Submit Search
Upload
Introduction to Health Informatics Ch11 power point
ā¢
Download as PPTX, PDF
ā¢
0 likes
ā¢
150 views
B
bradleyl2
Follow
Slide Share Power Point Chapter 11
Read less
Read more
Healthcare
Report
Share
Report
Share
1 of 60
Download now
Recommended
Security Architecture
Security Architecture
Priyank Hada
Ā
FRSecure Sales Deck
FRSecure Sales Deck
Evan Francen
Ā
HIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
data brackets
Ā
3 02
3 02
Pranaya Krishna
Ā
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
Ā
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
shivanishuks
Ā
Final Presentation
Final Presentation
chris odle
Ā
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
Ā
Recommended
Security Architecture
Security Architecture
Priyank Hada
Ā
FRSecure Sales Deck
FRSecure Sales Deck
Evan Francen
Ā
HIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
data brackets
Ā
3 02
3 02
Pranaya Krishna
Ā
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
Ā
Shivani shukla_B38_KnowledgeManagement
Shivani shukla_B38_KnowledgeManagement
shivanishuks
Ā
Final Presentation
Final Presentation
chris odle
Ā
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
Ā
HIPAA omnibus rule update
HIPAA omnibus rule update
O'Connor Davies CPAs
Ā
Secuntialesse
Secuntialesse
Anne Starr
Ā
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
MBMeHealthCareSolutions
Ā
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
Karthikeyan Dhayalan
Ā
The Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
learfield
Ā
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
CMDLMS
Ā
Information security
Information security
Praveen Minz
Ā
Domain 2 - Asset Security
Domain 2 - Asset Security
Maganathin Veeraragaloo
Ā
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
NUS-ISS
Ā
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare Cloud
Hostway|HOSTING
Ā
)k
)k
Anne Starr
Ā
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
OnRamp
Ā
Sec4
Sec4
Anne Starr
Ā
Lesson 2
Lesson 2
MLG College of Learning, Inc
Ā
HIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician Practices
Cole Libby
Ā
The general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
Ā
You and HIPAA - Get the Facts
You and HIPAA - Get the Facts
resourceone
Ā
SECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
Ā
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
Ā
Lesson 2
Lesson 2
MLG College of Learning, Inc
Ā
Warhorse pride #123 april 18, 2013
Warhorse pride #123 april 18, 2013
warhorsepao
Ā
Warhorse pride vol 2 issue 12 20140606
Warhorse pride vol 2 issue 12 20140606
warhorsepao
Ā
More Related Content
What's hot
HIPAA omnibus rule update
HIPAA omnibus rule update
O'Connor Davies CPAs
Ā
Secuntialesse
Secuntialesse
Anne Starr
Ā
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
MBMeHealthCareSolutions
Ā
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
Karthikeyan Dhayalan
Ā
The Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
learfield
Ā
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
CMDLMS
Ā
Information security
Information security
Praveen Minz
Ā
Domain 2 - Asset Security
Domain 2 - Asset Security
Maganathin Veeraragaloo
Ā
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
NUS-ISS
Ā
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare Cloud
Hostway|HOSTING
Ā
)k
)k
Anne Starr
Ā
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
OnRamp
Ā
Sec4
Sec4
Anne Starr
Ā
Lesson 2
Lesson 2
MLG College of Learning, Inc
Ā
HIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician Practices
Cole Libby
Ā
The general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
Ā
You and HIPAA - Get the Facts
You and HIPAA - Get the Facts
resourceone
Ā
SECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
Ā
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
Ā
Lesson 2
Lesson 2
MLG College of Learning, Inc
Ā
What's hot
(20)
HIPAA omnibus rule update
HIPAA omnibus rule update
Ā
Secuntialesse
Secuntialesse
Ā
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Ā
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
Ā
The Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
Ā
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
Ā
Information security
Information security
Ā
Domain 2 - Asset Security
Domain 2 - Asset Security
Ā
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
Ā
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare Cloud
Ā
)k
)k
Ā
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Ā
