Hipaa auditing in cloud computing enviromentParshant Tyagi
The rise of cloud computing has been driven by the benefits, the cheapest purveyor of application hosting, storage, infrastructure, huge cost savings with low initial investment, elasticity and scalability, ease of adoption, operational efficiency, on-demand resources. With all the security and Privacy Laws in the Health Care field today anyone that works with confidential information should know how to protect that information. The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare data. Governance, compliance and auditing are becoming as important pedagogical subjects as long established financial auditing and financial control. Designing sound IT governance, compliance, and auditing is a challenging task. This Thesis elaborates the concept of HIPAA compliance in cloud computing by taking a look at the history and dynamics and how Cloud computing changes the astir of certain parts of HIPAA Security requirements. We briefly describe the cyber warfare as a premise to enforce the reasons for complying with government regulations for information systems. The purpose of this Thesis is to explain the importance of HIPAA and research what it takes for Healthcare data to be HIPAA Compliant. Also, explaining what is expected of Healthcare industries if there is an audit and how does HIPAA Auditing play a big part in HIPAA compliance. The Cloud is a platform where all users not only store their data but also used the services and software provided by Cloud Service Provider (CSP). As we know the service provided by the cloud is very economical due to which the user pay only for what he used. This is a platform where data owner remotely store their data in the cloud to enjoy the high quality services and applications. The user can access the data, store the data and use the data. In a Corporate world there are large number of client who accessing their data and modifying a data. To manage this data we use third party auditor (TPA), that will check the reliability of data but it increases the data integrity risk of data owner. Since TPA not only read the data but also he can modify the data, therefore a novel approach should be provided who solved this problem. We first examine the problem and new potential security scheme used to solve this problem. Our algorithm encrypt the content of file at user level which ensure the data owner and client that there data are intact.
Hipaa auditing in cloud computing enviromentParshant Tyagi
The rise of cloud computing has been driven by the benefits, the cheapest purveyor of application hosting, storage, infrastructure, huge cost savings with low initial investment, elasticity and scalability, ease of adoption, operational efficiency, on-demand resources. With all the security and Privacy Laws in the Health Care field today anyone that works with confidential information should know how to protect that information. The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare data. Governance, compliance and auditing are becoming as important pedagogical subjects as long established financial auditing and financial control. Designing sound IT governance, compliance, and auditing is a challenging task. This Thesis elaborates the concept of HIPAA compliance in cloud computing by taking a look at the history and dynamics and how Cloud computing changes the astir of certain parts of HIPAA Security requirements. We briefly describe the cyber warfare as a premise to enforce the reasons for complying with government regulations for information systems. The purpose of this Thesis is to explain the importance of HIPAA and research what it takes for Healthcare data to be HIPAA Compliant. Also, explaining what is expected of Healthcare industries if there is an audit and how does HIPAA Auditing play a big part in HIPAA compliance. The Cloud is a platform where all users not only store their data but also used the services and software provided by Cloud Service Provider (CSP). As we know the service provided by the cloud is very economical due to which the user pay only for what he used. This is a platform where data owner remotely store their data in the cloud to enjoy the high quality services and applications. The user can access the data, store the data and use the data. In a Corporate world there are large number of client who accessing their data and modifying a data. To manage this data we use third party auditor (TPA), that will check the reliability of data but it increases the data integrity risk of data owner. Since TPA not only read the data but also he can modify the data, therefore a novel approach should be provided who solved this problem. We first examine the problem and new potential security scheme used to solve this problem. Our algorithm encrypt the content of file at user level which ensure the data owner and client that there data are intact.
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
These customers are front-runners in different industries, but all five were united by a need to rethink IAM. For large organizations with millions of customers, the stakes are simply too high to ignore the demands of the modern IT environment.
