SlideShare a Scribd company logo

Healthcare CyberSecurity Update: Ensuring HIPAA Compliance with Cloud Services | eFax Corporate

eFax Corporate®
eFax Corporate®

eFax Corporate is the world's leading online faxing service which lets your business fax online by email securely and cost-effectively. Healthcare covered entities and their Business Associates now need to prepare for two threats; the growing threat of cyber-attacks, and the ramp-up of the HIPAA Compliance Phase 2 Audits by the Office of Civil Rights of the Department of Health & Human Services (OCR-HHS). Healthcare Business Associates in particular need to be aware that the program to extend the audit program to BAs got underway in the fall of 2016. The fact is, healthcare is a prize target of cyber-criminals. No one is immune from this threat. And the government is taking the threat to the privacy and security of patient information very seriously. Any provider who does not make all reasonable efforts to protect confidential patient information could find themselves the subject of an audit investigation. Those that have assumed that traditional methods such as fax were a safe way to communicate protected healthcare information (PHI) may be in for a surprise, because the OCR receives numerous complaints about breaches of privacy involving traditional fax processes. And sending patient information over unsecure email is a clear violation of HIPAA privacy and security regulations. The latest updates on the HHS-OCR HIPAA Compliance Audit Program Practical strategies, tips and techniques for implementing the HIPAA Security Rule Whether or not cloud services really compliant, plus the latest guidance from HHS The difference between TLS and SSL Encryption and why you should care The surprising things the OCR regulators had to say about Fax How to ensure HIPAA-compliant faxing with eFax Corporate Contact eFax Corporate Today to Learn More https://enterprise.efax.com/ or Call (888) 532-9265