Sec4
Sec4
Ā
Lesson 2
Lesson 2
Ā
HIPAA and Security Management for Physician Practices
HIPAA and Security Management for Physician Practices
Ā
The general data protection act overview
The general data protection act overview
Ā
You and HIPAA - Get the Facts
You and HIPAA - Get the Facts
Ā
SECURITY AND CONTROL
SECURITY AND CONTROL
Ā
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
Ā
Lesson 2
Lesson 2
Ā
Viewers also liked
Warhorse pride #123 april 18, 2013
Warhorse pride #123 april 18, 2013
warhorsepao
Ā
Warhorse pride vol 2 issue 12 20140606
Warhorse pride vol 2 issue 12 20140606
warhorsepao
Ā
Warhorse pride vol 2 issue 11 20140523
Warhorse pride vol 2 issue 11 20140523
warhorsepao
Ā
Kompetensi my presentation
Kompetensi my presentation
urusansaya
Ā
Definiciones BƔsicas de una Red LAN
Definiciones BƔsicas de una Red LAN
Daniel Valdez
Ā
Visionarios empresariales (Emprendimiento y gestiĆ³n empresarial)
Visionarios empresariales (Emprendimiento y gestiĆ³n empresarial)
CTeI Putumayo
Ā
Designing and teaching classroom behavioral expectations
Designing and teaching classroom behavioral expectations
UO_AcademicExtension
Ā
(CCNA, RHCE, CEH)
(CCNA, RHCE, CEH)
Anisur Rahman
Ā
Elastic search
Elastic search
BBVA Bancomer
Ā
Viewers also liked
(9)
Warhorse pride #123 april 18, 2013
Warhorse pride #123 april 18, 2013
Ā
Warhorse pride vol 2 issue 12 20140606
Warhorse pride vol 2 issue 12 20140606
Ā
Warhorse pride vol 2 issue 11 20140523
Warhorse pride vol 2 issue 11 20140523
Ā
Kompetensi my presentation
Kompetensi my presentation
Ā
Definiciones BƔsicas de una Red LAN
Definiciones BƔsicas de una Red LAN
Ā
Visionarios empresariales (Emprendimiento y gestiĆ³n empresarial)
Visionarios empresariales (Emprendimiento y gestiĆ³n empresarial)
Ā
Designing and teaching classroom behavioral expectations
Designing and teaching classroom behavioral expectations
Ā
(CCNA, RHCE, CEH)
(CCNA, RHCE, CEH)
Ā
Elastic search
Elastic search
Ā
Similar to Introduction to Health Informatics Ch11 power point
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
n|u - The Open Security Community
Ā
ISO / IEC 27001:2005 ā An Intorduction
ISO / IEC 27001:2005 ā An Intorduction
n|u - The Open Security Community
Ā
File000169
File000169
Desmond Devendran
Ā
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
Shreeveni
Ā
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
Ā
GDPR in practice
GDPR in practice
ZoneFox
Ā
Presentation topic Software Security.pptx
Presentation topic Software Security.pptx
rehanmughal18
Ā
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
PECB
Ā
Presentation2 (2)
Presentation2 (2)
ITNet
Ā
Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.ppt
DrBasemMohamedElomda
Ā
Intro.ppt
Intro.ppt
RamaNingaiah
Ā
crisc_wk_5.pptx
crisc_wk_5.pptx
dotco
Ā
insider threat research
insider threat research
Asma Al-maskaria
Ā
R.a 1
R.a 1
jenito21
Ā
Risk Assessment
Risk Assessment
jenito21
Ā
Security Organization/ Infrastructure
Security Organization/ Infrastructure
Priyank Hada
Ā
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
Kathirvel Ayyaswamy
Ā
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Armstrong Teasdale
Ā
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
centralohioissa
Ā
Human rehfghhfhhsources SECURITY DATA.pptx
Human rehfghhfhhsources SECURITY DATA.pptx
drluminajulier
Ā
Similar to Introduction to Health Informatics Ch11 power point
(20)
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Overview of ISO 27001 [null Bangalore] [Dec 2013 meet]
Ā
ISO / IEC 27001:2005 ā An Intorduction
ISO / IEC 27001:2005 ā An Intorduction
Ā
File000169
File000169
Ā
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
Ā
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Ā
GDPR in practice
GDPR in practice
Ā
Presentation topic Software Security.pptx
Presentation topic Software Security.pptx
Ā
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
Ā
Presentation2 (2)
Presentation2 (2)
Ā
Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.ppt
Ā
Intro.ppt
Intro.ppt
Ā
crisc_wk_5.pptx
crisc_wk_5.pptx
Ā
insider threat research
insider threat research
Ā
R.a 1
R.a 1
Ā
Risk Assessment
Risk Assessment
Ā
Security Organization/ Infrastructure
Security Organization/ Infrastructure
Ā
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
Ā
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Cyber Readiness in the Securities and Brokerage Industries Featuring Armstron...