Baldwin Hackett & Meeks, Inc.: Creators of Enterprise Class Business Softwaredonnablum
As a primary software specialist, BHMI not only provides software development services but also a comprehensive set of consulting, design, engineering, development and support services that can help shape the future direction of any company's application infrastructure and technical landscape. Whether it involves a new idea to pursue, a new solution to design, an existing application to modify, a piece of software to migrate, a web site to create, or a completely new application to build, BHMI has the in-house personnel, application infrastructure and technology to make it succeed. For more information on BHMI, please visit www.bhmi.com.
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
These customers are front-runners in different industries, but all five were united by a need to rethink IAM. For large organizations with millions of customers, the stakes are simply too high to ignore the demands of the modern IT environment.
Baldwin Hackett & Meeks, Inc.: Creators of Enterprise Class Business Softwaredonnablum
As a primary software specialist, BHMI not only provides software development services but also a comprehensive set of consulting, design, engineering, development and support services that can help shape the future direction of any company's application infrastructure and technical landscape. Whether it involves a new idea to pursue, a new solution to design, an existing application to modify, a piece of software to migrate, a web site to create, or a completely new application to build, BHMI has the in-house personnel, application infrastructure and technology to make it succeed. For more information on BHMI, please visit www.bhmi.com.
Visionary business systems architect, designer & developer solves complex problems. Maximizes ROI by implementing technology-driven solutions. World-renowned as a Security Information & Event Management (SIEM) authority.
Horizon Case Study - Leveraging the Web and Mobile to Deliver Personalized He...Prolifics
Healthcare reform is here, and it's important to react to these changes in the marketplace. In this session, we will discuss Horizon and how they are leveraging the IBM Exceptional Web Experience platform to provide customers a rich user experience with highly personalized and tailored content. Internally, they have empowered their business users to seamlessly and quickly reach their customer base with a content management system that eliminates dependencies on IT resources. We'll also discuss Horizon's future plans to incorporate commerce, social networking and mobile into the mix - all in their efforts to provide an exceptional, collaborative marketplace at the forefront of Healthcare.
Health IT Summit Beverly Hills 2014 – “A Use Case…Thoughts on How to Leverage your Technology and The Cloud” with Raymond Lowe, Senior Director, Information Technology, Dignity Health
EMC Perspective: What Customers Seek from Cloud Services ProvidersEMC
This EMC Perspective elaborates on how service providers can capitalize on the fast-growing cloud services market by being responsive to customers' goals, concerns, and performance and support requirements.
Overview of major factors in big data, analytics and data science. Illustrates the growing changes from data capture and the way it is changing business beyond technology industries.
1. DirectorySmart and Microsoft’s
Active Directory:
A Complete eBusiness Solution
OpenNetworkTechnologies®
13577 Feather Sound Dr.
Suite 390
Clearwater, FL 33762
727.561.9500
www.opennetwork.com
EnhancedSecurityWebAccessControland
PortalServicesRole-BasedPolicyManagement
DelegatedAuthorityMeasurementandAnalysis
WebSingleSign-onFine-GrainAccessControl
C A S E S T U DY: A N T H E M B LU E C R O S S B LU E S H I E L D
2. Enterprise Directory
Initiative
TECHNICAL GOALS:
• Universal directory
service repository
• Streamline and simplify
user management
• Secure user
authentication
DirectorySmart and Microsoft’s Active Directory: A Complete eBusiness
Solution
Case Study: Anthem Blue Cross Blue Shield
* Enhanced Security
* Web Access Control and Portal Services
* Role-Based Policy Management
* Delegated Authority
* Measurement and Analysis
* Web Single Sign-on
* Fine-Grain Access Control
OVERVIEW
Anthem Blue Cross Blue Shield, one of the largest health benefits compa-
nies in the country, was seeking to attain their eBusiness goals within an
increasingly complex business environment.
Internally referred to as their “Enterprise Directory Initiative”, Anthem key
eBusiness objective was to implement a reusable services and security
infrastructure that would centralize user management, provide solid secu-
rity and user-friendly data access and offer a solution for rolling out multi-
ple web services in a secure environment.
They determined that this would require a state-of-the-art secure eBusiness
infrastructure and that the infrastructure would need to meet their internal
business and technical requirements in
addition to the increasingly demanding government regulations for informa-
tion security in the healthcare marketplace.
