We know the healthcare environment where security in not optional. We know the common risks associated with healthcare; Emerging technology, Data and information , explosion , Wireless world, Care continuum, Patients expect , privacy, and Compliance fatigue. We address the three main components of Risk Management: People, Process and Tools. Our process ensure the compliance with HIPAA.

1. RISK MANAGEMENT PROCESS For Healthcare
Organizations
1

2. 2
Operating Snapshot
Starting this year, providers
can be fined up to $1.5
million for a HIPAA violation
• Security is Not Optional
Number of volunteers and
3rd party personals
supporting hospitals is just
too large that it is generally
impossible to manually
control access
• Large Number of Temporary Workers
Clinicians are often
overworked and intuitively
bring tools to help improve
productivity
• Consumer Devices need to be Secured
Hospitals tend to rely on
multitudes of applications,
often hosted and managed
by 3rd party vendors
• Need to Adapt and Federate
Patient care is of utmost
importance and hence the
access to patient data must
be available in case of
emergencies
• Break Glass Functionality
Clinicians on the floor
typically share computers
and (most often password)
• Quick switching
We Know the Healthcare Environment

3. 3
Common Risks
Data and Information Explosion
 Data volumes are doubling every 18 months.
 Storage, security, and discovery around information
context is becoming increasingly important.
Care Continuum
 The chain is only as strong as the weakest link.
Partners need to shoulder their fair share of the
load for compliance and the responsibility for
failure.
Patients Expect Privacy
 An assumption or expectation now exists to
integrate security into the infrastructure, processes
and applications to maintain privacy.
Compliance fatigue
 Organizations are trying to maintain a balance
between investing in both the security and
compliance postures.
Emerging Technology
 Virtualization and cloud computing increase
infrastructure complexity.
 Web 2.0 and SOA style composite applications introduce
new challenges with the applications being a vulnerable
point for breaches and attack.
Wireless World
 Mobile platforms are developing as new means of
identification.
 Security technology is many years behind the security
used to protect PCs.

4. Risk ManagementPeople
• Drug Testing
• Background Testing
• NDAs
• HIPAA Compliance
Training
Process
• Identify what needs to
be audited and
controlled
• Define Who needs
Access to What
• Establish auditing and
control processes
Tools
• Restricted physical
access
• Restricted equipment
access
• Restricted network
access
• Restricted data access
• Email & Web
Monitoring

5. People- Onboarding Checklist
 Calance employees sign Non-Disclose Agreements
with specific to the client.
 Every employee signs a “ Work for Hire” contract
for the client transferring the intellectual property
to the client.
 Background checks and drug testing
 All Calance employees, in Healthcare COE,
have to go through background checks and 10
panel drug testing.
 Calance HR maintains a chain of custody for
all records
 Customers are provided a copy of the reports,
if needed
Onboarding Process

6. People-Training
Compliance Training
 Calance uses an in-house LMS for training
and skills assessment
 Every employee is required to complete
mandatory HIPAA Compliance and Privacy
training*
 At the end of the training, the employees
are prompted for test scenarios
 HIPAA compliance training can be
scheduled periodically, based on client
needs * Training material sourced from certified trainers or based
on client requirements
http://www.hhs.gov/ocr/privacy/hipaa/understanding/trai
ning/
Training

7. Tools- Restricted Office Space
Calance can create physical separation of staff in Gurgoan (India) and Buena
Park, CA offices
 Restricted office space uses bio-metric scanners and RFID cards
 Access to the restricted floor requires a PIN, changed periodically
 Single on-boarding and off-boarding process, shared with the client
 Data Center access requires additional approvals from System Engineering
and a VP

8. Tools- Network and Equipment
Network and Equipment Access
 Healthcare clients are cordoned in their own subnet
 Point -to-point encryption between client network and
Calance
 Encrypted Hard Disks and/or Bitlocker
 All computers utilize client specific software images
 No admin access to install personal software
 No access to USB ports
 No backup devices are allowed on the restricted floor
 Use two factor authentication for access the network
Equipment
& Access Control

9. TECHNOLOGY AND AUDITING
9
Process Overview

10. Administration & Auditing
Administration and Auditing
 Calance has a 24x7 NOC in Buena Park, CA, monitoring
infrastructure hosted in our data center, client
locations, co-location facilities and public cloud
 Systems Engineering works with the compliance and
security architects to create Role Based Access
 Besides typical monitoring, Calance NOC can audit
emails and web traffic for any policy violations
Federated Cloud Security Solutions
 Calance employees are certified in architecting and
setting-up enterprise systems on Amazon EC2 and
Microsoft Azure*
*See HIPAA Compliant Hybrid Cloud Service Offering

11. Technology Partnerships
 We have established strategic
partnerships with the industry
leaders for Identify & Access
Management solutions in the
Healthcare industry
 Calance has deployed custom
solutions at reputed Healthcare
organizations using these tools

12. Process- Audit and Process Improvements
 Calance employs an independent agency for yearly
audit of security procedures
 Current Certifications
Continuous
Improvement
CMM Level 5 and ISO 9001: 2008 Certified
for quality and project management
processes.
SSAE 16 Type II certified datacenter, help
desk, application & desktop support.

13. CONTACT US
Calance Healthcare Group
2018, 156th Ave NE
Suite 100
Bellevue, WA 98007
Gaurav Garg
Vice President
ggarg@calance.com
Tel: 425-605-0716
Cell: 818-620-0329
13
www.calance.com
info@calance.com
866-736-5500 (Toll-Free)
Healthcare page:
www.calanceus.com/solutions/healthcare/