• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Mobile devices and applications in healthcare: Security and Compliance Risks
 

Mobile devices and applications in healthcare: Security and Compliance Risks

on

  • 872 views

Recent HHS analysis of reported breaches indicates that almost 40% of large breaches involve lost or stolen devices.” Majority of these devices are laptops, smart phones, etc., This 50-minute ...

Recent HHS analysis of reported breaches indicates that almost 40% of large breaches involve lost or stolen devices.” Majority of these devices are laptops, smart phones, etc., This 50-minute webinar will focus on how to effectively comply and secure mobile devices in healthcare industry.

Statistics

Views

Total Views
872
Views on SlideShare
872
Embed Views
0

Actions

Likes
3
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Mobile devices and applications in healthcare: Security and Compliance Risks Mobile devices and applications in healthcare: Security and Compliance Risks Presentation Transcript

    • The New Trend in Healthcare IT Mobile Devices and Applications in Healthcare: Security & Compliance Risks We will be starting in a moment … Visit us at www.ehr20.com info@ehr20.com 802-448-2255© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • Mobile Devices and Applications in Healthcare The New Trend in Healthcare IT Security & Compliance Risks 30 May, 2012© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Webinar Objectives • To review mobile security and compliance requirements • To share trends and challenges in mobile devices and applications deployment • To provide guidelines for preparing and securing sensitive ePHI data 3© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Who we are … EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. o Education(Training, Webinar & Workshops) o Consulting Services o Toolkit(Tools, Best Practices & Checklist) Goal: To make compliance an meaningful and painless experience, while building capability and confidence.© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT HIPAA Titles - Overview 5© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT HIPAA Security Rule 6© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT HIPAA Information Security Model Confidentiality Limiting information access and disclosure to authorized users (the right people) Integrity Trustworthiness of information resources (no inappropriate changes) Availability Availability of information resources (at the right time) 7© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT PHI(Protected Health Information) Health Information Individually Identifiable Health Information PHI 8© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • ePHI – 18 Identifiers The New Trend in Healthcare IT Identifiers Examples Name Max Bialystock 1355 Seasonal Lane Address (all geographic subdivisions smaller than state, including street address, city, county, or ZIP code) Dates related to an individual Birth, death, admission, discharge 212 555 1234, home, office, mobile etc., Telephone numbers 212 555 1234 Fax number Email address LeonT@Hotmail.com, personal, official Social Security number 239-68-9807 Medical record number 189-88876 Health plan beneficiary number 123-ir-2222-98 Account number 333389 Certificate/license number 3908763 NY Any vehicle or other device serial number SZV4016 Device identifiers or serial numbers Unique Medical Devices Web URL www.rickymartin.com Internet Protocol (IP) address numbers 19.180.240.15 Finger or voice prints finger.jpg Photographic images mypicture.jpg Any other characteristic that could uniquely Social Media Profile identify the individual 9© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • Trends in Healthcare IT The New Trend in Healthcare IT Informatics Collaboration Mobile EHR Computing HIE 10© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Technology/Communication Devices Communication Devices to enable WiFi Connectivity Desktop/Laptop with WiFi Connectivity Mobile Phones Mobile Tablet Devices© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Mobile Devices and Apps in Healthcare Desktop/Laptop • Applications ranging from CPOE & appointment scheduler to medical billing & nursing suite • Web Applications Mobile Phones Mobile Tablet Devices • Scheduling • Dictation • Image Processing: X-Ray • Scheduling Review • Patient Alert • Web Applications • Dictation • Primary Care/Ambulatory • Web Applications Care • Professional Nursing Suite© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Trends in Mobile Devices (Healthcare) Mobile Devices • Declining Desktop Market • Proliferation of more smart phone devices & tablets from various manufacturers (Apple, Samsung, LG, Nokia, etc) • Access to Web based healthcare Applications Using known Devices • Bring