Ā
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Ā
Human rehfghhfhhsources SECURITY DATA.pptx
Human rehfghhfhhsources SECURITY DATA.pptx
Ā
Recently uploaded
Sexy Call Girl Tiruvannamalai Arshi š9058824046š Tiruvannamalai Escort Service
Sexy Call Girl Tiruvannamalai Arshi š9058824046š Tiruvannamalai Escort Service
jaanseema653
Ā
(Big Boobs Indian Girls) š 9257276172 šHigh Profile Call Girls Jaipur You Can...
(Big Boobs Indian Girls) š 9257276172 šHigh Profile Call Girls Jaipur You Can...
Joya Singh
Ā
Independent Call Girls Service Chandigarh | 8868886958 | Call Girl Service Nu...
Independent Call Girls Service Chandigarh | 8868886958 | Call Girl Service Nu...
Sheetaleventcompany
Ā
Sexy Call Girl Palani Arshi š9058824046š Palani Escort Service
Sexy Call Girl Palani Arshi š9058824046š Palani Escort Service
jaanseema653
Ā
surat Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
surat Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh
Ā
ā¤ļøLudhiana Call Girls āļø98157-77685āļø Call Girl service in LudhianaāļøLudhiana...
ā¤ļøLudhiana Call Girls āļø98157-77685āļø Call Girl service in LudhianaāļøLudhiana...
dilpreetentertainmen
Ā
Sexy Call Girl Villupuram Arshi š9058824046š Villupuram Escort Service
Sexy Call Girl Villupuram Arshi š9058824046š Villupuram Escort Service
jaanseema653
Ā
Kolkata Call Girls Miss Inaaya ā¤ļø at @30% discount Everyday Call girl
Kolkata Call Girls Miss Inaaya ā¤ļø at @30% discount Everyday Call girl
only4webmaster01
Ā
Punjab Call Girls Contact Number +919053,900,678 Punjab Call Girls
Punjab Call Girls Contact Number +919053,900,678 Punjab Call Girls
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
Ā
Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024
Sheetaleventcompany
Ā
Call Girl in Indore 8827247818 {Low Price}š Nitya Indore Call Girls * ITRG...
Call Girl in Indore 8827247818 {Low Price}š Nitya Indore Call Girls * ITRG...
mahaiklolahd
Ā
Ludhiana Call Girls Service Just Call 6367187148 Top Class Call Girl Service ...
Ludhiana Call Girls Service Just Call 6367187148 Top Class Call Girl Service ...
Escorts In Kolkata
Ā
(Deeksha) š 9920725232 šHigh Profile Call Girls Navi Mumbai You Can Get The S...
(Deeksha) š 9920725232 šHigh Profile Call Girls Navi Mumbai You Can Get The S...
Ahmedabad Call Girls
Ā
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
Ā
Call Girls Service Mohali {7435815124} ā¤ļøVVIP PALAK Call Girl in Mohali Punjab
Call Girls Service Mohali {7435815124} ā¤ļøVVIP PALAK Call Girl in Mohali Punjab
Sheetaleventcompany
Ā
Indore Call Girl Service š9235973566šJust Call Inaayaš² Call Girls In Indore N...