Healthcare
1 of 33
Download to read offline
Webinar & Live Q&A Healthcare CyberSecurity Update: EnsuringHIPAACompliancewithCloud Services
2 Brad Spannbauer Senior Director, Product Development HIPAA Privacy Officer eFax Corporate® David Hold Senior Product Marketing Manager eFax Corporate® Your Speakers
3 Agenda 1 Present State of Healthcare Cybersecurity: The latest stats on data breaches and HIPAA Violations 2 HHS-OCR Audit Program & Enforcement Actions 3 Cloud Service Providers and HIPAA Compliance 4 Cyber hacking, Data Breaches and Ransomware 5 HIPAA standard on encryption and integrity strategies, tips and techniques Common compliance and security pitfalls – 8 places your ePHI might be hiding 6 How Cloud Faxing is more secure AND compliant7
4 The information provided in this presentation does not constitute, and is no substitute for, legal or other professional advice. We strongly encourage you to consult your own legal or other professional advisors for individualized guidance regarding the application of the law to your particular situations, and in connection with any compliance-related concerns.
5 Source: Healthcare Is Under Attack! Healthcare is in the Cross-hairs of the Cyber-criminals • PHI commands 10-20 times value of credit card data • Credit cards can be easily cancelled, numbers changed • Personal health records are more or less permanent
6 Dept. of Health & Human Services Office of Civil Rights: 144,662 Complaints -- 97% resolved 24,617 cases (17%) corrective action 1688 large breaches >500 records 41 cases settled – $48.7 million 589 Criminal Referrals to DoJ Identity Theft Resource Center 2016 Data Breach Summary Healthcare Industry 376 Data Breaches 34.4% of Total 16 million PHI records affected 43.6% of Total Healthcare CyberSecurity & Compliance Stats Enforcement is ramping up! Record Number Of Settlements and Corrective Action Plans Source:
7 OCR Audit Program Update “We can open a compliance review for any reason whatsoever.” Deven McGraw, Deputy Director, Health Information Privacy, HHS Office for Civil Rights • Phase 2 of the HIPAAAudit Program began in 2nd half 2016 • Business Associates are now included in audits • New Guidance -- Cloud Service Providers are BAs • If Audited, must document applicable policies, procedures, and evidence of implementation Source:
8 $5.55M Advocate Health Care No company is too big or too small to escape… $2.75M University of Miss. Medical Center $25K Complete P.T. Physical Therapy Source:
9 $2.1M St. Joseph’s Health System Lessons Learned $2.7M Oregon State University Health Services $650K Catholic Health Care of Philadelphia Source:
10 Source: Cloud Service Provider Compliance Q. When is a CSP a BA? A. When it “creates, receives, maintains or transmits ePHI, for, or on behalf of, a CE or BA” 1. Cloud Service Providers (CSPs) that do any of the above are Business Associates (BAs) and need to comply with applicable HIPAA regulations. 2. When a CSP stores and/or processes ePHI for a CE or BA, that CSP is a BA and needs to sign a Business AssociateAgreement. 3. CSPs are not ‘conduits’ if they store ePHI on more than a temporary basis.
11 Source: Sources of Data Breaches Large data breaches affecting more than >500 individuals 2009 – 2016: Theft 45% Unauthorized Access/Disclos ure 25% Hacking 13% Loss 8% Other 6% Improper disposal 3%
12 Cyber Hacking Risks - Ransomware Ransomware emerged as a major threat in 2016 Questions – • Is a ransomware attack same as a data breach? • Does it trigger the reporting requirement? • What is the probability ePHI was compromised?
13 $221 Patients were affected in 2016 Cyber Hacking Risks 49% Of organizations were victims of data breaches in 2016 1 in 3 Average cost of breached data record in 2016 Source:
14 A Data Breach can have substantial consequences to revenues, customers, reputation Economic Consequences of Data Breach 42% lost 20% or more opportunities 38% lost 20% or more customers 39% lost 20% or more revenues 49% had to manage public scrutiny following a breach Source:
15 Mobile Devices 58%* Data in Public Cloud 57%* Cloud Infrastructure 57%* User Behavior 57%* Security Pros -- Top 4 Cybersecurity Concerns Source:*Percentage of Security Professionals Who Find the Categories Very or Extremely Challenging
16 Organized Cyber-criminals Well-meaning Insider Malicious Insider Foreign Orgs. & Govts. The Human Factor Source:
17 Compliance is necessary but not sufficient to protect ePHI Compliance Alone is Not Enough Regulations will always be many steps behind the latest threat
