiz and a certificate of completion. This will include having access to a training log detailing when training should be scheduled.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
1,707
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
2
Likes
1
Embeds 0
No embeds

No notes for slide
  • Transcript of "RiskWatch for HIPAA Compliance™"

    1. 1. Software for HIPAA Compliance and Enterprise Risk Analysis R ISK W ATCH ®
    2. 2. Tally of improperly accessed UCLA patient records tops 1,000 The number of patients whose hospital records were improperly accessed by employees at the UCLA Hospital System has topped 1,000, state officials said Wednesday. Kathleen Billingsley, director of the California Department of Public Health’s Center for Healthcare Quality, said the records of 1,041 patients have been breached, up from 939 in the state’s last report in August. The total number of UCLA workers who have been disciplined for breaching patient records now stands at 165, up from 127 since August.
    3. 3. New Health-care Privacy Laws Increase Fines for up to $50,000 for HIPAA Compliance in California <ul><li>Health care organizations that operate in California have two more good reasons to be sure that they comply with the data security and privacy requirements of the federal HIPAA law. </li></ul><ul><li>Last week, California Gov. Arnold Schwarzenegger signed into law two pieces of legislation that significantly increase state fines for security and privacy violations involving patient health information. The bills — known as Senate Bill 541 and Assembly Bill 211 — also set new breach-disclosure standards and mandate security controls for preventing unauthorized access to patient data. </li></ul><ul><li>In addition, AB 211 establishes a new state Office of Health Information Integrity that will be responsible for enforcing statutes governing the confidentiality of health care data and imposing administrative fines on entities that fail to comply with the rules. Both laws were signed by Schwarzenegger last Tuesday — the same day that he vetoed a data breach bill aimed at retailers — and are scheduled to take effect on Jan. 1, 2009. </li></ul>
    4. 4. HHS slaps Providence Health with $100,000 fine <ul><li>WASHINGTON – The Department of Health and Human Services has levied a $100,000 fine on Seattle-based Providence Health and Services for alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules. The violation, involving unprotected backup tapes, optical disks and laptops three years ago, compromised the protected health information of more than 386,000 patients, HHS officials said. </li></ul>
    5. 5. New Emphasis on Risk Analysis <ul><ul><li>Importance of Information Technology </li></ul></ul><ul><ul><li>IT has become the important part of most organizations </li></ul></ul><ul><ul><li>New federal and international standards require more IT risk analysis </li></ul></ul><ul><ul><li>HIPAA Compliance includes strong requirement for security risk analysis </li></ul></ul><ul><li>Governance, Risk & Compliance = Accountability </li></ul><ul><ul><li>Sarbanes Oxley has increased the accountability of management </li></ul></ul><ul><ul><li>Total HIPAA Compliance can also be assessed </li></ul></ul>
    6. 6. Increased Requirements for Security Risk Assessments <ul><li>HIPAA was one of the first requirements for comprehensive risk analysis. Most governments have instituted requirements and expecting companies will perform risk analysis on IT systems related to PHI (Protected Health Information) . Assessments can include identification of threats, vulnerabilities, and — based on both — an analysis of security gaps and mitigation strategies.. </li></ul>
    7. 7. R ISK W ATCH ® <ul><li>Incorporates continually updated regulatory requirements and guidelines, including NPRM (ISO, HIPAA, GLBA, PCI, SOX) </li></ul><ul><li>Easy to Navigate, Guides user through the entire process </li></ul><ul><li>Completely customizable by the user </li></ul><ul><li>Identifies and quantifies risk by using the relationships between asset, threats, loss probability and vulnerability </li></ul><ul><li>Automatically produces complete management-ready compliance and risk assessment reports </li></ul>A comprehensive and integrated software tool that automates the surveying, data collection, analysis and reporting for risk assessment and its on-going management for HIPAA Compliance