Indore Call Girl Service š9235973566šJust Call Inaayaš² Call Girls In Indore N...
Sheetaleventcompany
Ā
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rupali Sharma
Ā
Kottayam Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
Kottayam Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh
Ā
9316020077šMajorda Beach Call Girls Numbers, Call Girls Whatsapp Numbers Ma...
9316020077šMajorda Beach Call Girls Numbers, Call Girls Whatsapp Numbers Ma...
Goa cutee sexy top girl
Ā
AECS Layout Escorts (Bangalore) 9352852248 Women seeking Men Real Service
AECS Layout Escorts (Bangalore) 9352852248 Women seeking Men Real Service
Ahmedabad Call Girls
Ā
Recently uploaded
(20)
Sexy Call Girl Tiruvannamalai Arshi š9058824046š Tiruvannamalai Escort Service
Sexy Call Girl Tiruvannamalai Arshi š9058824046š Tiruvannamalai Escort Service
Ā
(Big Boobs Indian Girls) š 9257276172 šHigh Profile Call Girls Jaipur You Can...
(Big Boobs Indian Girls) š 9257276172 šHigh Profile Call Girls Jaipur You Can...
Ā
Independent Call Girls Service Chandigarh | 8868886958 | Call Girl Service Nu...
Independent Call Girls Service Chandigarh | 8868886958 | Call Girl Service Nu...
Ā
Sexy Call Girl Palani Arshi š9058824046š Palani Escort Service
Sexy Call Girl Palani Arshi š9058824046š Palani Escort Service
Ā
surat Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
surat Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
Ā
ā¤ļøLudhiana Call Girls āļø98157-77685āļø Call Girl service in LudhianaāļøLudhiana...
ā¤ļøLudhiana Call Girls āļø98157-77685āļø Call Girl service in LudhianaāļøLudhiana...
Ā
Sexy Call Girl Villupuram Arshi š9058824046š Villupuram Escort Service
Sexy Call Girl Villupuram Arshi š9058824046š Villupuram Escort Service
Ā
Kolkata Call Girls Miss Inaaya ā¤ļø at @30% discount Everyday Call girl
Kolkata Call Girls Miss Inaaya ā¤ļø at @30% discount Everyday Call girl
Ā
Punjab Call Girls Contact Number +919053,900,678 Punjab Call Girls
Punjab Call Girls Contact Number +919053,900,678 Punjab Call Girls
Ā
Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024
Ā
Call Girl in Indore 8827247818 {Low Price}š Nitya Indore Call Girls * ITRG...
Call Girl in Indore 8827247818 {Low Price}š Nitya Indore Call Girls * ITRG...
Ā
Ludhiana Call Girls Service Just Call 6367187148 Top Class Call Girl Service ...
Ludhiana Call Girls Service Just Call 6367187148 Top Class Call Girl Service ...
Ā
(Deeksha) š 9920725232 šHigh Profile Call Girls Navi Mumbai You Can Get The S...
(Deeksha) š 9920725232 šHigh Profile Call Girls Navi Mumbai You Can Get The S...
Ā
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Ā
Call Girls Service Mohali {7435815124} ā¤ļøVVIP PALAK Call Girl in Mohali Punjab
Call Girls Service Mohali {7435815124} ā¤ļøVVIP PALAK Call Girl in Mohali Punjab
Ā
Indore Call Girl Service š9235973566šJust Call Inaayaš² Call Girls In Indore N...
Indore Call Girl Service š9235973566šJust Call Inaayaš² Call Girls In Indore N...
Ā
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Ā
Kottayam Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
Kottayam Call Girls š 6297143586 š Genuine WhatsApp Number for Real Meet
Ā
9316020077šMajorda Beach Call Girls Numbers, Call Girls Whatsapp Numbers Ma...
9316020077šMajorda Beach Call Girls Numbers, Call Girls Whatsapp Numbers Ma...