18 The HIPAA Standard: Source: 45 CFR 164.306: • Ensure ePHI confidentiality • Protect from reasonably anticipated threats • Use any security measures that comply Security Standards: Encryption and Integrity of ePHI Transmissions TIP: Treat Addressable Standards as Required
19 Source: 1. Encryption and decryption -- 45 CFR § 164.312(a)(2)(iv) 2. Integrity controls -- 45 CFR § 164.312(e)(2)(i) 2 Secure-Transmission Requirements: Encryption and Integrity ePHI Encryption: The covered entity must: “Implement a mechanism to encrypt and decrypt electronic protected health information.” 1 ePHI Integrity: The covered entity must: “Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.” 2 HIPAA’s Demand for Encryption and Integrity
20 So, is Encryption Required under HIPAA? Required? No, but… “Although encryption is an addressable issue, encryption remains the Gold Standard for protection of ePHI.” Jocelyn Samuels, Director, Office for Civil Rights Department of Health & Human Services Source:
21 What’s Considered a “Secure” ePHI Transmission? Federal agencies generally follow the encryption standards set forth by The National Institute of Standards & Technology
22 encryption standards for ePHI in motion… TLS TLS 1.2 encryption What’s Considered a “Secure” ePHI Transmission? Source:
23 encryption standards for ePHI at rest… AES 256-bit encryptionAES What’s Considered a “Secure” ePHI Transmission? Source:
24 The HIPAA Security Rule: 45 CFR 164.308(a)(1)(ii)(A): • Conduct accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by the organization (Required) Administrative Safeguards: SOURCE: 45 CFR 164.308(a)(1)(i): • Security Management Process: Implement policies and procedures to Prevent, Detect, Contain and Correct Security Violations (Required) • See Also: 164.312(e)(2)(ii)(B)
25 Fax Transmissions (fax machine or fax servers) Desktop Virtualization Roaming desktop/SSO Secure fax by email (with TLS encryption) BYOD (text, email, file sharing apps) Paper Voice Health Information Exchange EHRs (e.g., Cerner, Athena Health) Email (via corporate network or personal email client) @ How Do Businesses Access and Disclose ePHI?
26 8 Places Your ePHI Might be Hiding USB drives and other portable media devices1 Your staff’s text messages 2 Your staff’s email accounts3 The hard drives of copiers, scanners and fax machines4
27 Your voice files and recordings5 Your old EMR system6 Your medical equipment’s hard drives7 Your ePHI data held by third-party providers8 8 Places Your ePHI Might be Hiding
28 Isn’t Fax Always HIPAA Compliant?
29 Problem: A doctor's office mistakenly faxed medical records disclosing patient's HIV status to the patient's employer instead of to the patient's new health care provider. OCR Enforcement – Fax Compliance Example Physician Revises Faxing Procedures to Safeguard PHI OCR also required the practice to revise the office's fax cover page to underscore a confidential communication for the intended recipient. The office informed all its employees of the incident and counseled staff on proper faxing procedures. Remedy: The employee responsible received a written disciplinary warning, and both the employee and the physician apologized to the patient.
30 Virtually no IT administration, maintenance and troubleshooting Brings faxing into alignment with HIPAA Employs the most secure encryption Provides clear audit trails Allows easy retrieval of archived faxes Protects fax data in-flight and at rest Eliminates security vulnerabilities in traditional fax machines and servers eFax Corporate®: The HIPAA–compliant Cloud Faxing Solution Will Sign BAA
31 eFax Corporate® The world’s #1 online fax company – and the industry’s most experienced hosted fax service The most widely deployed online fax service for the Fortune 500 Trusted by more major healthcare, legal, financial and other highly- regulated firms trust than any other online fax provider to transmit sensitive documents Inbound / Outbound Faxes Hosted Fax Service Encrypted Fax Storage via eFax Secure (optional) Email, Secure Browser, Mobile App & eFax Messenger User Interfaces Encrypted in Transit with TLS PSTN Telco Service
32 Helpful Resources Ponemon Institute: Data Security Report Identity Theft Resource Center 2016 Breach Report Cisco 2017 Annual Cybersecurity Report HIPAA Privacy Rule The HIPAA Security Rule Toolkit NIST Special Pub 800-52 (Transport Layer Security) NIST’s Special Pub 800-111 (Storage Encryption) HHS Guidance on HIPAA & Cloud Computing
U.S. Sales (844) 241-1114 UK Sales 0800 689 0588 enterprise.efax.com Q&A