This case study provides a brief overview of the company, their high level
business and technical goals, the key challenges they were facing, and then
describes how the combination of Microsoft
Active Directory and OpenNetwork’s DirectorySmart created a powerful
access control and delegated authority solution for Anthem and provided
Anthem Case Study 2
Anthem insures
7 million individuals
across 8 states.
3. Anthem Case Study 3
the full secure eBusiness infrastructure
solution they required.
Additional information is available via www.opennetwork.com or by email-
ing info@opennetwork.com.
THE CLIENT
Anthem brings health benefits and related services to millions of Ameri-
cans. As one of the largest health benefits companies in the United States,
Anthem Blue Cross Blue Shield offers residents of Indiana, Kentucky, Ohio,
Connecticut, New Hampshire, Colorado, Nevada and Maine quality health
plans.
The company, known today as Anthem, began as Blue Cross of Indiana and
Blue Shield of Indiana in 1944 and 1946. Anthem began its journey toward
becoming a competitive, national organization in 1993, when it merged with
the Blue Cross and Blue Shield Plan in Kentucky. In 1995, Anthem signifi-
cantly expanded its Midwest operations when it merged with Community
Mutual, a Blue Cross Blue Shield Plan in Ohio. They expanded beyond the
Midwest in 1997 when thry merged with Blue Cross Blue Shield of Con-
necticut and formed Anthem East, which also services non-Blue Cross
Blue Shield customers in the New York City metropolitan area.
Anthem expanded its presence in New England with the acquisition of Blue
Cross Blue Shield of New Hampshire and its subsidiary, Matthew Thornton
Health Plan, in October 1999 and the acquisition of Blue Cross Blue Shield
of Maine in June 2000. Also in October of 1999 Anthem created a West
region by acquiring Blue Cross Blue Shield of Colorado and Nevada.
The regional Anthem Blue Cross and Blue Shield business units collec-
tively cover more than seven million members. In addition to the Blue
Cross and Blue Shield health plans in eight states, Anthem also has sub-
sidiaries that offer a full line of complementary services.
THE GOAL
eBusiness Goals
* Implement Uniform eBusiness Practices: Anthem and its subsidiaries had
the size, scope and talent to be among the most successful health care
benefits organizations at both a regional and national level. However, their
rapid growth created disparate users among many different systems. It was
therefore imperative that uniform eBusiness practices be implemented to
enhance administrative efficiency, permit continued growth and maintain
Anthem as a strong force within the industry.
* Scale To Large Numbers of Users Efficiently: As an insurance company,
Anthem’s business partners include hospitals, doctors, pharmacies and
other providers. As such, the organization’s eBusiness transactions would
4. Anthem Case Study 4
be dealing with several separate organizations along with the thousands
of people associated with them. Thus, it was mandatory that they have a
system that could handle thousands of users efficiently.
* Create a Secure eBusiness Environment: The Health Insurance Portability
and Accountability Act of 1996 (HIPAA), which is being called the “Y2K of
healthcare,” establishes government-mandated standards for electronic
healthcare transactions and mandates practices for privacy and security
of electronic patient data. The U.S. Department of Health and Human Ser-
vices has developed and will enforce standards related to data security in
all electronic healthcare transactions. Healthcare organizations must find
ways to become HIPAA compliant within the next 26 months or face stiff
penalties, so creating a secure eBusiness environment was crucial for
Anthem.
Technical Goals
* Create a Universal Directory-Service Repository: The first step in estab-
lishing a secure eBusiness environment would involve migrating all of
Anthem’s internal and external system users into one directory using
Active Directory while transitioning to Windows 2000. This would create a
universal directory-service repository that would centralize user manage-
ment, provide extranet management and access-control system, and imple-
ment a reusable services infrastructure.
* Streamline and Simplify User Management:: in order to establish the high-
est level of efficiency, it would be necessary to provide the system with the
abilities to securely add, delete, modify and import online user information
into the directory through an easy-to-use, intuitive, web based interface.
