HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
HIPAA  – Five Security Strategies to Protect ePHI
Upcoming SlideShare
Loading in...5
×

HIPAA – Five Security Strategies to Protect ePHI

533

Published on

For healthcare organizations the pressure to protect electronic personally identifiable health information (ePHI) increased significantly throughout 2010. The US Department of Health and Human Services proposed modifications to HIPAA privacy, security and enforcement rules, HITECH Act extended HIPAA requirements to business associates and the number of breaches affecting at least 500 individuals is rapidly increasing. Healthcare organizations are already anxious about what 2011 has in store, with increased negative media attention, increased patient awareness of breaches and more. Unfortunately, the ePHI data protection landscape can be confusing to navigate. So what can healthcare organizations do to protect ePHI and ensure they stay out of the spotlight?

In this webcast, Chris Konrad, Senior VP of Client Services at Fortrex Technologies and Cindy Valladares, Solutions Marketing at Tripwire:

Discuss which factors and forces around ePHI have recently impacted healthcare organizations.

Describe what is different in 2011 and the challenges facing organizations when protecting ePHI

Use real-life examples to demonstrate the effects of data breaches

Provide five strategies you can take to better protect ePHI and avoid the negative fallout of a breach

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
533
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Patient Protection and Affordable Care Act and subsequent Health Care and Education Reconciliation Act of 2010 are passedHITECH Act extends HIPAA Privacy and Security requirement to business associatesHHS proposes HIPAA Privacy, Security and Enforcement Rules modificationsHHS National Coordinator, Office of the National Coordinator for Health IT, Dr. David Blumenthal forms Privacy and Security “tiger team”United States Health Human Services (HHS) publication of breaches of unprotected PHI affecting over 500 individuals totals 3,608,753Connecticut Attorney General, now Senator Richard Blumenthal, issues suit against Health Net for failing to secure the information of 446,000 individuals whose data was on a lost, unencrypted hard driveSettled for $250,000Conditional $500,000 to be paid in the event that the breach proves to have lead to the access of personal information2010 Healthcare Information and Management Systems Society (HIMSS) Security Survey 31% of all healthcare providers experienced a breach to patient information Fewer than one in 10 of 600 surveyed could meet most of the meaningful-use requirementsPonemon Institute and security firm ID Expert research released Hospitals are exposed to a loss of $6 billion dollars annually as a result of breaches 70% of respondents indicated that patient data protection is not a priority
  • Change management is the cornerstone of many regulationsChange management and testingStart with a baseline w/hardened configurationsDynamic policy testingChange process analysisReconcile to authorization
  • Monitor activity Capture logsAnalyze for high-risk eventsCorrelate change and events
  • ER: This is really what you want to know. 5 failed logins on it’s own followed by a successful login is probably a medium to low alert. In fact, this is so common it’s contributing to SIEM overload. But, getting an unrelated alert for each one of these every step along the way won’t help. We think you need this context to see all of these happening in concert so you can quickly see these complicated patterns that impact security. TZ (to transition to next slide): so what does Tripwire do to help solve this?
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×