Recommended

Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Vitor Lundberg
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceHostway|HOSTING
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containersAbhishek Sood
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1GuardEra Access Solutions, Inc.
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
Red7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRed7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRobert Grupe, CSSLP CISSP PE PMP
 
HIPAA BYOD webinar-v6 - Final
HIPAA BYOD webinar-v6 - FinalHIPAA BYOD webinar-v6 - Final
HIPAA BYOD webinar-v6 - FinalMichael Flavin
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
 

Recommended

Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Vitor Lundberg
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceHostway|HOSTING
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containersAbhishek Sood
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1GuardEra Access Solutions, Inc.
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
Red7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRed7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRobert Grupe, CSSLP CISSP PE PMP
 
HIPAA BYOD webinar-v6 - Final
HIPAA BYOD webinar-v6 - FinalHIPAA BYOD webinar-v6 - Final
HIPAA BYOD webinar-v6 - FinalMichael Flavin
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016Compliancy Group
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowHIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowNetwork 1 Consulting
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa pptMari Mina
 
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax Technology
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations OnRamp
 
The Basics of Protecting PHI - Best Practices When Working with Business Asso...
The Basics of Protecting PHI - Best Practices When Working with Business Asso...The Basics of Protecting PHI - Best Practices When Working with Business Asso...
The Basics of Protecting PHI - Best Practices When Working with Business Asso...Endeavor Management
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud Compliancy Group
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Rob Levey
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityPolsinelli PC
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility moderobint2125
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 

More Related Content

What's hot

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016Compliancy Group
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowHIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowNetwork 1 Consulting
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa pptMari Mina
 
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax Technology
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations OnRamp
 
The Basics of Protecting PHI - Best Practices When Working with Business Asso...
The Basics of Protecting PHI - Best Practices When Working with Business Asso...The Basics of Protecting PHI - Best Practices When Working with Business Asso...
The Basics of Protecting PHI - Best Practices When Working with Business Asso...Endeavor Management
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud Compliancy Group
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Rob Levey
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityPolsinelli PC
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility moderobint2125
 

What's hot (20)

Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
 
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to KnowHIPAA HiTech Regulations: What Non-Medical Companies Need to Know
HIPAA HiTech Regulations: What Non-Medical Companies Need to Know
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa ppt
 
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous Evaluation
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-Wong
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations
 
The Basics of Protecting PHI - Best Practices When Working with Business Asso...
The Basics of Protecting PHI - Best Practices When Working with Business Asso...The Basics of Protecting PHI - Best Practices When Working with Business Asso...
The Basics of Protecting PHI - Best Practices When Working with Business Asso...
 
How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud How to safeguard ePHIi in the cloud
How to safeguard ePHIi in the cloud
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility mode
 

Similar to Healthcare CyberSecurity Update: Ensuring HIPAA Compliance with Cloud Services | eFax Corporate

Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
What Are The HIPAA Rules And How To Ensure HIPAA Compliance
What Are The HIPAA Rules And How To Ensure HIPAA ComplianceWhat Are The HIPAA Rules And How To Ensure HIPAA Compliance
What Are The HIPAA Rules And How To Ensure HIPAA ComplianceEMed HealthTech Pvt Ltd
 
HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftKevin Jenkins
 

Similar to Healthcare CyberSecurity Update: Ensuring HIPAA Compliance with Cloud Services | eFax Corporate (20)

Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummies
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
Hipaa
HipaaHipaa
Hipaa
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
What Are The HIPAA Rules And How To Ensure HIPAA Compliance
What Are The HIPAA Rules And How To Ensure HIPAA ComplianceWhat Are The HIPAA Rules And How To Ensure HIPAA Compliance
What Are The HIPAA Rules And How To Ensure HIPAA Compliance
 
Hippa breaches
Hippa breachesHippa breaches
Hippa breaches
 
HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_Draft
 

More from eFax Corporate®

Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...
Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...
Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...eFax Corporate®
 
Integrating Multifunction Printers with Cloud Fax: Part 1
Integrating Multifunction Printers with Cloud Fax: Part 1Integrating Multifunction Printers with Cloud Fax: Part 1
Integrating Multifunction Printers with Cloud Fax: Part 1eFax Corporate®
 
eFax Corporate Secure Faxing Online Datasheet
eFax Corporate Secure Faxing Online DatasheeteFax Corporate Secure Faxing Online Datasheet
eFax Corporate Secure Faxing Online DatasheeteFax Corporate®
 
eFax Corporate Multifunction Printer Fax Direct Datasheet
eFax Corporate Multifunction Printer Fax Direct DatasheeteFax Corporate Multifunction Printer Fax Direct Datasheet
eFax Corporate Multifunction Printer Fax Direct DatasheeteFax Corporate®
 
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingHIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingeFax Corporate®
 
