Protect PHI & Manage Risk - HIPAA/HITECH Compliance


Published on

View Webcast Now:

Would Your Organization Survive a Data Breach?
The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually. Fortunately, if you are protecting your Personal Health Information (PHI) with proper encryption and key management, you are exempt from a breach notification. The question is, are you meeting HIPAA/HITECH standards?

Join Patrick Townsend, Founder & CEO, for a 30-minute webcast ( and learn more about HIPAA/HITECH and what your company can do to avoid a data breach. Topics discussed will include:

- Managing your risk of a data breach
- Achieving breach notification safe harbor status
- Encryption and key management best practices

Additionally, Patrick discusses how Townsend Security has worked with partners across the globe to integrate encryption and key management in their technologies.

View Webcast Now:

Published in: Technology, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Protect PHI & Manage Risk - HIPAA/HITECH Compliance

  1. 1. Protect PHI & Manage Risk: HIPAA/HITECH Compliance Townsend Security724 Columbia Street NW, Suite 400 | Olympia, WA 98501 | 360.359.4400 |
  2. 2. Webinar Presenter: Patrick Townsend ä Founder & CEO of Townsend Security ä Leading data security expert ä 30 years IT industry experienceView this webinar at
  3. 3. THE ENCRYPTION COMPANYBroad experience in Over 2000 customers NIST Certified AES Encryptiondata security and worldwidedata communication FIPS 140-2 Certified Strong presence in Key ManagementLeadership averages the Fortune 500over 30 years IT Participating Organizationexperience Products in 40+ PCI Security Standards countries CouncilView this webinar at
  4. 4. View this webinar at
  5. 5. PartnersView this webinar at
  6. 6. Breaches Happen The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually according to a new study by the Ponemon Institute. Forty-one percent of healthcare executive surveyed attributed data breaches related to protected health information (PHI) to employee mistakes.View this webinar at
  7. 7. Top 3 Healthcare Breaches of 2011 Tricare - 4.9 million records Unencrypted backup tapes were stolen from the parked car of an employee of a TRICARE business associate. Sutter Health - 4.2 million records Stolen computer contained a database for Sutter Physician Services, which provides billing and other administrative services for 21 Sutter units. Health Net - 1.9 million records Federal authorities plus at least four state agencies launched investigations of a breach affecting 1.9 million enrollees of Health Net, an insurance company.View this webinar at
  8. 8. Blue Cross Blue Shield of Tennessee  Data breach in 2009 lost over 1 million PHI records  Spent nearly $17 million in investigation, notification, and protection efforts  Recent settlement with Department of Health and Human Services (HHS) added an additional $1.5 million (the maximum fine in one year) to settle potential violationsView this webinar at
  9. 9. HIPAA/HITECH and Protecting PHI  HITECH Act builds on HIPAA data security standard  Many references to NIST standards for encryption and key management  Guidance on key management references NIST FIPS 140-2 and NIST Key Management Best Practices  Backdoor mandate for encryption and key management  Requirement for system loggingView this webinar at
  10. 10. What is PHI?  HIPAA defines PHI as individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates, excluding certain educational or employment records  Examples: Name, address, email, birthdate, SSN, employee number, claim number, health plan beneficiary numberView this webinar at
  11. 11. Where Can PHI Be Stored?  Electronic Medical Records (EMR)  Health insurance companies that record healthcare claims  Databases such as Microsoft SQL Server and Oracle  Outside entity such as a service provider (financial, lab, etc.)View this webinar at
  12. 12. Are You Gambling with $7.2 Million?  Average cost of a data breach is $214 per record or $7.2 million per breach  Direct costs include notification and legal defense  Indirect costs include loss of customer business and abnormal churnView this webinar at
  13. 13. What is Considered a Breach?  Unauthorized access to PHI  Loss or theft of:  Computer tapes  Hard drives  Unencrypted laptops  USB drivesView this webinar at
  14. 14. How to Avoid Breach Notification  HIPAA/HITECH states encryption and destruction are the only safe harbors from breach notification  Encryption should be NIST certified to provably meet recommendations  Key management should be FIPS 140-2 certified  Note that HHS mandates FIPS 140-2 compliant solutions for itselfView this webinar at
  15. 15. Townsend Security Makes Compliance Easy  NIST-certified AES encryption for every major platform  FIPS 140-2 certified encryption key management  PGP encryption for IBM i and IBM z  System logging for IBM i  Healthcare customers include: Mayo Clinic, Blue Cross Blue Shield, ValueOptions, and moreView this webinar at
  16. 16. NIST Certified AES Encryption  AES encryption for all major platforms  Provably compliant encryption  High-performance encryption to minimize hardware/software costs  Meets best practices for HIPAA/HITECH, PCI DSS, and moreView this webinar at
  17. 17. FIPS 140-2 Certified Encryption Key Management  Affordable key manager manages keys through entire lifecycle  Built to be easy  Dual Control and Separation of Duties (NIST best practices & PCI DSS requirement)  High Availability through hardware redundancy and key mirroring  Works with all server platforms: SQL Server, Windows, Linux, UNIX, etc.  Works with all databases: SQL Server, Oracle, DB2, MySQL, etc.  In use by over 2,000 customers worldwideView this webinar at
  18. 18. PGP Encryption for IBM i and IBM z  De facto standard for securing data in motion  Part of comprehensive security plan  Ported PGP to IBM i and IBM z for PGP corporation  Partnered with Symantec to bring only commercial version of PGP to IBM i  FIPS 140-2 compliantView this webinar at
  19. 19. Secure System Logging for the IBM i  Meets HIPAA section 3 around Log-in Monitoring  Meets HIPAA section 4 around Access Controls  Creates logs that ALL SIEM consoles can read  Uses SSL/TLS encryption due to secure deliveryView this webinar at
  20. 20. Beware of Non-Compliant Solutions  Non-standard encryption and key management  No Dual Control or Separation of Duties  Unsubstantiated claims (eg. “meets FIPS 140-2 standards”)  Proprietary or home-grown encryption  No independent assessment of source code  No direct NIST certification of productsView this webinar at
  21. 21. Partnering: ISVs, VARs, and OEMs Your customers expect you to protect their PHI. Compliance regulations require you to protect PHI.  Strong partner channel that is committed to partner success  Solutions built for integration  Value add to your technologyView this webinar at
  22. 22. Summary  PHI lives in many different places, in many different forms  Breaches happen and cost organizations millions  Encryption and key management are backdoor mandates to HIPAA/HITECH  System logging is a requirement of HIPAA/HITECH  Townsend Security is trusted by companies worldwide  Strong partner channel to help ease the burden of compliance for your customersView this webinar at
  23. 23. What You Can Do Today ENCRYPTION  Download free 30-day evaluation of all our products  Schedule technical overview with our Customer Success Manager KEY MANAGEMENT  Additional education in “Resources” section of our web site >> Learn More SYSTEM LOGGING @townsendsecure PARTNERView this webinar at
  24. 24. Any Questions About Protecting PHI and Managing Risk? > Data Gets Out. Encrypt It. NIST-Certified Encryption | FIPS 140-2 Certified Key ManagementContact Townsend Security:patrick.townsend@townsendsecurity.comwww.townsendsecurity.com800.357.1019View this webinar at