SlideShare a Scribd company logo

Securing Microsoft Technologies for HITECH Compliance

Marie-Michelle Strah, PhD
Marie-Michelle Strah, PhD

SharePoint Saturday Philadelphia presentation 2/4/2012. Special thanks to CipherPoint Software and AvePoint for preparation and sharing panel time. Best practices in planning and design of enterprise security and master data management strategies for HITECH compliance of both SharePoint 2010 on premise and Office 365 instances for use in covered healthcare entities.

Technology
1 of 34
Download to read offline
Securing Microsoft Technologies for HITECH Compliance Marie-Michelle Strah, PhD SharePoint Saturday Philadelphia 2/4/2012
Introductions http://ideas.appliedis.com http://lifeincapslock.com
www.TriStateSharePoint.org
Objectives Introduction: Why Microsoft Business Solutions for healthcare? •Context: ARRA/HITECH: INFOSEC and connected health information •Reference models: security, enterprise architecture and compliance for healthcare •Best Practices: privacy and security in Microsoft SharePoint Server 2010, Microsoft Dynamics CRM and Office365 Panel: Q&A
What keeps a CMIO up at night? Excerpted from John D. Halamka, MD Life as a Healthcare CIO Blog… • Unstructured data • Compliance • Security • Workforce recruitment http://geekdoctor.blogspot.com/2011/10/w hat-keeps-me-up-at-night-fy12-edition.html
Planning for Security and the “Black Swan”
2012 = Year of Privacy and ECM Privacy • Data (opt in/out) • PHI • PII “Black Swans” • Consumer Engagement • Business Associates
Enterprise Security Model ������ ������ ������ = (������ ∗ ������ ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
2012: From HIPAA to HITECH and “Meaningful Use” • Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936) • The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on February 17, 2009 • American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115)
Complexity: RM, ECM and eDiscovery ������ ������ ������ = (������ ∗ ������ ) do the HITECH math… Application of HIPAA Security Standards to Business Associates “Business Associates”: 42 USC §17931 • Legal • Accounting New Security Breach • Administrative Requirements • Claims Processing 42 USC §17932(j) • Data Analysis • QA Electronic Access Mandatory for • Billing Patients 42 USC 17935(e) 45 CFR §160.103 Prohibited Sale of PHI without Consumer Engagement Patient Authorization 42 USC §17935(d)
You Don’t Believe Me?: In the News Recent Cryptzone Survey Healthcare IT News Gothenburg, 19 January 2012 Sacramento, 23 November 2011 Survey finds almost half of The theft of a computer during a SharePoint users disregard the break-in in October has spurred a security within SharePoint, and $1B class action lawsuit against copy sensitive or confidential Sutter Health, according to a documents to insecure hard report published today by the drives, USB keys or even email it to Sacramento Bee. The computer a third party. contained data on more than 4 million patients. Read more: SharePoint Users Develop Insecure Habits - See also: Room for improvement FierceContentManagement on security, HIMSS survey shows
Complexity = Higher Risks and Costs
SOA: Service-Oriented Architecture “Hub” Model reduces complexity and variability while maintaining collaboration and interoperability
Challenge: connect, collaborate and compartmentalize Microsoft Connected Health Framework Business and Technical Framework (Joint Architecture) http://hce.codeplex.com/
Microsoft Business Solutions as part of a Connected Health Framework • Patient Encounters • CPG • HIPAA Direct Identifiers Clinical Workflow • EEOI • ePHI EHR Integration Intake Forms Unstructured Data • SharePoint 2010 • Dynamics CRM • Office365 R&D BPM
Microsoft Business Solutions as part of a Connected Health Framework Current example: multi-site resident treatment facility -Provider emails (nurse/contract doctors) -Word documents (patient notes) on file servers - unsecured -PDFs (scanned records/PHI) on file servers – unsecured -no encryption -no search -no IAM beyond Windows authentication -2011 EHR adoption Current example 2: ePHI data with SSN being exported as whatever file type -No control over what file type -No way to force encryption -No way to force a file save location (sharephi_encrypted_folder)
Enterprise Security Planning • PRIVACY IMPACT ASSESSMENT • 18 direct identifiers (HIPAA) • “content shielding” • Data architecture • Encryption of data at rest/data in motion • 2 factor authentication • Perimeter topologies • Segmentation and compartmentalization of PHI/PII (logical and physical) • Wireless (RFID/Bluetooth) • Business Continuity • Backup and Recovery • Mobile Device Management/BYOD World
Security Architecture – SPS2010 Business Connectivity Authorization Services Hardware UPM Authentication Permissions Data Level Endpoint Federated ID Security Security Security Classic/Claims Groups LOB Mobile Integration Remote IIS/STS ������ ������ ������ = (������ ∗ ������ )
Behavioral Factors: Security Architecture • #hcsm • User population challenges • clinicians • business associates • domain knowledge •“Prurient interest” • Mobile technologies ������ ������ ������ = (������ ∗ ������ )
“Can’t Do it Alone:” Security Ecosystem • Native ISV • Network • 20% • Governance • Data at Rest • UPM/IAM • 100% • 60% SP2010 ISV On Premise Cloud 12/14/2011 • Office365 HIPAA/EU compliance • BAA
Sample: Security Planning Checklist • Content types (PHI/PII) • ECM/OCR • Digital Rights Management (DRM) • Business Connectivity Services and Visio Services (external data sources) • Excel, lists, SQL, custom data providers • Integrated Windows with constrained Kerberos • Metadata and tagging (PHI/PII) • Blogs and wikis (PHI) • Plan permission levels and groups (least privileges) – providers and business associates • Plan site permissions • Fine-grained permissions (item-level) • Security groups (custom) • Contribute permissions
Best Practices: Preventative Model • Involve HIPAA specialists early in the planning process. (This is NOT an IT problem) • Privacy Impact Assessment: PHI, ePHI, PII (Compartmentalization and segregation) • Trust, but verify • Look to experts to help with existing implementations. (Domain expertise in healthcare and clinical workflow as well as HIPAA/HITECH privacy and security) • Use connected health framework reference model • Governance, governance, governance
Governance: Adapting the Joint Commission Continuous Process Improvement Model Plan • Technical, Physical, Administrative Safeguards Document • Joint Commission, Policies, Procedures, IT Governance Train • Clinical, Administrative and Business Associates Track • Training, Compliance, Incidents, Access…. everything Review • Flexibility, Agility, Architect for Change
The Ideal Employees Contractors Partners Need to know Need to manage InfoSec IT Ops Legal
The Reality Employees IT Ops Contractors Partners Manage Know InfoSec Legal
The Challenge • There is no endpoint • There is no perimeter • Users own the data Employees Contractors Partners • No one owns the risk • Security doesn’t have control • IT Ops own the databases • IT Ops own the servers • IT Ops own the apps (SharePoint) InfoSec IT Ops Legal
• Unstructured Data – Scan – Quarantine PII – Tag • Compliance and Reporting – Enhance control of all ePHI and PII – In line with HIPPA and HITECH Act regulation © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Security – Easily set Rules and Permissions in bulk – Run scheduled reports on all SharePoint Activity – Safely archive inactive data for compliance • Workflow Management – Rearrange taxonomy to meet evolving business needs – Full fidelity backup and restoration of data – Improved performance, Environment monitoring © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Thank You! For more information… http://ideas.appliedis.com http://lifeincapslock.com