GLBA, SOX & Finance Datasheet - eFax Corporate Secure Faxing
GLBA, SOX & Finance Datasheet - eFax Corporate Secure FaxingGLBA, SOX & Finance Datasheet - eFax Corporate Secure Faxing
GLBA, SOX & Finance Datasheet - eFax Corporate Secure FaxingeFax Corporate®
 
Survival Guide for the Fax Apocalypse
Survival Guide for the Fax ApocalypseSurvival Guide for the Fax Apocalypse
Survival Guide for the Fax ApocalypseeFax Corporate®
 
Hipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD WorldHipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD WorldeFax Corporate®
 
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax CorporateHow Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax CorporateeFax Corporate®
 
The IT manager’s survival guide to outsourcing your fax infrastructure to the...
The IT manager’s survival guide to outsourcing your fax infrastructure to the...The IT manager’s survival guide to outsourcing your fax infrastructure to the...
The IT manager’s survival guide to outsourcing your fax infrastructure to the...eFax Corporate®
 
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015eFax Corporate®
 

More from eFax Corporate® (11)

Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...
Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...
Protecting ePHI Transmissions in Healthcare - Is your Business Secure? | eFax...
 
Integrating Multifunction Printers with Cloud Fax: Part 1
Integrating Multifunction Printers with Cloud Fax: Part 1Integrating Multifunction Printers with Cloud Fax: Part 1
Integrating Multifunction Printers with Cloud Fax: Part 1
 
eFax Corporate Secure Faxing Online Datasheet
eFax Corporate Secure Faxing Online DatasheeteFax Corporate Secure Faxing Online Datasheet
eFax Corporate Secure Faxing Online Datasheet
 
eFax Corporate Multifunction Printer Fax Direct Datasheet
eFax Corporate Multifunction Printer Fax Direct DatasheeteFax Corporate Multifunction Printer Fax Direct Datasheet
eFax Corporate Multifunction Printer Fax Direct Datasheet
 
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure FaxingHIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
HIPAA Compliance Healthcare Datasheet - eFax Corporate Secure Faxing
 
GLBA, SOX & Finance Datasheet - eFax Corporate Secure Faxing
GLBA, SOX & Finance Datasheet - eFax Corporate Secure FaxingGLBA, SOX & Finance Datasheet - eFax Corporate Secure Faxing
GLBA, SOX & Finance Datasheet - eFax Corporate Secure Faxing
 
Survival Guide for the Fax Apocalypse
Survival Guide for the Fax ApocalypseSurvival Guide for the Fax Apocalypse
Survival Guide for the Fax Apocalypse
 
Hipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD WorldHipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD World
 
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax CorporateHow Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
How Businesses are Navigating the Transition to Cloud Computing - eFax Corporate
 
The IT manager’s survival guide to outsourcing your fax infrastructure to the...
The IT manager’s survival guide to outsourcing your fax infrastructure to the...The IT manager’s survival guide to outsourcing your fax infrastructure to the...
The IT manager’s survival guide to outsourcing your fax infrastructure to the...
 
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
 

Recently uploaded

Storage_of _Bariquin_Components_in_Storage_Boxes.pptx
Storage_of _Bariquin_Components_in_Storage_Boxes.pptxStorage_of _Bariquin_Components_in_Storage_Boxes.pptx
Storage_of _Bariquin_Components_in_Storage_Boxes.pptxBariquins
 
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...pchutichetpong
 
Ayurveda hair cosmetlogy on Indralupta or Alopecia.pptx
Ayurveda hair cosmetlogy on Indralupta or Alopecia.pptxAyurveda hair cosmetlogy on Indralupta or Alopecia.pptx
Ayurveda hair cosmetlogy on Indralupta or Alopecia.pptxAyurgyan2077
 
Unlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed Edge
Unlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed EdgeUnlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed Edge
Unlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed Edgerenewed edge
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxpriyabhojwani1200
 
