SlideShare a Scribd company logo

HIPAA, Privacy, Security, and Good Business

Download as PPT, PDF
Stephen Cobb
Stephen Cobb

HIPAA's implications for privacy and security practices in American businesses, addressed in March of 2001 at the Employers' Summit on Health Care, by Stephen Cobb, CISSP. Uploaded in 2014 for the historical record.

Healthcare
1 of 18
Stepen Cobb, Rainbow Technologies, 1 of 18 HIPAA, Privacy, Security, & Good Business Stephen Cobb, CISSP Dir. Research & Education Rainbow Technologies, Spectria Division Employers' Summit on Health Care March 21 - 22, 2001
Stepen Cobb, Rainbow Technologies, 2 of 18 HIPAA, Privacy, Security, & Business • HIPAA is about privacy, but not just privacy. • HIPAA is also about systems and security. • Privacy is not the same as security, but • Without security, you can’t deliver privacy. • HIPAA is not the only privacy legislation. • HIPAA is not the only security legislation. • Privacy is not the only reason for security. • Businesses that “get” privacy and security today will do better than those that don’t.
Stepen Cobb, Rainbow Technologies, 3 of 18 HIPAA is about privacy • 164.502 Uses and disclosures of protected health information: general rules. – (a) Standard. A covered entity may not use or disclose protected health information, except as permitted or required by this subpart or by subpart C of part 160 of this subchapter. • 164.530 Administrative requirements. – (c)(1) Standard: safeguards. A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.
Stepen Cobb, Rainbow Technologies, 4 of 18 HIPAA is not just about privacy • Paraphrase: “appropriate safeguards to protect the privacy of health information.” • That is, to ensure privacy you need security. • But HIPAA 160 is not specific about security: – Implementation specification: safeguards. – A covered entity must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of this subpart.
Stepen Cobb, Rainbow Technologies, 5 of 18 HIPAA may become more specific • HIPAA 142 describes “a set of requirements with implementation features that providers, plans, and clearinghouses must include in their operations to assure that electronic health information pertaining to an individual remains secure.” • “we are designating a new, comprehensive standard...which defines the security requirements to be fulfilled to preserve health information confidentiality and privacy as defined in the law.” – 45 CFR Part 142, Security & Electronic Signature Standards, Federal Register, Vol. 63, No. 155, 8/12/98
Stepen Cobb, Rainbow Technologies, 6 of 18 If 142 follows160, then HIPAA will: • require each health care entity engaged in electronic maintenance or transmission of health information • to assess potential risks and vulnerabilities to the individual health data in its possession in electronic form, • and develop, implement, and maintain appropriate security measures. • 142 stresses that these measures must be documented and kept current.
Stepen Cobb, Rainbow Technologies, 7 of 18 We can call this the writing on the wall. • We are looking at a Federally mandated standard for security practices within companies involved in healthcare or handling health-related information. • Note that these are considered: – practices necessary to conduct business electronically in the health care industry today. • In other words, normal business costs, – things you should be doing today, possibly pre-empting arguments over the cost of such standards.
Stepen Cobb, Rainbow Technologies, 8 of 18 Security practices in the proposed standard are divided into two categories • Organizational Practices – Security and confidentiality policies – Information security officers – Education and training programs, and – Sanctions • Technical Practices and Procedures – Individual authentication of users – Access controls – Audit trails – Physical security – Disaster recovery – Protection of remote access points – Protection of external electronic communications – Software discipline, and – System assessment. Use these as a check list for comparison with your current security practices.
Stepen Cobb, Rainbow Technologies, 9 of 18 We can see that HIPAA is also about systems & security • As we get to grips with 164.530(c)(1) – “appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.” • We have to anticipate what 142 will consider appropriate, and plan accordingly.
