Advertisement
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor

Check these out next

Need for cybersecurity
Need for cybersecurity
Sri Manakula Vinayagar Engineering College
HxRefactored - TrueVault - Jason Wang - API Pitch
HxRefactored - TrueVault - Jason Wang - API Pitch
HxRefactored
Security Issues in Internet of Things
Security Issues in Internet of Things
Lohith Haravu Chandrashekar
HIPAA
HIPAA
Druce MacFarlane
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew
Circuit security
Circuit security
Paperjam_redaction
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council
Presciense InterQuest IoT Talk
Presciense InterQuest IoT Talk
Jonathan Lishawa
1 of 16

Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor

Sep. 29, 2015
Download to read offline
Technology

HIPAA’s Safe Harbor provision is well-known: If PHI is encrypted so that it's unusable, unreadable, or indecipherable to unauthorized individuals, breach notifications aren’t required. However, the U.S. government considers that encryption not validated by NIST to FIPS 140-2 standards is the equal of plaintext. In other words, healthcare providers are rarely in full compliance with the federal benchmark. While governing bodies have been overlooking this incongruity, it is inevitable that the FIPS 140-2 cryptographic standard will be imposed on healthcare providers in the near future. This presentation will prepare attendees for this major hurdle.

Ray Potter
CEO at SafeLogic
Advertisement
Advertisement
Advertisement

Recommended

Secured Communication Infrastructure for Substation AutomationSecured Communication Infrastructure for Substation Automation
Secured Communication Infrastructure for Substation AutomationNirmal Thaliyil50 views7 slides
C. Gibbs MHA 690 week 1 discussion 2C. Gibbs MHA 690 week 1 discussion 2
C. Gibbs MHA 690 week 1 discussion 2CGibbs3121202 views12 slides
Web Werks Data Center Achieves HIPAA Compliance CertificationWeb Werks Data Center Achieves HIPAA Compliance Certification
Web Werks Data Center Achieves HIPAA Compliance CertificationWeb Werks Data Centers50 views5 slides
Fle f04 mishra-v0.9Fle f04 mishra-v0.9
Fle f04 mishra-v0.9Minatee Mishra105 views35 slides
Mobile Device SecurityMobile Device Security
Mobile Device SecurityBen Quirk339 views15 slides
Mrx securityMrx security
Mrx securitydavidjd274 views22 slides

More Related Content

Slideshows for you(20)

Need for cybersecurityNeed for cybersecurity
Need for cybersecurity
Sri Manakula Vinayagar Engineering College481 views
HxRefactored - TrueVault - Jason Wang - API Pitch HxRefactored - TrueVault - Jason Wang - API Pitch
HxRefactored - TrueVault - Jason Wang - API Pitch
HxRefactored853 views
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
Lohith Haravu Chandrashekar112 views
HIPAAHIPAA
HIPAA
Druce MacFarlane52 views
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
Risk Crew62 views
Circuit securityCircuit security
Circuit security
Paperjam_redaction467 views
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
EC-Council2.2K views
Presciense InterQuest IoT TalkPresciense InterQuest IoT Talk
Presciense InterQuest IoT Talk
Jonathan Lishawa125 views
Attack and Defence in Mobile AppsAttack and Defence in Mobile Apps
Attack and Defence in Mobile Apps
David Johansson139 views
eHealth ….. How to trust a cloud?eHealth ….. How to trust a cloud?
eHealth ….. How to trust a cloud?
Mario Drobics720 views
IoT Integration in the Air conditioning, Heating and Refrigeration industry ...IoT Integration in the Air conditioning, Heating and Refrigeration industry ...
IoT Integration in the Air conditioning, Heating and Refrigeration industry ...
Art Garcia603 views
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
Yu-Hsin Hung895 views
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
Simform187 views
Anypoint enterprise securityAnypoint enterprise security
Anypoint enterprise security
Krishna_in329 views
01 presentation-kenwillen01 presentation-kenwillen
01 presentation-kenwillen
InfinIT - Innovationsnetværket for it436 views
Cyber intelligence-servicesCyber intelligence-services
Cyber intelligence-services
Cyber 51 LLC355 views
Smart Business using IoTSmart Business using IoT
Smart Business using IoT
Mithileysh Sathiyanarayanan141 views
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago843 views
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
Charles Cline119 views
Cloud computing 10 cloud security advantages and challengesCloud computing 10 cloud security advantages and challenges
Cloud computing 10 cloud security advantages and challenges
Vaibhav Khanna34 views

