Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Firehost Webinar: Getting Hipaa Compliant


Published on

An in-depth look at how to become HIPAA Compliant. Join us as we discuss: risk assessment, prioritization and the 3 approaches to risk.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Firehost Webinar: Getting Hipaa Compliant

  1. 1. 6 May 2014 Getting HIPAA Compliant: Cutting Through the Clutter Kurt Hagerman, CISO
  2. 2. Today’s Speaker Kurt Hagerman Chief Information Security Officer Kurt Hagerman oversees all compliance related and security initiatives. He is responsible for leading FireHost in attaining ISO, PCI, HIPAA and other certifications which allow FireHost customers to more easily achieve their own compliance requirements. He regularly speaks and writes on information security topics in the payments and healthcare spaces, as well as on cloud security. Getting HIPAA Compliant
  3. 3. Agenda • Demystifying HIPAA Compliance • Getting Secure • Security Step 1: Risk Assessment • Security Step 2: Prioritization • Security Step 3: The 3 Approaches to Risk • Questions & Answers Getting HIPAA Compliant
  4. 4. Demystifying HIPAA Compliance • Review last webinar: • What does it meant to be HIPAA compliant? • Put a security controls program in place that addresses the risks and threats on how your organization handles PHI • There is no easy button for HIPAA compliance • How to get started Getting HIPAA Compliant
  5. 5. Getting Secure 1. Assessing Your Risk 2. Developing Your Mitigation Strategies 3. Choose Approach: Treat / Accept / Transfer Getting HIPAA Compliant
  6. 6. • Risk assessments strengthen your security posture • Security Rule requires annual risk analysis • OCR audits showed widespread lack of or poor risk assessments • Use existing frameworks: NIST 800-30, FAIR, OCTAVE • Assess your organizational risk and threats • Don’t forget: include your Business Associates Security Step 1: Risk Assessment Getting HIPAA Compliant
  7. 7. Review: Risk Assessments Not just an IT exercise – get all stakeholders involved • Elements of proper risk assessment: • Identify the flow and all sources of ePHI • Identify threats and vulnerabilities • Evaluate impact and likelihood of threats and vulnerabilities being exploited • Assign risk levels and identify mitigation options • Determine which options to implement Getting HIPAA Compliant
  8. 8. • Evaluate impact and likelihood of threats and vulnerabilities being exploited • Assign risk levels • Prioritize based on risk levels • Identify mitigation options & their costs • Determine how to treat your risks Security Step 2: Prioritization Getting HIPAA Compliant
  9. 9. • Treat – implement controls to mitigate risk • Select controls that match up with the maturity of your organization • Transfer – find a provider who will handle risk for you • Insurance • 3rd party service providers • Accept – what you can’t treat or transfer you must accept as a cost of doing business Security vs. Compliance Security Step 3: The 3 Approaches to Risk Getting HIPAA Compliant
  10. 10. Getting HIPAA Compliant HealthData Repository™ Deconstructed June 4, 2014 • Challenges in healthcare IT • Keeping healthcare information secure in the cloud • Lowering the risk and scope of HIPAA compliance with FireHost’s HealthData Repository™ • Register Today What’s next?
  11. 11. Getting HIPAA Compliant &Answers Questions
  12. 12. Getting HIPAA Compliant Thank You Email Phone Kurt Hagerman Chief Information Security Officer 877 262 3473 x8073