Recommended

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 

Recommended

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365Don Daubert
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCP®
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
BayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the CloudBayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the CloudSri Chilukuri
 
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorksTackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorksIT Masterclasses
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityMarie-Michelle Strah, PhD
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & SecurityBrian Ahier
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Making Your E Biz Legal
Making Your E Biz LegalMaking Your E Biz Legal
Making Your E Biz Legallegalinfo
 
Big data and analytics
Big data and analytics Big data and analytics
Big data and analytics Freeform Dynamics
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009asundaram1
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...Everteam
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protectionNicha Tatsaneeyapan
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10Pimsat University
 
C24 Top 12 tips
C24 Top 12 tipsC24 Top 12 tips
C24 Top 12 tipsDavid Ricketts
 
Oracle a TBIZ2011
Oracle a TBIZ2011Oracle a TBIZ2011
Oracle a TBIZ2011TechnologyBIZ
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Edge Pereira
 

More Related Content

What's hot

Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
BayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the CloudBayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the CloudSri Chilukuri
 
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorksTackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorksIT Masterclasses
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityMarie-Michelle Strah, PhD
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & SecurityBrian Ahier
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Making Your E Biz Legal
Making Your E Biz LegalMaking Your E Biz Legal
Making Your E Biz Legallegalinfo
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009asundaram1
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...Everteam
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protectionNicha Tatsaneeyapan
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 

What's hot (20)

Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
BayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the CloudBayBio - Facilitating R&D Collaborations through the Cloud
BayBio - Facilitating R&D Collaborations through the Cloud
 
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorksTackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
Tackling GDPR with Microsoft 365 and Office 365 - SpiceWorks
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and Security
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & Security
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
 
Making Your E Biz Legal
Making Your E Biz LegalMaking Your E Biz Legal
Making Your E Biz Legal
 
Big data and analytics
Big data and analytics Big data and analytics
Big data and analytics
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference Architecture
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
 
An ethical approach to data privacy protection
An ethical approach to data privacy protectionAn ethical approach to data privacy protection
An ethical approach to data privacy protection
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10
 