Anthem also must be able to perform these functions internally by desig-
nating them to information technology, customer support or other employ-
ees.
* Secure User Authentication and Separate Network Passwords: The issue
of security was vital to Anthem due to HIPAA regulations and the need
to protect patients’ privacy. The ultimate system solution must be imple-
mented that authenticates users signing on to corporate web applications,
and grants them access based on their entitlements. Further, separate
internal and external network and Web application passwords must be
established to ensure unauthorized users are not able tot enter the compa-
ny’s internal network system.
THE CHALLENGES
Anthem’s aim was to continue their long-term commitment to the Windows
operating system while deploying a high level of eBusiness functionality.
They needed features including security authentication, role delegation and
role-based administration. Several data repositories existed as a result of
the company’s continued growth, thereby creating disparate users among
many different systems. Anthem’s NT network operating system presented
certain constraints on password and user attributes, authentication and
user scalability. These combined factors had caused user management
to become time consuming, security implementation complex and data
Challenges
• Disparate data
repositories
• Constraints on password
and user attributes
• Time consuming user
management
• Complexity
5. Anthem Case Study 5
access impractical.
THE SOLUTION
In order for Anthem to remain on a Microsoft Network supported strategy
and reach their eBusiness objectives, several steps had to be taken. These
steps involved leveraging Anthem’s native network operating system,
Windows 2000, and infrastructure directory, Active Directory, into a single
information repository. Subsequently, as a directory-based security infra-
structure, DirectorySmart would enable the streamlining of complex rela-
tionships, consolidate user and policy management, and securely extend
access to applications and resources to diverse customers and partners.
Creating the centralized data repository Anthem needed required migrat-
ing all existing NT users-both internal and external-into Active Directory.
This migration, in conjunction with DirectorySmart, provided Anthem with
an extranet management and access-control system that runs on top of
Active Directory. Through the LDAP interface DirectorySmart presented
on top of the Active Directory repository, the crucial security requirements
the system demanded were met and fully supported the desired password
attributes. Further, by coupling DirectorySmart and Active Directory while
utilizing Microsoft’s SDK , Windows 2000’s secure authentication pass-
word scheme was retained. Thus, a hybrid of Active Directory and Direc-
torySmart was created that offered Anthem the high-level security they
sought.
Overall, DirectorySmart security software complimented Active Directory
and provided Anthem with a complete eBusiness security solution through
the following features:
* Enhanced Security
DirectorySmart’s enhanced security options ensure the maximum effective-
ness for the secure infrastructure. DirectorySmart’s security audit feature
logs and reports on all requests to protected resources, and all directory
modifications made using the DirectorySmart system. The security alert
feature allows Administrators to configure a threshold for failed login
attempts that immediately alert IT or security personnel if breached. End-to-
end support of industry standard SSL encrypts all communication with the
directory.
* Role-Based Policy Management
At the heart of DirectorySmart is role-based policy management. Roles may
include administrative capabilities such as Super Administrator, Delegated
Administrator and End User. Roles may also have a business context such
as customer support representative or agent. Individual users are easily
assigned to one or more roles and are subsequently managed and given
6. Anthem Case Study 6
access to specifically designated Web services.
* Delegated Authority
One of the most powerful DirectorySmart capabilities is that it allows a
delegated administrator to securely create, modify and change an orga-
nization’s individual user information. The enhanced delegated authority
feature allows companies to delegate user management out to the lowest
logical level, decreasing the centralized management burden of user roles
and profiles. This feature provides tremendous cost savings and a greater
level of customer service for companies using DirectorySmart.
* Web Access Control and Portal Services
By keeping track of user profiles, roles and information entitlements,
DirectorySmart ensures that users are authenticated and authorized before
allowing access to specific Web services. DirectorySmart can leverage this
information to create a personalized “portal” or view of corporate Internet
services based on an individual user’s organization and role profile.