Stepen Cobb, Rainbow Technologies, 10 of 18 But privacy is not the same as security • Privacy is a value, and, to differing degrees, in different cultures, a right. • Security is a discipline, a methodology and a technology. • Security is neutral – it can serve privacy or hinder it. – e.g. security technology such as biometrics, which can prevent unauthorized persons from accessing data, can also be used to track people without their consent, often considered an invasion of privacy.
Stepen Cobb, Rainbow Technologies, 11 of 18 But without security, you can’t deliver privacy • You need to make sure the vital ingredients of security are in place: – Policies, procedures, classification, officers, training, awareness, sanctions. – Strong, granular authentication, access controls, intrusion detection. – Software methodology, discipline, testing, penetration testing.
Stepen Cobb, Rainbow Technologies, 12 of 18 HIPAA not the only privacy legislation • Right to Financial Privacy Act • Children's Online Privacy Protection Act • Bank Secrecy Act • Fair Credit Reporting Act • Identity Theft and Assumption Deterrence Act of 1998 • Fair Debt Collection Practices Act • Financial Institution Data Match • Title V, Gramm-Leach-Bliley Act
Stepen Cobb, Rainbow Technologies, 13 of 18 G-L-B affects wide range of companies • Joint Final Rule of OCC, FRB, FDIC, OTS Privacy of Consumer Financial Information. • Requires a financial institution to provide notice to customers about its privacy policies and practices; • Describes the conditions under which a financial institution may disclose nonpublic personal information about consumers to nonaffiliated third parties; and • Provides a method for consumers to prevent a financial institution from disclosing that information to most nonaffiliated third parties by “opting out” of that disclosure.
Stepen Cobb, Rainbow Technologies, 14 of 18 HIPAA not the only security legislation • require that each bank implement a comprehensive written information security program that includes administrative, technical and physical safeguards for customer records and information appropriate to the size and complexity of the bank and the nature and scope of its activities; • require the bank's board of directors, or an appropriate committee of the board, to approve and oversee the development, implementation and maintenance of the bank's information security program; and • requires banks to exercise appropriate due diligence in selecting and monitoring service providers, and that service providers implement appropriate security measures to meet the objectives of the guidelines.
Stepen Cobb, Rainbow Technologies, 15 of 18 Privacy not the only reason for security • If you do security right, you also get protection from: – Malicious hackers, disgruntled employees. – Malicious code, viruses, Trojan Horses. – Industrial and government espionage. – Stupid user errors and omissions. – Allegations of negligence and shareholder lawsuits if something does go wrong.
Stepen Cobb, Rainbow Technologies, 16 of 18 Businesses that “get” privacy & security today will do better than those that don’t • Privacy is about respect for individuals, many of whom are your customers. • Security is about the quality of your company in the age of information. • Tomorrow’s top companies will be those that figure out today, how to respect privacy and protect information systems while efficiently marketing and delivering goods and services.
Stepen Cobb, Rainbow Technologies, 17 of 18 And this is not just my opinion • Companies must take a whole-view approach to privacy – To survive mounting consumer anxiety and the growing labyrinth of US and foreign regulation, firms need to institutionalize their commitment to protecting and managing their customers’ privacy by taking a comprehensive, whole-view approach to privacy. – Anyone today who thinks the privacy issue has peaked is greatly mistaken. As with environmentalism [in the 60s] we are in the early stages of a sweeping change in attitudes that will fuel years of political battles and put once-routine business practices under the microscope. • Forrester Report, February 2001
Stepen Cobb, Rainbow Technologies, 18 of 18 Thank You! Stephen Cobb