Viewers also liked(20)

Hidden in Plain Sight: DUAL_EC_DRBG 'n stuffHidden in Plain Sight: DUAL_EC_DRBG 'n stuff
Hidden in Plain Sight: DUAL_EC_DRBG 'n stuff
WhiskeyNeon663 views
Skeleton key malware detection owaspSkeleton key malware detection owasp
Skeleton key malware detection owasp
Tal Be'ery1.3K views
LSA2 - 02 chrootingLSA2 - 02 chrooting
LSA2 - 02 chrooting
Marian Marinov3.8K views
One Key to Rule Them All: Detecting the Skeleton Key MalwareOne Key to Rule Them All: Detecting the Skeleton Key Malware
One Key to Rule Them All: Detecting the Skeleton Key Malware
Tal Be'ery2.5K views
Public-Key Identification Schemes Based on Multivariate PolynomialsPublic-Key Identification Schemes Based on Multivariate Polynomials
Public-Key Identification Schemes Based on Multivariate Polynomials
Cassius Puodzius297 views
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
Compliancy Group416 views
EuroBSDCon 2014 Program FrontEuroBSDCon 2014 Program Front
EuroBSDCon 2014 Program Front
eurobsdcon684 views
Solving 800-90 Entropy Requirements in SoftwareSolving 800-90 Entropy Requirements in Software
Solving 800-90 Entropy Requirements in Software
Ray Potter470 views
Signature from One-way FunctionsSignature from One-way Functions
Signature from One-way Functions
Cassius Puodzius931 views
StHack 2014 - Jerome "@funoverip" Nokin Turning your managed av into my botnetStHack 2014 - Jerome "@funoverip" Nokin Turning your managed av into my botnet
StHack 2014 - Jerome "@funoverip" Nokin Turning your managed av into my botnet
StHack 1.3K views
ATA Spec 2300, implementation perspectives. Who, why, what, how… When? Bruno ...ATA Spec 2300, implementation perspectives. Who, why, what, how… When? Bruno ...
ATA Spec 2300, implementation perspectives. Who, why, what, how… When? Bruno ...
Bruno Chatel2K views
StHack 2013 - Nicolas "@baldanos" Oberli Please insert inject more coinStHack 2013 - Nicolas "@baldanos" Oberli Please insert inject more coin
StHack 2013 - Nicolas "@baldanos" Oberli Please insert inject more coin
StHack 1.4K views
Erase icitstErase icitst
Erase icitst
nashvasan313 views
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
Amazon Web Services8.2K views
StHack 2013 - Florian "@agixid" Gaultier No SQL injection but NoSQL injectionStHack 2013 - Florian "@agixid" Gaultier No SQL injection but NoSQL injection
StHack 2013 - Florian "@agixid" Gaultier No SQL injection but NoSQL injection
StHack 8.7K views
University of Oslo's TSD service - storing sensitive & restricted data by D... University of Oslo's TSD service - storing sensitive & restricted data by D...
University of Oslo's TSD service - storing sensitive & restricted data by D...
eurobsdcon700 views
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
eurobsdcon796 views
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Take Two Curves and Call Me in the Morning: The Story of the NSAs Dual_EC_DRB...
Khaled El Emam2.4K views
StHack 2014 - Ninon Eyrolles Obfuscation 101StHack 2014 - Ninon Eyrolles Obfuscation 101
StHack 2014 - Ninon Eyrolles Obfuscation 101
StHack 1.2K views
Sthack 2015 - Aris "@aris_ada" Adamantiadis - DUAL_EC_DRBG : Une histoire de ...Sthack 2015 - Aris "@aris_ada" Adamantiadis - DUAL_EC_DRBG : Une histoire de ...
Sthack 2015 - Aris "@aris_ada" Adamantiadis - DUAL_EC_DRBG : Une histoire de ...
StHack 1.4K views
Advertisement