C24 Top 12 tips
C24 Top 12 tipsC24 Top 12 tips
C24 Top 12 tips
 
Oracle a TBIZ2011
Oracle a TBIZ2011Oracle a TBIZ2011
Oracle a TBIZ2011
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 

Similar to Securing Microsoft Technologies for HITECH Compliance

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Edge Pereira
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...BigDataEverywhere
 
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerContent Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerZia Consulting
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarConcept Searching, Inc
 
Securing and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industrySecuring and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industryDataWorks Summit
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
HIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryHIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryJim Shingler
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiFeisal Nanji
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)Danny Miller
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmontscm24
 

Similar to Securing Microsoft Technologies for HITECH Compliance (20)

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
 
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerContent Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinal
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Securing and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industrySecuring and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industry
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
HIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryHIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud Foundry
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
IAM
IAMIAM
IAM
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Himss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanjiHimss 2011 securing health information in the cloud -- feisal nanji
Himss 2011 securing health information in the cloud -- feisal nanji
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
CHINO poster IM/IFIP
CHINO poster IM/IFIPCHINO poster IM/IFIP
CHINO poster IM/IFIP
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
 

More from Marie-Michelle Strah, PhD

Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Marie-Michelle Strah, PhD
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareMarie-Michelle Strah, PhD
 
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...Marie-Michelle Strah, PhD
 
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Marie-Michelle Strah, PhD
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Marie-Michelle Strah, PhD
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2Marie-Michelle Strah, PhD
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Marie-Michelle Strah, PhD
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointMarie-Michelle Strah, PhD
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandMarie-Michelle Strah, PhD
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Marie-Michelle Strah, PhD
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Marie-Michelle Strah, PhD
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesMarie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateMarie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Marie-Michelle Strah, PhD
 

More from Marie-Michelle Strah, PhD (15)

Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
 
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
 
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePoint
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical Command
 
Case Study for a SharePoint SDLC
Case Study for a SharePoint SDLCCase Study for a SharePoint SDLC
Case Study for a SharePoint SDLC
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare Outcomes
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Securing Microsoft Technologies for HITECH Compliance