Recommended

What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPTRajat Kumar
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain SecurityICSA, LLC
 

Recommended

What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPTRajat Kumar
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain SecurityICSA, LLC
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Cybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsCybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsBryan Len
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityrahulbhardwaj312501
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
Cyber security
Cyber securityCyber security
Cyber securityPrem Raval
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Ronan Martin
 
Global threat landscape
Global threat landscapeGlobal threat landscape
Global threat landscapeJynette Reed
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeStephen Cobb
 

More Related Content

What's hot

презентация1
презентация1презентация1
презентация1sagidullaa01
 
Cybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsCybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsBryan Len
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
Cyber security
Cyber securityCyber security
Cyber securityPrem Raval
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Ronan Martin
 

What's hot (20)

презентация1
презентация1презентация1
презентация1
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity lawsCybersecurity training seminars, courses, cybersecurity laws
Cybersecurity training seminars, courses, cybersecurity laws
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
 
Topic11
Topic11Topic11
Topic11
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
Cyber security
Cyber securityCyber security
Cyber security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01Whitepaper next generation_patient_safety_bertine_mc_kenna.01
Whitepaper next generation_patient_safety_bertine_mc_kenna.01
 

Viewers also liked

Global threat landscape
Global threat landscapeGlobal threat landscape
Global threat landscapeJynette Reed
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeStephen Cobb
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionStephen Cobb
 
Getting Started with Business Continuity
Getting Started with Business ContinuityGetting Started with Business Continuity
Getting Started with Business ContinuityStephen Cobb
 
Cybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataStephen Cobb
 
Malware and the risks of weaponizing code
Malware and the risks of weaponizing codeMalware and the risks of weaponizing code
Malware and the risks of weaponizing codeStephen Cobb
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Stephen Cobb
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsStephen Cobb
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistMatthew Rosenquist
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 
Cyber Security Career Advice
Cyber Security Career AdviceCyber Security Career Advice
Cyber Security Career AdviceDonald E. Hester
 
Navigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew FearsonNavigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew FearsonChristopher Clark
 

Viewers also liked (20)

Global threat landscape
Global threat landscapeGlobal threat landscape
Global threat landscape
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeMalware is Called Malicious for a Reason: The Risks of Weaponizing Code
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
The Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 editionThe Year Ahead in Cyber Security: 2014 edition
The Year Ahead in Cyber Security: 2014 edition
 
Getting Started with Business Continuity
Getting Started with Business ContinuityGetting Started with Business Continuity
Getting Started with Business Continuity
 
Cybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient Data
 
Cyber security
Cyber securityCyber security
Cyber security
 
Malware and the risks of weaponizing code
Malware and the risks of weaponizing codeMalware and the risks of weaponizing code
Malware and the risks of weaponizing code
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecurity
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Enjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber CriminalsEnjoy Safer Technology and Defeat Cyber Criminals
Enjoy Safer Technology and Defeat Cyber Criminals
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In Security
 
Cyber Security Career Advice
Cyber Security Career AdviceCyber Security Career Advice
Cyber Security Career Advice
 
Navigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew FearsonNavigating Your Career in Cyber Security - Steve Santini & Drew Fearson
Navigating Your Career in Cyber Security - Steve Santini & Drew Fearson
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 

Similar to HIPAA, Privacy, Security, and Good Business

ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningBlack Duck by Synopsys
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013RightScale
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT AssessmentRachel Caldwell
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratchTechugo
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 

Similar to HIPAA, Privacy, Security, and Good Business (20)

ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Equifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability ScanningEquifax, the FTC Act, and Vulnerability Scanning
Equifax, the FTC Act, and Vulnerability Scanning
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
HIPAA in the Public Cloud: The Rules Have Been Set - RightScale Compute 2013
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
 

More from Stephen Cobb

Cybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptxCybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptxStephen Cobb
 
Cybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationCybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationStephen Cobb
 
What Makes a Good CISO
What Makes a Good CISOWhat Makes a Good CISO
What Makes a Good CISOStephen Cobb
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with securityStephen Cobb
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseStephen Cobb
 
Endpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategyEndpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategyStephen Cobb
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowStephen Cobb
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 

More from Stephen Cobb (12)

Cybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptxCybercrime-as-health-crisis-shared.pptx
Cybercrime-as-health-crisis-shared.pptx
 
Cybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationCybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and Communication
 
What Makes a Good CISO
What Makes a Good CISOWhat Makes a Good CISO
What Makes a Good CISO
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills Gap
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with security
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of Cybercrime
 
Safer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and ResponseSafer Technology Through Threat Awareness and Response
Safer Technology Through Threat Awareness and Response
 
Endpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategyEndpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategy
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 

Recently uploaded

💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...India Call Girls
 
❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...
❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...
❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...Sheetaleventcompany
 
Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*
Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*
Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*Mumbai Call girl
 
Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...
Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...
Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...Sheetaleventcompany
 
Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...
Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...
Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...Sheetaleventcompany
 
💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...
💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...
💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...India Call Girls
 
2024 PCP #IMPerative Updates in Rheumatology
2024 PCP #IMPerative Updates in Rheumatology2024 PCP #IMPerative Updates in Rheumatology
2024 PCP #IMPerative Updates in RheumatologySidney Erwin Manahan
 
💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...India Call Girls
 
Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...Sheetaleventcompany
 
Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...
Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...
Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...Sheetaleventcompany
 
❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...
❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...
❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...Sheetaleventcompany
 
Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...Sheetaleventcompany
 
Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...
Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...
Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...Sheetaleventcompany
 
Call Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service Chandigarh
Call Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service ChandigarhCall Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service Chandigarh
Call Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service ChandigarhSheetaleventcompany
 
💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...
💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...
💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...India Call Girls
 
❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...
❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...
❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...daljeetkaur2026
 
Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...
Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...
Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...Sheetaleventcompany
 
Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...
Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...
Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...Sheetaleventcompany
 
❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...
❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...
❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...daljeetkaur2026
 
💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...
💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...
💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...India Call Girls
 

Recently uploaded (20)

💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Bhopal 🧿 9332606886 🧿 High Class Call Gir...
 
❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...
❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...
❤️Chandigarh Escorts☎️9814379184☎️ Call Girl service in Chandigarh☎️ Chandiga...
 
Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*
Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*
Ulhasnagar Call girl escort *88638//40496* Call me monika call girls 24*
 
Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...
Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...
Erotic Call Girls Bangalore {7304373326} ❤️VVIP SIYA Call Girls in Bangalore ...
 
Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...
Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...
Lucknow Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Luckn...
 
💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...
💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...
💞 Safe And Secure Call Girls Prayagraj 🧿 9332606886 🧿 High Class Call Girl Se...
 
2024 PCP #IMPerative Updates in Rheumatology
2024 PCP #IMPerative Updates in Rheumatology2024 PCP #IMPerative Updates in Rheumatology
2024 PCP #IMPerative Updates in Rheumatology
 
💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...
💸Cash Payment No Advance Call Girls Nagpur 🧿 9332606886 🧿 High Class Call Gir...
 
Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9142599079} ❤️VVIP NISHA Call Girls in Pune Maharas...
 
Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...
Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...
Low Rate Call Girls Udaipur {9xx000xx09} ❤️VVIP NISHA CCall Girls in Udaipur ...
 
❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...
❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...
❤️Chandigarh Escort Service☎️9814379184☎️ Call Girl service in Chandigarh☎️ C...
 
Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...
Premium Call Girls Bangalore {9179660964} ❤️VVIP POOJA Call Girls in Bangalor...
 
Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...
Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...
Call Girl In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indor...
 
Call Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service Chandigarh
Call Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service ChandigarhCall Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service Chandigarh
Call Now ☎ 8868886958 || Call Girls in Chandigarh Escort Service Chandigarh
 
💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...
💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...
💞 Safe And Secure Call Girls gaya 🧿 9332606886 🧿 High Class Call Girl Service...
 
❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...
❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...
❤️ Chandigarh Call Girls Service☎️9878799926☎️ Call Girl service in Chandigar...
 
Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...
Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...
Gorgeous Call Girls In Pune {9xx000xx09} ❤️VVIP ANKITA Call Girl in Pune Maha...
 
Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...
Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...
Call Girls In Indore 📞9235973566📞Just Call Inaaya📲 Call Girls Service In Indo...
 
❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...
❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...
❤️ Zirakpur Call Girl Service ☎️9878799926☎️ Call Girl service in Zirakpur ☎...
 
💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...
💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...
💸Cash Payment No Advance Call Girls Kolkata 🧿 9332606886 🧿 High Class Call Gi...
 

HIPAA, Privacy, Security, and Good Business

  • 1. Stepen Cobb, Rainbow Technologies, 1 of 18 HIPAA, Privacy, Security, & Good Business Stephen Cobb, CISSP Dir. Research & Education Rainbow Technologies, Spectria Division Employers' Summit on Health Care March 21 - 22, 2001
  • 2. Stepen Cobb, Rainbow Technologies, 2 of 18 HIPAA, Privacy, Security, & Business • HIPAA is about privacy, but not just privacy. • HIPAA is also about systems and security. • Privacy is not the same as security, but • Without security, you can’t deliver privacy. • HIPAA is not the only privacy legislation. • HIPAA is not the only security legislation. • Privacy is not the only reason for security. • Businesses that “get” privacy and security today will do better than those that don’t.
  • 3. Stepen Cobb, Rainbow Technologies, 3 of 18 HIPAA is about privacy • 164.502 Uses and disclosures of protected health information: general rules. – (a) Standard. A covered entity may not use or disclose protected health information, except as permitted or required by this subpart or by subpart C of part 160 of this subchapter. • 164.530 Administrative requirements. – (c)(1) Standard: safeguards. A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.
  • 4. Stepen Cobb, Rainbow Technologies, 4 of 18 HIPAA is not just about privacy • Paraphrase: “appropriate safeguards to protect the privacy of health information.” • That is, to ensure privacy you need security. • But HIPAA 160 is not specific about security: – Implementation specification: safeguards. – A covered entity must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of this subpart.
  • 5. Stepen Cobb, Rainbow Technologies, 5 of 18 HIPAA may become more specific • HIPAA 142 describes “a set of requirements with implementation features that providers, plans, and clearinghouses must include in their operations to assure that electronic health information pertaining to an individual remains secure.” • “we are designating a new, comprehensive standard...which defines the security requirements to be fulfilled to preserve health information confidentiality and privacy as defined in the law.” – 45 CFR Part 142, Security & Electronic Signature Standards, Federal Register, Vol. 63, No. 155, 8/12/98
  • 6. Stepen Cobb, Rainbow Technologies, 6 of 18 If 142 follows160, then HIPAA will: • require each health care entity engaged in electronic maintenance or transmission of health information • to assess potential risks and vulnerabilities to the individual health data in its possession in electronic form, • and develop, implement, and maintain appropriate security measures. • 142 stresses that these measures must be documented and kept current.
  • 7. Stepen Cobb, Rainbow Technologies, 7 of 18 We can call this the writing on the wall. • We are looking at a Federally mandated standard for security practices within companies involved in healthcare or handling health-related information. • Note that these are considered: – practices necessary to conduct business electronically in the health care industry today. • In other words, normal business costs, – things you should be doing today, possibly pre-empting arguments over the cost of such standards.
  • 8. Stepen Cobb, Rainbow Technologies, 8 of 18 Security practices in the proposed standard are divided into two categories • Organizational Practices – Security and confidentiality policies – Information security officers – Education and training programs, and – Sanctions • Technical Practices and Procedures – Individual authentication of users – Access controls – Audit trails – Physical security – Disaster recovery – Protection of remote access points – Protection of external electronic communications – Software discipline, and – System assessment. Use these as a check list for comparison with your current security practices.