Ā
AECS Layout Escorts (Bangalore) 9352852248 Women seeking Men Real Service
AECS Layout Escorts (Bangalore) 9352852248 Women seeking Men Real Service
Ā
Introduction to Health Informatics Ch11 power point
1.
Ā© 2013Ā© 2013 Chapter
11 Security for Healthcare Informatics Introduction to Healthcare Informatics
2.
Ā© 2013 Objectives ā¢ Differentiate
between addressable and required implementation specifications ā¢ Describe what a security risk analysis entails ā¢ Differentiate between the concepts of vulnerabilities, risks, and threats ā¢ Provide examples of administrative, physical, and technical safeguards ā¢ Appreciate the foundational importance of confidentiality, integrity, and availability in regard to the HIPAA Security Rule
3.
Ā© 2013 Objectives ā¢ Articulate
the HIPAA Security Rule complaint and enforcement process ā¢ Identify the agencies responsible for HIPAA Security Rule enforcement ā¢ Describe civil and criminal penalties and the tiered penalty approach ā¢ Explain how HITECH modifies the HIPAA Security Rule ā¢ Define medical identity theft
4.
Ā© 2013 Objectives ā¢ Discuss
the potential impacts of medical identity theft on patients and other stakeholders ā¢ Describe the steps required for conducting a business impact analysis ā¢ Delineate the concerns, challenges, and potential solutions involved in preparing a full-fledged information and organizational disaster preparedness plan
5.
Ā© 2013 Types of
Standards ā¢ Flexible, scalable, technology-neutral solutions and alternatives ā¢ Implementation specifications o Requiredāmust be implemented as described in the regulation o Addressableāshould be implemented unless an organization determines the specification is not reasonable and appropriate. Organization must document assessment and decision
6.
Ā© 2013 Foundation ā¢ ePHIāelectronic
protected health information ā¢ Security incidentāthe attempted or successful unauthorized access, use, disclosure, modification, or destruction or interference with systems operations in an information system
7.
Ā© 2013 Security Risk
Analysis ā¢ Full evaluation of the methods, operational practices, and policies by the covered entity to secure ePHI ā¢ Structural framework to build HIPAA Security Plan ā¢ Required for Meaningful Use
8.
Ā© 2013 NIST Guidance
on Risk Analysis ā¢ Have you identified the ePHI within your organization? This includes ePHI that you create, receive, maintain or transmit. ā¢ What are the external sources of ePHI? For example, do vendors or consultants create, receive, maintain, or transmit ePHI? ā¢ What are the human, natural, and environmental threats to information systems that contain ePHI? (NIST SP 800- 66 2008)
9.
Ā© 2013 Vulnerabilities ā¢ An
inherent weakness or absence of a safeguard that can be exploited by a threat ā¢ Inappropriate protective methods o Technical ā¢ Firewalls, Virus blocker o Nontechnical ā¢ Policies and procedures
10.
Ā© 2013 Threat ā¢ The
potential for exploitation of a vulnerability or potential danger to a computer, network, or data ā¢ Naturalāstorms, earthquakes, etc. ā¢ Human o Intentionalāhacking o UnintentionalāForgetting to log off ā¢ Environmentalāpower failure
11.
Ā© 2013 Risks ā¢ The
probability of incurring injury or loss ā¢ Compare the probability to the potential impact
12.
Ā© 2013 Mandated Risk
Analysis Elements ā¢ Scope of the Risk Analysis ā¢ Data Collection ā¢ Identify and Document Potential Threats and Vulnerabilities ā¢ Assess Current Security Measures ā¢ Determine the Likelihood of Threat Occurrence ā¢ Determine the Potential Impact of Threat Occurrence ā¢ Determine the Level of Risk ā¢ Finalize Documentation ā¢ Periodic Review and Updates to the Risk Assessment
13.
Ā© 2013 Administrative Safeguard Standards ā¢
Policies and procedures o Manage the selection, development, implementation and maintenance of security measures to protect ePH o Manage the conduct of the covered entityās or business associateās workforce in relation to the protection of the information
14.