* Web Single Sign-On
DirectorySmart handles security for multiple domains within an enterprise
or between an enterprise and its partners. DirectorySmart allows users to
sign on once for access to multiple Web services for which they are autho-
rized, even if these services are located on multiple domains.
* Fine Grain Access Control
DirectorySmart provides the infrastructure to manage access control
within a Web service. This feature enables companies to implement secu-
rity within their Web applications through simple API calls to the Directo-
rySmart secure infrastructure, thereby enhancing their ability to rapidly
bring applications to the Web in a secure environment.
* Measurement and Analysis
DirectorySmart provides activity and usage measurement and analysis
that can be analyzed by organization, individual and Web service. Through
these reports, DirectorySmart provides enterprises with the ability to adapt
their Internet services and marketing strategies.
THE RESULTS
By leveraging Active Directory and the DirectorySmart eBusiness security
infrastructure Anthem was able to create a universal data repository. This
enabled them to develop a secure infrastructure for corporate Internet ser-
vices and Web applications across the enterprise. Coordination with busi-
ness partners and key customers was streamlined and scaled to handle
thousands of users. Further, obstacles concerning security and compliance
with HIPAA regulations were overcome and the emphasis placed on the
reuse of existing systems kept duplication to a minimum.
Thus, the complete, secure eBusiness solution Anthem was seeking was
achieved through the combination of Active Directory and Directory Smart.
7. Anthem Case Study 7
Their secure eBusiness infrastructure includes such high-level benefits as:
* Lowest Cost of Ownership: Anthem was able to leverage their investment
of Windows 2000 and Active Directory through DirectorySmart’s unique
architecture, the ease of use of the software and by the efficient processes
supported by the system. Its server plug-in based architecture for Web
access control means that it does not require additional platforms for
policy enforcement. Support costs are minimized through DirectorySmart’s
user-friendly delegated user management capabilities, which allow an
enterprise to cost effectively scale to support millions of users.
* Fastest Deployment Time: DirectorySmart installs efficiently and provides
and provides Anthem with reusable security infrastructure components.
These components include Web access control plug-ins that can directly
leverage the established security infrastructure and thus speed the deploy-
ment of Web applications.
* eBusiness Scalability: As Anthem’s business continues to grow Directo-
rySmart can scale with them to support millions of users. The system is
designed for the largest and most complex of computing environments.
* Fully Integrated Security Infrastructure: DirectorySmart’s secure eBusi-
ness infrastructure possesses the unique ability to model complex busi-
ness relationships easily and securely, and offers the most comprehensive
solution for access control in the marketplace. Key components include
authentication, authorization, and should Anthem choose to implement PKI,
the system will support any X.509 compliant PKI certificate.
* Directory-Based Security Infrastructure: DirectorySmart leverages and
builds upon Active Directory’s native capabilities as a central repository for
security policies and takes advantage of the native characteristics of LDAP,
which include high performance, availability and enhanced scalability. This
allows a company to maximize the benefit of their investment in directory
technology.
ACTIVE DIRECTORY AND DIRECTORYSMART: A COMPLETE eBUSINESS
SECURITY INFRASTRUCTURE
The key element for success in this case was the centralization of the com-
pany’s directories and the synchronization of Active Directory and Directo-
rySmart to provide Anthem a secure, comprehensive solution. Active Direc-
tory is at the core of the Windows 2000 operating system that will dominate
computer environments in the workplace. Existing Microsoft customers
will look to Active Directory as the first step in creating a Web-based direc-
tory-services model. By implementing DirectorySmart secure software,
enterprises simultaneously leverage their investment in Windows 2000 and
Active Directory, thereby attaining a leading-edge secure eBusiness infra-
structure.
DirectorySmart’s secure features-particularly delegated authority, role-
based administration and security authentication-enhance the use of Active
Directory and offer businesses a complete, cost-effective secure solution
for attaining their eBusiness goals. Working hand-in-hand with Microsoft
developers, the DirectorySmart team established their product as the first
secure eBusiness infrastructure compliant with Active Directory, simulta-