Similar to Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor(20)

Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
Precisely255 views
Feisal nanji himss 13 -- finalfinalfinalFeisal nanji himss 13 -- finalfinalfinal
Feisal nanji himss 13 -- finalfinalfinal
Feisal Nanji291 views
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
Denny Lee656 views
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Precisely173 views
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro1.2K views
Provable Device Cybersecurity in Blockchain TransactionsProvable Device Cybersecurity in Blockchain Transactions
Provable Device Cybersecurity in Blockchain Transactions
Rivetz339 views
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...
Comprehensive Hadoop Security for the Enterprise | Part I | Compliance Ready ...
Cloudera, Inc.6.4K views
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Precisely107 views
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Precisely272 views
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
Precisely44 views
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely190 views
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick645 views
Hipaa security compliance checklist for developers & business associatesHipaa security compliance checklist for developers & business associates
Hipaa security compliance checklist for developers & business associates
Shoba Krishnamurthy197 views
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
OnRamp204 views
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
Precisely158 views
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
Compliancy Group796 views
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely125 views
Endpoint Security for Mobile DevicesEndpoint Security for Mobile Devices
Endpoint Security for Mobile Devices
David Shepherd635 views
Cloud securityCloud security
Cloud security
Adeel Javaid864 views
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
Armin Torres1.7K views

Recently uploaded(20)

Biking on the edge - Jerome Mies - SRD23Biking on the edge - Jerome Mies - SRD23
Biking on the edge - Jerome Mies - SRD23
SURFevents0 views
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB 0 views
The Industrialist: Trends & Innovations - June 2023The Industrialist: Trends & Innovations - June 2023
The Industrialist: Trends & Innovations - June 2023
accenture5 views
Trends in Cloud Computing Services | Nuvento USATrends in Cloud Computing Services | Nuvento USA
Trends in Cloud Computing Services | Nuvento USA
Nuvento Systems Pvt Ltd0 views
IS INDEXED JOURNAL -SUBMIT YOUR RESEARCH PAPERS...!IS INDEXED JOURNAL -SUBMIT YOUR RESEARCH PAPERS...!
IS INDEXED JOURNAL -SUBMIT YOUR RESEARCH PAPERS...!
dannyijwest0 views
International Journal of Computer-Aided technologies (IJCAx)International Journal of Computer-Aided technologies (IJCAx)
International Journal of Computer-Aided technologies (IJCAx)
ijcax0 views
AIDRC Gitex Africa - Final edited_TL.pdfAIDRC Gitex Africa - Final edited_TL.pdf
AIDRC Gitex Africa - Final edited_TL.pdf
Thierry Lestable0 views
Single View of DataSingle View of Data
Single View of Data
confluent0 views
What is the Structure and Working Principle of WDM Devices.pdfWhat is the Structure and Working Principle of WDM Devices.pdf
What is the Structure and Working Principle of WDM Devices.pdf
HYC Co., Ltd0 views
개발자의 문서작성개발자의 문서작성
개발자의 문서작성
Wonjun Hwang0 views
Business_Process_Outsourcing_and_Shared_Service_Centers_in_Georgia - Excellen...Business_Process_Outsourcing_and_Shared_Service_Centers_in_Georgia - Excellen...
Business_Process_Outsourcing_and_Shared_Service_Centers_in_Georgia - Excellen...
NRKMurthy10 views
How Does Grocery Delivery App Generate Revenue.pdfHow Does Grocery Delivery App Generate Revenue.pdf
How Does Grocery Delivery App Generate Revenue.pdf
Shopia Wilson0 views
Computational steering Interactive Design-through-Analysis for Simulation Sci...Computational steering Interactive Design-through-Analysis for Simulation Sci...
Computational steering Interactive Design-through-Analysis for Simulation Sci...
SURFevents0 views
AIR_BAG.pptxAIR_BAG.pptx
AIR_BAG.pptx
monu8296630 views
Intelion Systems.pdfIntelion Systems.pdf
Intelion Systems.pdf
IntelionSystems0 views
Manufacturing Slides Powerpoint Template.pptxManufacturing Slides Powerpoint Template.pptx
Manufacturing Slides Powerpoint Template.pptx
ssuser589db12 views
Stream Processing with Flink and Stream SharingStream Processing with Flink and Stream Sharing
Stream Processing with Flink and Stream Sharing
confluent0 views
Sharing personal data and the GDPR - how can it be done - Francisco Romero Pa...Sharing personal data and the GDPR - how can it be done - Francisco Romero Pa...
Sharing personal data and the GDPR - how can it be done - Francisco Romero Pa...
SURFevents0 views
Shiloh.pptxShiloh.pptx
Shiloh.pptx
NgulleNanga0 views
python-ppt.pptpython-ppt.ppt
python-ppt.ppt
MohammadSamiuddin100 views
Advertisement

Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe Harbor

  1. Unsafe Harbor
 Will Your Encryption Weather the Storm? Ray Potter CEO, SafeLogic
  2. Safe Harbor • Eliminates the requirement to notify affected parties and the federal government of an ePHI data breach • ePHI data must be in a format that is unusable, unreadable, or indecipherable to unauthorized individuals 2
  3. HIPAA • Establishes the national set of standards for the handling of ePHI in electronic form • Security Standards for the Protection of ePHI • Privacy expectations for covered entities 3
  4. HIPAA Security Rule • General Rules • Administrative Safeguards • Physical Safeguards • Technical Safeguards • Organizational Requirements • Policies / Procedures and Documentation Requirements 4
  5. NIST SP 800-66 • Introductory resource guide for Implementing the HIPAA Security Rule • Voluntary guideline and best practices for implementation of HIPAA security rule • State / local government • Private industry • Links NIST Risk Management Framework to HIPAA Security Rule 5
  6. Risk Management Framework 6
  7. What's at Risk? • Personal health info • Device compromise • Health • Life • How does HIPAA / Safe Harbor help? 7
  8. Access Control • Access Enforcement • The organization encrypts or stores off- line in a secure location • Media Access • The system uses cryptographic mechanisms to protect and restrict access to information on portable digital media 8
  9. Identification & Authentication • Device Identification and Authentication • Authenticates devices before establishing remote, wireless network, and network connections using bidirectional authentication between devices that is cryptographically based 9
  10. • Cryptographic Module Authentication • Implement role-based or identity-based • Use of Cryptography • System should use FIPS 140-2 validated modules Encryption 10
  11. Data at Rest / Transmission • Media Storage • Media Transport • Transmission Integrity • Transmission Confidentiality • Maintain confidentiality and integrity 11
  12. FIPS  140 • Federal  Information  Processing  Standard  140   • Specifies  requirements  for  cryptographic   hardware  and  software  modules     • Published  by  US  (NIST)  and  Canadian   Governments   • Offers  4  levels  of  validation 12
  13. Sections of Requirements • Module Description • Interfaces • Roles, Services, and Authentication • Finite State Model • Physical Security • Operating Environment • Key Management • EMI/EMC • Self Tests • Design Assurance • Mitigation of Attacks 13
  14. Value • Standardized algorithms • Algorithm testing • Documented processes • Documented code 14
  15. Why Compliance? • Vendors need to be able to sell products to the regulated industries • Vendors need to remain competitive • End users need security assurance 15
  16. Let’s Connect • @SafeLogic   • @SafeLogic_Ray   • www.safelogic.com 16
Advertisement