Ā© 2013 Security Management
Process StandardāRequired ā¢ Risk analysis ā¢ Risk management element o Communication of security processes o Leadership involvement with risk mitigation ā¢ Sanctions policyāhow noncompliance will be addressed ā¢ Information systems activity reviewā procedures for monitoring system use
15.
Ā© 2013 Security Officer ā¢
The official who is responsible for the development and implementation of the required Security Rule policies and procedures
16.
Ā© 2013 Workforce Security
Standardā Addressable ā¢ Authorization and supervisionā determining the level of access for each workforce member ā¢ Workforce clearance proceduresā determining that access to ePHI is appropriate ā¢ Termination proceduresāremoval of access privileges when employment ends
17.
Ā© 2013 Information Access
Management StandardāRequired and Addressable ā¢ Requiredāhealthcare clearinghouses must segregate their data from other activities ā¢ Addressable o Access authorizationāpolicies and procedures for granting access o Authorization and access establishment and modificationāpolicies and procedures to establish, document, review and modify a userās right of access
18.
Ā© 2013 Security Awareness
and Training StandardāAddressable ā¢ All existing workforce members must receive training and periodic training on updates o Security remindersāpop-up for log-off o Protection from malicious softwareā guidance for opening attachments o Log-in monitoringālockout after 3 unsuccessful log-in attempts o Password protectionācreation, changing and safeguarding passwords
19.
Ā© 2013 Security Incident
Procedures StandardāAddressable ā¢ Response and reportingāidentify and respond to suspected or known security incidents; mitigate the harmful effects; document security incidents and their outcomes
20.
Ā© 2013 Contingency Plan
Standardsā Required and Addressable ā¢ Data back-up plan o What data needs to be backed up from which sources ā¢ Disaster recovery plan o Procedures for the restoration of any loss of data ā¢ Emergency mode operation plan o Continuation of critical business processes while operating in emergency mode
21.
Ā© 2013 Contingency Plan
Standardsā Required and Addressable (continued) ā¢ Addressable o Testing and revision of required contingency plansāorganizational size and resources o Criticality analysis of applications and data ā¢ Balance recovery and management with the criticality of the system ā¢ Update when new systems added or changes made
22.
Ā© 2013 Evaluation StandardāRequired ā¢
Perform periodic evaluations, in response to environmental or operational changes, to determine whether security policies and procedures meet the requirements of the Security Rule
23.
Ā© 2013 Business Associate
Contracts and Other ArrangementsāRequired ā¢ Business associates must o Follow the Security Rule for ePHI. o Have business associate agreements with their subcontractors who must also follow the security rule for ePHI. Covered entities do not have business associate agreements with these subcontractors. o Obtain authorization prior to marketing
24.
Ā© 2013 Physical Safeguard
Standards ā¢ Physical measures, policies, and procedures to protect a covered entityās electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion
25.
Ā© 2013 Facility Access
Control StandardāAddressable ā¢ Contingency operationsāprocedures to restore lost data ā¢ Security planāsafeguard the facility and equipment from unauthorized physical access tampering and theft ā¢ Access control and validation proceduresābased on role ā¢ Maintenance recordsādocument repairs and modifications related to security
26.
Ā© 2013 Workstation Use
Standard ā¢ Includes onsite and offsite workstations ā¢ Policies and procedures for proper function ā¢ Surroundings of the workstation ā¢ Allowed accessāworkstation must be encrypted
27.
Ā© 2013 Workstation Security
Standard ā¢ Physical safeguards for all workstations that access ePHI to restrict access to authorized users ā¢ Policies and procedures for how workstations are used and protected
28.
Ā© 2013 Device and
Media Controls StandardāAddressable and Required ā¢ Disposalāmust be unreadable and unusable ā¢ Media reuseāinternal and external ā¢ Accountabilityāmovements of hardware and electronic media ā¢ Data back-up and storageācreate retrievable, exact copy
29.