  • 9. Stepen Cobb, Rainbow Technologies, 9 of 18 We can see that HIPAA is also about systems & security • As we get to grips with 164.530(c)(1) – “appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information.” • We have to anticipate what 142 will consider appropriate, and plan accordingly.
  • 10. Stepen Cobb, Rainbow Technologies, 10 of 18 But privacy is not the same as security • Privacy is a value, and, to differing degrees, in different cultures, a right. • Security is a discipline, a methodology and a technology. • Security is neutral – it can serve privacy or hinder it. – e.g. security technology such as biometrics, which can prevent unauthorized persons from accessing data, can also be used to track people without their consent, often considered an invasion of privacy.
  • 11. Stepen Cobb, Rainbow Technologies, 11 of 18 But without security, you can’t deliver privacy • You need to make sure the vital ingredients of security are in place: – Policies, procedures, classification, officers, training, awareness, sanctions. – Strong, granular authentication, access controls, intrusion detection. – Software methodology, discipline, testing, penetration testing.
  • 12. Stepen Cobb, Rainbow Technologies, 12 of 18 HIPAA not the only privacy legislation • Right to Financial Privacy Act • Children's Online Privacy Protection Act • Bank Secrecy Act • Fair Credit Reporting Act • Identity Theft and Assumption Deterrence Act of 1998 • Fair Debt Collection Practices Act • Financial Institution Data Match • Title V, Gramm-Leach-Bliley Act
  • 13. Stepen Cobb, Rainbow Technologies, 13 of 18 G-L-B affects wide range of companies • Joint Final Rule of OCC, FRB, FDIC, OTS Privacy of Consumer Financial Information. • Requires a financial institution to provide notice to customers about its privacy policies and practices; • Describes the conditions under which a financial institution may disclose nonpublic personal information about consumers to nonaffiliated third parties; and • Provides a method for consumers to prevent a financial institution from disclosing that information to most nonaffiliated third parties by “opting out” of that disclosure.
  • 14. Stepen Cobb, Rainbow Technologies, 14 of 18 HIPAA not the only security legislation • require that each bank implement a comprehensive written information security program that includes administrative, technical and physical safeguards for customer records and information appropriate to the size and complexity of the bank and the nature and scope of its activities; • require the bank's board of directors, or an appropriate committee of the board, to approve and oversee the development, implementation and maintenance of the bank's information security program; and • requires banks to exercise appropriate due diligence in selecting and monitoring service providers, and that service providers implement appropriate security measures to meet the objectives of the guidelines.
  • 15. Stepen Cobb, Rainbow Technologies, 15 of 18 Privacy not the only reason for security • If you do security right, you also get protection from: – Malicious hackers, disgruntled employees. – Malicious code, viruses, Trojan Horses. – Industrial and government espionage. – Stupid user errors and omissions. – Allegations of negligence and shareholder lawsuits if something does go wrong.
  • 16. Stepen Cobb, Rainbow Technologies, 16 of 18 Businesses that “get” privacy & security today will do better than those that don’t • Privacy is about respect for individuals, many of whom are your customers. • Security is about the quality of your company in the age of information. • Tomorrow’s top companies will be those that figure out today, how to respect privacy and protect information systems while efficiently marketing and delivering goods and services.
  • 17. Stepen Cobb, Rainbow Technologies, 17 of 18 And this is not just my opinion • Companies must take a whole-view approach to privacy – To survive mounting consumer anxiety and the growing labyrinth of US and foreign regulation, firms need to institutionalize their commitment to protecting and managing their customers’ privacy by taking a comprehensive, whole-view approach to privacy. – Anyone today who thinks the privacy issue has peaked is greatly mistaken. As with environmentalism [in the 60s] we are in the early stages of a sweeping change in attitudes that will fuel years of political battles and put once-routine business practices under the microscope. • Forrester Report, February 2001
  • 18. Stepen Cobb, Rainbow Technologies, 18 of 18 Thank You! Stephen Cobb