    8. 8. RiskWatch Uses Compliance Regulations, Standards and Guidelines <ul><li>Information Security/ISO 17799 </li></ul><ul><li>ISO/IEC 17799:2005 </li></ul><ul><li>ISO/IEC 27001 </li></ul><ul><li>COBIT 4 </li></ul><ul><li>Federal Information Systems </li></ul><ul><li>NIST 800-53 , NIST 800-53 Coming Soon -- NIST 800-53A Physical Security </li></ul><ul><li>Army Field Manual Best Practices </li></ul><ul><li>FEMA 426 – Protecting Buildings Against Terrorism </li></ul><ul><li>Hospital Security - Joint Commission, OCT 2007 </li></ul><ul><li>- IAHSS Standards, JAN 2008 - EoC - Environment of Care </li></ul><ul><li>Financial & Regulatory Compliance </li></ul><ul><li>FFIEC Audit Framework for Information Security and for Risk Analysis </li></ul><ul><li>California SB 1386 (Identity Theft) </li></ul><ul><li>Bank Secrecy Act (BSA) </li></ul><ul><li>PCI Data Security Standard </li></ul><ul><li>Sarbanes Oxley Act </li></ul><ul><li>GLBA (Gramm Leach Bliley Act) </li></ul><ul><li>HIPAA Compliance </li></ul><ul><li>Health Insurance Portability and Accountability Act of 1996 </li></ul><ul><li>NIST 800-66 </li></ul><ul><li>Electric & Nuclear Compliance </li></ul><ul><li>NERC – CIP 002-009 </li></ul><ul><li>Nuclear - NRC (Nuclear Regulatory Commission) & NEI </li></ul>
    9. 9. WHAT’S RISKWATCH? <ul><li>Since 1993, RiskWatch has been the Leader in Security Risk Assessment Software </li></ul><ul><li>NIST-CSE Model Builder’s Workshop on Risk Assessment & the NSA Rating Model Workshops 1988 - 1995 </li></ul><ul><li>Participated in the Working Group to Write DOD Directive on Risk Management under the Office of the Secretary of Defense, 1996-1998. </li></ul><ul><li>Participated in Dept. of Justice Working Group on Vulnerability Assessment Models for Homeland Security, 2003 </li></ul><ul><li>ASIS International, Information Technology & Security Council IBM Data Governance Council – Caroline Hamilton </li></ul>
    10. 10. RiskWatch Solutions <ul><li>RiskWatch for HIPAA Compliance </li></ul><ul><li>RiskWatch for Hospital Security (Physical) </li></ul><ul><li>RiskWatch for Information Systems & IS0 27001 </li></ul><ul><li>RiskWatch for Financial Institutions </li></ul><ul><li>RiskWatch for Federal Systems </li></ul><ul><li>RiskWatch for Physical & Homeland Security </li></ul><ul><li>RiskWatch Hosted RWANSWER </li></ul><ul><li>RiskWatch Risk & Recovery Planner </li></ul><ul><li>CASEWORKS </li></ul>
    11. 11. RISKWATCH ® Value <ul><li>Reduces time involved in performing a Risk Analysis by 70% </li></ul><ul><li>Users are able to customize software to fit their own profile </li></ul><ul><li>Meets audit requirements for risk assessment </li></ul><ul><li>Content is frequently updated and shipped to users. </li></ul><ul><li>Web-based survey process – involves management and user community. </li></ul><ul><li>Quantifies risk and provides ROI metrics </li></ul><ul><li>Automated report generation including working papers and complete management-ready case summary report </li></ul>
    12. 12. Data Aggregation & Analysis Patient Info. Software Automatically Analyzes Over 3 Million Linking Relationships Risk = Asset  Loss  Threat  Vulnerability Loss Delays & Denials Fines Disclosure Modification Direct Loss Asset Applications Database Financial Data Hardware System Software Threat Disclosure Hackers Fraud Viruses Network Attack Loss of Data Embezzlement Vulnerability Acceptable Use Disaster Recovery Authentication Network Controls No Security Plan Accountability Privacy Access Control Fines Disclosure Modification Fraud Loss of Data Acceptable Use Authentication Privacy Access Control
    13. 13. RISKWATCH ® Risk Assessment Process Automated Survey Management Process Management Data Aggregation & Analysis Content (Rules & Data) Risk Analysis Customization Reporting Respondents Analyst
    14. 14. RiskWatch Clients             
    15. 15. RiskWatch is The First Choice in Security Risk Assessment Software <ul><li>Proven Methodology - Field Tested with Hospitals & Healthcare Users for over Ten Years. </li></ul><ul><li>Fully Automated Web-Based Survey Included </li></ul><ul><li>Completely Customizable by Users </li></ul><ul><li>Rated #1 by Gartner Group and Many other Analysts </li></ul><ul><li>First Choice for Top Tier Consultants </li></ul><ul><li>Validated by Major Government Agencies in U.S. Canada, Africa, Australia and Europe. </li></ul>
    16. 16. Why RiskWatch Stays Number One <ul><li>“ What sets RiskWatch apart from its competitors is its focus on risk analysis for security management, its ability to handle large volumes of information, and its large number of customizable features”. -- Gartner Group </li></ul><ul><li>RiskWatch has Thousands of Users </li></ul><ul><li>Complete Technical Support – Gold & Platinum Levels of Support </li></ul><ul><li>Ambassador Program for Extra Support </li></ul><ul><li>Comprehensive Training Programs Monthly </li></ul><ul><li>On-Site Training Also Available by Request </li></ul>