Ā© 2013 Technical Safeguards
Standards ā¢ Increased opportunity also increases organizational risk ā¢ Technology and the policy and procedures for its use that protect electronic protected health information and control access to it
30.
Ā© 2013 Access Control
Standardā Required and Addressable ā¢ Allow access only to those persons or software programs with granted access rights ā¢ Unique user identification ā¢ Emergency access procedure ā¢ Automatic logoff ā¢ Encryption and decryption
31.
Ā© 2013 Audit Control
Standards ā¢ Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information ā¢ Track and record user activities to monitor intentional and unintentional actions
32.
Ā© 2013 Integrity StandardāAddressable ā¢
Protect ePHI from improper alteration or destruction ā¢ The extent to which healthcare data are complete, accurate, consistent, and timely ā¢ Ensure data are not improperly altered or destroyed
33.
Ā© 2013 Person or
Entity Authentication Standard ā¢ Verify that a person or entity seeking access to ePHI is the one claimed o Are users who they claim to be? o Methods ā¢ Passwords ā¢ Smart cards ā¢ Tokens ā¢ Fobs ā¢ Biometrics
34.
Ā© 2013 Transmission Security
Standardā Addressable ā¢ ePHI being transmitted over an electronic communications network MUST be secured ā¢ Integrity controlsāelectronically transmitted ePHI cannot be improperly modified ā¢ EncryptionāePHI must be encrypted whenever appropriate
35.
Ā© 2013 Confidentiality, Integrity
and Availability ā¢ ConfidentialityāePHI is accessible only by authorized people and processes ā¢ IntegrityāePHI is not altered or destroyed in an unauthorized manner ā¢ AvailabilityāePHI can be accessed as needed by authorized users
36.
Ā© 2013 Enforcement ā¢ Department
of Health and Human Services Office of Civil Rights (OCR) ā¢ Must investigate all reported violations and appropriately initiate investigations for cause in absence of a reported violation
37.
Ā© 2013 Civil Penalties ā¢
Fines or money damages to sanction violators ā¢ Prior to 2/18/2009 o Limit of $100 per violation o Limit of $25,000 for identical violations during a calendar year
38.
Ā© 2013 Civil Penalties,
continued ā¢ No more than $1,500,000 for identical violations each year in any situation ā¢ Inadvertent violation with reasonable diligence o Between $100 to $50,000 for each violation ā¢ Violation due to reasonable cause and not to willful neglect o Between $1,000 to $50,000 for each violation
39.
Ā© 2013 Civil Penalties,
continued ā¢ Violation due to willful neglect, corrected during 30-day period CE knew or would have known of the violation o Between $10,000 to $50,000 for each violation ā¢ Violation due to willful neglect and not corrected during 30-day period CE knew or would have known of the violation o $50,000 for each violation
40.
Ā© 2013 Criminal Penalties ā¢
OCR refers cases it determines to be of a criminal nature to the Department of Justice. OCR and DOJ cooperate to pursue possible violators. o Must knowingly commit a HIPAA violation o There HAVE been criminal convictions ā¢ Most complaints found to be not relevant
41.
Ā© 2013 Breach Notification ā¢
Finalized in 2013 ā¢ CEs and BAs MUST report breaches of unsecured PHI ā¢ Unsecured PHIāPHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology
42.
Ā© 2013 Breach Notification,
continued ā¢ Breachāthe acquisition, access, use or disclosure or protected health information in a manner not permittedā¦.which compromises the security or privacy of the PHI ā¢ Reporting requirement mandates o Notification of the individual whose information was breached o If more than 500 individuals, notify the media and the Secretary of HHS
43.
Ā© 2013 Breach Notification,
continued ā¢ Breach notification exception o CE or BA workforce unintentionally acquires, uses, or discloses PHI under the authority of the CE or BA o When authorized workforce member inadvertently discloses PHI to another authorized workforce member in the same CE or BA setting o CE or BA who made inadvertent disclosure has reason to believe the PHI recipient would not have been able to retain the information
44.
Ā© 2013 Risk Assessment ā¢
Assess potential risks and areas of vulnerability related to the security of the ePHI
45.