  • 1. Securing Microsoft Technologies for HITECH Compliance Marie-Michelle Strah, PhD SharePoint Saturday Philadelphia 2/4/2012
  • 2.
  • 3. Introductions http://ideas.appliedis.com http://lifeincapslock.com
  • 4.
  • 6. Objectives Introduction: Why Microsoft Business Solutions for healthcare? •Context: ARRA/HITECH: INFOSEC and connected health information •Reference models: security, enterprise architecture and compliance for healthcare •Best Practices: privacy and security in Microsoft SharePoint Server 2010, Microsoft Dynamics CRM and Office365 Panel: Q&A
  • 7. What keeps a CMIO up at night? Excerpted from John D. Halamka, MD Life as a Healthcare CIO Blog… • Unstructured data • Compliance • Security • Workforce recruitment http://geekdoctor.blogspot.com/2011/10/w hat-keeps-me-up-at-night-fy12-edition.html
  • 8. Planning for Security and the “Black Swan”
  • 9. 2012 = Year of Privacy and ECM Privacy • Data (opt in/out) • PHI • PII “Black Swans” • Consumer Engagement • Business Associates
  • 10. Enterprise Security Model ������ ������ ������ = (������ ∗ ������ ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
  • 11. 2012: From HIPAA to HITECH and “Meaningful Use” • Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936) • The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on February 17, 2009 • American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115)
  • 12. Complexity: RM, ECM and eDiscovery ������ ������ ������ = (������ ∗ ������ ) do the HITECH math… Application of HIPAA Security Standards to Business Associates “Business Associates”: 42 USC §17931 • Legal • Accounting New Security Breach • Administrative Requirements • Claims Processing 42 USC §17932(j) • Data Analysis • QA Electronic Access Mandatory for • Billing Patients 42 USC 17935(e) 45 CFR §160.103 Prohibited Sale of PHI without Consumer Engagement Patient Authorization 42 USC §17935(d)
  • 13. You Don’t Believe Me?: In the News Recent Cryptzone Survey Healthcare IT News Gothenburg, 19 January 2012 Sacramento, 23 November 2011 Survey finds almost half of The theft of a computer during a SharePoint users disregard the break-in in October has spurred a security within SharePoint, and $1B class action lawsuit against copy sensitive or confidential Sutter Health, according to a documents to insecure hard report published today by the drives, USB keys or even email it to Sacramento Bee. The computer a third party. contained data on more than 4 million patients. Read more: SharePoint Users Develop Insecure Habits - See also: Room for improvement FierceContentManagement on security, HIMSS survey shows
  • 14. Complexity = Higher Risks and Costs
  • 15. SOA: Service-Oriented Architecture “Hub” Model reduces complexity and variability while maintaining collaboration and interoperability
  • 16. Challenge: connect, collaborate and compartmentalize Microsoft Connected Health Framework Business and Technical Framework (Joint Architecture) http://hce.codeplex.com/
  • 17. Microsoft Business Solutions as part of a Connected Health Framework • Patient Encounters • CPG • HIPAA Direct Identifiers Clinical Workflow • EEOI • ePHI EHR Integration Intake Forms Unstructured Data • SharePoint 2010 • Dynamics CRM • Office365 R&D BPM
  • 18. Microsoft Business Solutions as part of a Connected Health Framework Current example: multi-site resident treatment facility -Provider emails (nurse/contract doctors) -Word documents (patient notes) on file servers - unsecured -PDFs (scanned records/PHI) on file servers – unsecured -no encryption -no search -no IAM beyond Windows authentication -2011 EHR adoption Current example 2: ePHI data with SSN being exported as whatever file type -No control over what file type -No way to force encryption -No way to force a file save location (sharephi_encrypted_folder)
  • 19. Enterprise Security Planning • PRIVACY IMPACT ASSESSMENT • 18 direct identifiers (HIPAA) • “content shielding” • Data architecture • Encryption of data at rest/data in motion • 2 factor authentication • Perimeter topologies • Segmentation and compartmentalization of PHI/PII (logical and physical) • Wireless (RFID/Bluetooth) • Business Continuity • Backup and Recovery • Mobile Device Management/BYOD World
  • 20. Security Architecture – SPS2010 Business Connectivity Authorization Services Hardware UPM Authentication Permissions Data Level Endpoint Federated ID Security Security Security Classic/Claims Groups LOB Mobile Integration Remote IIS/STS ������ ������ ������ = (������ ∗ ������ )
  • 21. Behavioral Factors: Security Architecture • #hcsm • User population challenges • clinicians • business associates • domain knowledge •“Prurient interest” • Mobile technologies ������ ������ ������ = (������ ∗ ������ )
  • 22. “Can’t Do it Alone:” Security Ecosystem • Native ISV • Network • 20% • Governance • Data at Rest • UPM/IAM • 100% • 60% SP2010 ISV On Premise Cloud 12/14/2011 • Office365 HIPAA/EU compliance • BAA
  • 23. Sample: Security Planning Checklist • Content types (PHI/PII) • ECM/OCR • Digital Rights Management (DRM) • Business Connectivity Services and Visio Services (external data sources) • Excel, lists, SQL, custom data providers • Integrated Windows with constrained Kerberos • Metadata and tagging (PHI/PII) • Blogs and wikis (PHI) • Plan permission levels and groups (least privileges) – providers and business associates • Plan site permissions • Fine-grained permissions (item-level) • Security groups (custom) • Contribute permissions
  • 24. Best Practices: Preventative Model • Involve HIPAA specialists early in the planning process. (This is NOT an IT problem) • Privacy Impact Assessment: PHI, ePHI, PII (Compartmentalization and segregation) • Trust, but verify • Look to experts to help with existing implementations. (Domain expertise in healthcare and clinical workflow as well as HIPAA/HITECH privacy and security) • Use connected health framework reference model • Governance, governance, governance
  • 25. Governance: Adapting the Joint Commission Continuous Process Improvement Model Plan • Technical, Physical, Administrative Safeguards Document • Joint Commission, Policies, Procedures, IT Governance Train • Clinical, Administrative and Business Associates Track • Training, Compliance, Incidents, Access…. everything Review • Flexibility, Agility, Architect for Change
  • 26.
  • 27. The Ideal Employees Contractors Partners Need to know Need to manage InfoSec IT Ops Legal
  • 28. The Reality Employees IT Ops Contractors Partners Manage Know InfoSec Legal
  • 29. The Challenge • There is no endpoint • There is no perimeter • Users own the data Employees Contractors Partners • No one owns the risk • Security doesn’t have control • IT Ops own the databases • IT Ops own the servers • IT Ops own the apps (SharePoint) InfoSec IT Ops Legal
  • 30.
  • 31. • Unstructured Data – Scan – Quarantine PII – Tag • Compliance and Reporting – Enhance control of all ePHI and PII – In line with HIPPA and HITECH Act regulation © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
  • 32. • Security – Easily set Rules and Permissions in bulk – Run scheduled reports on all SharePoint Activity – Safely archive inactive data for compliance • Workflow Management – Rearrange taxonomy to meet evolving business needs – Full fidelity backup and restoration of data – Improved performance, Environment monitoring © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
  • 33.
  • 34. Thank You! For more information… http://ideas.appliedis.com http://lifeincapslock.com