    17. 17. RiskWatch Elevates IT Security Compliance Up to the Boardroom <ul><li>Discovers and validates vulnerabilities present in the organization . </li></ul><ul><li>Directly measures compliance with HIPAA requirements . </li></ul><ul><li>Includes current threat level data. </li></ul><ul><li>Measures effectiveness of security controls. </li></ul><ul><li>Supporting budgeting for security by ROI. </li></ul>
    18. 18. Progress at a Glance – Tracks the Case
    19. 19. ELEMENTS OF A METRICS-BASED RISK ASSESSMENT APPROACH ASSETS THREATS VULNERABILITIES LOSSES SAFEGUARDS
    20. 20. ADAPTABLE FOR EITHER QUALITATIVE (COMPLIANCE ONLY) ASSESSMENTS OR FULL RISK ASSESSMENTS <ul><li>Analyst has full control over type of assessment. </li></ul><ul><li>Allows users to conduct a variety of risk assessments: </li></ul><ul><ul><li>Compliance Assessment Only </li></ul></ul><ul><ul><li>Risk Assessment Only </li></ul></ul><ul><ul><li>Both Compliance & Risk Assessment </li></ul></ul><ul><ul><li>With financial data or without </li></ul></ul>
    21. 21. Use Inventory Information or Asset Configuration Tool based on Standard Capital Expenditures Allocation Tables
    22. 22. RISKWATCH PROVIDES AGGREGATED THREAT DATA OR INPUT YOUR OWN ORGANIZATIONAL DATA SUCH AS INCIDENT REPORT DATA <ul><li>Quantified threat data is hard to find . </li></ul><ul><li>Categories of Threats: </li></ul><ul><li>Natural Disasters, Criminal Activity </li></ul><ul><li>Terrorism, Theft, Systems Failures </li></ul><ul><li>Collect data from Web Sources, government data, weather data, crime casts, global info services, access control systems, incident logs. </li></ul><ul><li>Use data from internally collected sources </li></ul>
    23. 23. THREAT TABLE IS FULLY CUSTOMIZABLE BY THE USER BASED ON INCIDENT DATA OR PEN TEST DATA
    24. 24. INCLUDES ALL RELEVANT VULNERABILITY AREAS
    25. 25. QUESTIONS CAN BE TAILORED BY THE USER AND CATEGORIES CAN BE SELECTED FOR EACH SPECIFIC ANALYSIS <ul><li>Questions Follow Audit Format </li></ul><ul><li>Control Standard, Question Statement and Related Vulnerability </li></ul><ul><li>Users Set Threshold for Compliance </li></ul><ul><li>Each Question Measures Vulnerabilities </li></ul><ul><li>Users can Add, Delete or Modify Questions </li></ul>
    26. 26. Each question uses actual security regulations as control standards and is linked to appropriate Functional Areas
    27. 27. Respondents Can Answer Questions over the Web with full ASP functionality
    28. 28. <ul><li>Questions Follow Audit Format </li></ul><ul><li>Control Standard, Question Statement </li></ul><ul><li>and Related Vulnerability </li></ul><ul><li>Users Set Threshold for Compliance </li></ul><ul><li>Each Question Validates Compliance with Standards </li></ul><ul><li>Users can Add, Delete or Modify Questions </li></ul>ANALYSTS CAN CUSTOMIZE AND CHANGE QUESTIONS
    29. 29. INCLUDES ALL RELEVANT IT CONTROL CATEGORIES
    30. 30. EACH POTENTIAL SAFEGUARD INCLUDES DEFAULT VALUES FOR COST, MAINTENANCE AND LIFE CYCLE
    31. 31. RESULTS FROM THE RISK ASSESSMENTS <ul><li>Measurable data which can be benchmarked </li></ul><ul><li>Prove validity of findings with full audit trails </li></ul><ul><li>Use of recognized statistical probability models </li></ul><ul><li>Creates a completely automated report , tailored for management </li></ul>
    32. 32. The Case Summary Report Is Pre-Written for Management
    33. 33. EASY TO UNDERSTAND GRAPHS ILLUSTRATE OVERALL COMPLIANCE VS. NON-COMPLIANCE
    34. 34. Vulnerability Distribution Report Shows the Weak Compliance by Requirement
    35. 35. Track Compliance by Individual 26 % - Computer Security Manager 27 % - ISO Compliance Officer 12 % - CTO 11 % - Finance 10 % - Security Engineer 6 % - Systems Administration 3 % - CTO 3 % - CEO 1 % - Remaining (Other)
    36. 36. Vulnerability reports include complete audit trails and powerful analysis tools
    37. 37. SAFEGUARD REPORT -- RECOMMENDED CONTROLS BY RETURN ON INVESTMENT
    38. 38. Demonstrates Overlapping Layers of Protection by Implementing Top 20 Controls
    39. 39. THE BOTTOM LINE HIPAA-Watch Ensures Ongoing Compliance Measurement and Validation <ul><li>Data Security/Privacy regulations in Healthcare will continue to increase. </li></ul><ul><li>Automating the HIPAA Compliance Process saves thousands of dollars in staff time. </li></ul><ul><li>HIPAA-WATCH for Compliance is the best way to measure HIPAA compliance, identify vulnerabilities, justify capital improvements and focus spending in the right areas and in the right amounts. </li></ul>
    40. 40. RiskWatch, Inc. [email_address] Caroline Hamilton 410-224-4773 x105 www.riskwatch.com

    ×