Ā© 2013 Medical Identity
Theft ā¢ The assumption of a personās name and/or other parts of his or her identity without the victimās knowledge or consent to obtain medical services or good, or ā¢ When someone uses the personās identity to obtain money by falsifying claims for medical services and falsifying medical records to support those claims
46.
Ā© 2013 Medical Identity
Theft Risks ā¢ Financial loss ā¢ Clinical risks if critical conditions, procedures, medications, allergies and other information are incorrectly omitted or included
47.
Ā© 2013 Cascading Effect
of Medical Identity Theft
48.
Ā© 2013 Red Flag
Rules ā¢ Issued by the Federal Trade Commission, Department of the Treasury, Federal Reserve System, Federal Deposit Insurance Corporation, and the National Credit Union Administration ā¢ Requires creditor and financial institutions to implement an Identity Theft Prevention Program.
49.
Ā© 2013 Red Flag
Rules, continued ā¢ Federal Trade Commission enforces the rules that apply to healthcare organizations ā¢ Red Flags: o Suspicious documentsādo they appear to have been altered? o Suspicious informationāaddresses do not match between ID and insurance o Suspicious behaviorsāconfused about type of insurance
50.
Ā© 2013 Identity Theft
Prevention Program ā¢ Identify Covered Accounts ā¢ Identify Relevant Red Flags ā¢ Detect Red Flags ā¢ Respond to Red Flags ā¢ Oversee the Program ā¢ Train Employees ā¢ Oversee Service Provider Arrangements ā¢ Approve the Identity Theft Prevention Program ā¢ Provide Reports and Periodic Updates
51.
Ā© 2013 Identity Theft
Operational Recommendations ā¢ Urge and education consumers to adopt preventive measures o Exercise caution when sharing personal information o Monitor EOB received from insurance o Maintain copies of healthcare records o Monitor credit reports for unexpected medical charges o Protect all health insurance and financial information
52.
Ā© 2013 Identity Theft
Operational Recommendations (continued) ā¢ Establish organizational methods to prevent and detect medical identity theft o Annual security risk analysis o Background checks when hiring o Patient ID verification processes o Minimize use of SSN o Policies and procedures to safeguard info o Create plan to handle suspicious activity o Ongoing staff training
53.
Ā© 2013 Identity Theft
Operational Recommendations (continued) ā¢ Data in the patient record o Policies and procedures to allow victims access to their patient records o Establish mechanisms to correct inaccurate information o Keep current with medical identity theft legislation and regulations o Provide victims with resources and tools for easier recovery
54.
Ā© 2013 Disaster Preparedness ā¢
Ensure protection of organizational information assets ā¢ Ensure information functions can continue when disasters occur
55.
Ā© 2013 Protecting Information
Assets ā¢ NIST Special Publication 800-34, Rev. 1, Contingency Planning Guide for Federal Information Systems ā¢ NIST Special Publication 800-30, Rev. 1, Guide for Conducting Risk Assessments ā¢ Business impact analysisāevaluate and prioritize all potential risks
56.
Ā© 2013 Business Impact
Analysis ā¢ Recovery Point Objectiveālength of time the organization can operate without an application ā¢ Recovery Time Objectiveāmaximum amount of time tolerable for data loss and capture
57.
Ā© 2013 Business Impact
Analysis (continued) 1. What are the minimal resources for operations? 2. What are the business recovery objectives and assumptions? 3. What is the order for restoration of services? 4. What would be the operational, financial, and reputational impact of loss of data?
58.
Ā© 2013 Information Security
Threat Analysis Backup Data Facilities ā¢ Hot Site ā¢ Warm Site ā¢ Code Site
59.
Ā© 2013 Disaster Planning ā¢
Organizations need to help their employees be prepared ā¢ Planning ā¢ Preparedness o Training o Testing ā¢ Response and Recovery
60.
Ā© 2013 Summary ā¢ Security
Risk Analysis is essential ā¢ Medical Identity Theft ā¢ Disaster Planning
Download now