Your Own Device (BYOD) • Making significant inroads as 90% of employees prefer • Make healthcare professionals more productive Data Processing using Cloud Computing Sophisticated Network Switches & Gears • Address higher network bandwidth • Provide better security & Access Control© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Challenges in Mobile Devices & Applications Need Standardization • Need better standardization on choice of devices • Unable to block BYOD trend • Standard practices for picking web applications Data Structure, Volume, & Complexity • Increased Volume of Data needs higher network bandwidth • Require sophisticated network switches and gears to accommodate the increased demand in data and improve “Quality of Service (QoS)” • Existence Structured, Unstructured, & Semi- structured data challenges data security measures More users • Ease of use of application increases more users • Users with different roles and responsibilities pose segregation of duties and conflict of interest issues • Need better security & Access Control mechanism© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Compliance & Security Requirements for Mobile Applications Choice of Devices & Applications • Need to impose healthcare policy to manage BYOD trend • Security & Compliance best practices to be imposed on choice of devices and choosing applications Security & Compliance Policies • Need to comply with HIPAA/HITECH requirements for addressing • Regulatory Standards and Conventions • Authentication & Access Control • Mis-configurations • Data Security Standards • Information Processing Standards • Provider Privacy • Patient Privacy© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Security & Compliance Recommendations & Best Practices for Mobile Apps Security & Compliance Best Practices • HIPAA/HITECH validated checklist of best practices for addressing • Standard for choosing mobile devices and applications • Mobile applications: • Authentication & Access Control • Segregation of Duties (SoD) and Conflict of Interest (CoI) issues • Data Validation • Data Security Standards • Data Confidentiality • Data Loss (51% due to insecure mobile usage) • Mis-configurations • Best practices against Phishing & Mobile Malware • Cryptography • Denial of Service (DoS) • WiFi Security best practices • Control access to Apple’s random apps like© 2012 EHR 2.0. All rights reserved.To purchase reprints ofAppStore this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Top 5 Mobile Security Guidelines Areas Description Access Control Controls in place over authorizing the user of the device Encryption Technology in place to protect data at rest. Backups How, when and where backups are handled. How the device is managed remotely, if at all. This includes the Remote ability to restrict application access, web access, encrypt data, Management remotely wipe, etc. Ensuring that sensitive data transported over the network is encrypted. This data includes usernames and passwords, but Insecure encrypted. also session management information and other Transport data. Does the application force the use of encrypted technologies?© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Where do you start? Identify mobile ePHI systems, processes and people involved Conduct Risk Assessment - Platform, Solution, etc. Use Best Practices - Patching, AV, Remote Wipe, Encryption Assess and Improve - Monitor, Evaluate and adjust© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com. 18
    • The New Trend in Healthcare IT Additional Resources NIST – Guidelines on Cellphone and PDA Security - SP800-124 19© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • Risk Assessment of Technology The New Trend in Healthcare IT • Laptops, Desktops • Storage Devices • Networking devices (Routers, Switches & Wireless) • Medical Devices • Scanners, fax and photocopiers • VoIP Any device that • Smart-phones, Tablets (ipad, electronically stores or transmits information PDAs) using a software • Cloud-based services program 20© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT EHR 2.0 Services Toolkit • BA, HIPAA/HITECH Assessment, OCR • Self-prepare, Prepare and Prepare Plus Education • Workshop, Training, Private Webinars • 1-4 hours, Role-based and Customized Consulting • Security, Compliance and HC Experts • Project Specific© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Upcoming Events • Next Live Webinars  EHR Adoption Challenges(6/6)  Meaningful Use Risk Analysis (6/13) Sign-up at ehr20.com/webinars • Visit us at www.ehr20.com 802-448-2255 info@ehr20.com 22© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare IT Questions? E-mail: info@ehr20.com Call: 802-448-2255 23© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
    • The New Trend in Healthcare ITThank you!!! 24