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...ILC- UK
 
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfCHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfSachin Sharma
 
GENERAL PHARMACOLOGY - INTRODUCTION DENTAL.ppt
GENERAL PHARMACOLOGY - INTRODUCTION DENTAL.pptGENERAL PHARMACOLOGY - INTRODUCTION DENTAL.ppt
GENERAL PHARMACOLOGY - INTRODUCTION DENTAL.pptMangaiarkkarasi
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyIris Thiele Isip-Tan
 
The History of Hypochlorous Acid.....pdf
The History of Hypochlorous Acid.....pdfThe History of Hypochlorous Acid.....pdf
The History of Hypochlorous Acid.....pdfSterlocOfficial
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........TheDocs
 
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤aunty1x2
 
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptxR3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptxR3 Stem Cell
 
Urinary Elimination BY ANUSHRI SRIVASTAVA.pptx
Urinary Elimination BY ANUSHRI SRIVASTAVA.pptxUrinary Elimination BY ANUSHRI SRIVASTAVA.pptx
Urinary Elimination BY ANUSHRI SRIVASTAVA.pptxAnushriSrivastav
 
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdfDemystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdfSasikiranMarri
 
CHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdf
CHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdfCHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdf
CHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdfSachin Sharma
 
Enhancing-Patient-Centric-Clinical-Trials.pdf
Enhancing-Patient-Centric-Clinical-Trials.pdfEnhancing-Patient-Centric-Clinical-Trials.pdf
Enhancing-Patient-Centric-Clinical-Trials.pdfgajendrasinh1303
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...rajkumar669520
 
Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...
Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...
Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...saimasadaf14
 
Management of psoriasis.pptx (Recent advances)
Management of psoriasis.pptx (Recent advances)Management of psoriasis.pptx (Recent advances)
Management of psoriasis.pptx (Recent advances)DR. MOHNISH SEKAR
 

Recently uploaded (20)

Storage_of _Bariquin_Components_in_Storage_Boxes.pptx
Storage_of _Bariquin_Components_in_Storage_Boxes.pptxStorage_of _Bariquin_Components_in_Storage_Boxes.pptx
Storage_of _Bariquin_Components_in_Storage_Boxes.pptx
 
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
 
Ayurveda hair cosmetlogy on Indralupta or Alopecia.pptx
Ayurveda hair cosmetlogy on Indralupta or Alopecia.pptxAyurveda hair cosmetlogy on Indralupta or Alopecia.pptx
Ayurveda hair cosmetlogy on Indralupta or Alopecia.pptx
 
Unlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed Edge
Unlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed EdgeUnlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed Edge
Unlocking the Benefits of Cognitive Behavioural Therapy (CBT) with Renewed Edge
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptx
 
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...
 
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfCHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
 
GENERAL PHARMACOLOGY - INTRODUCTION DENTAL.ppt
GENERAL PHARMACOLOGY - INTRODUCTION DENTAL.pptGENERAL PHARMACOLOGY - INTRODUCTION DENTAL.ppt
GENERAL PHARMACOLOGY - INTRODUCTION DENTAL.ppt
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular Therapy
 
The History of Hypochlorous Acid.....pdf
The History of Hypochlorous Acid.....pdfThe History of Hypochlorous Acid.....pdf
The History of Hypochlorous Acid.....pdf
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........
 
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
 
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptxR3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
 
Urinary Elimination BY ANUSHRI SRIVASTAVA.pptx
Urinary Elimination BY ANUSHRI SRIVASTAVA.pptxUrinary Elimination BY ANUSHRI SRIVASTAVA.pptx
Urinary Elimination BY ANUSHRI SRIVASTAVA.pptx
 
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdfDemystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
Demystifying-Gene-Editing-The-Promise-and-Peril-of-CRISPR.pdf
 
CHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdf
CHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdfCHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdf
CHAPTER- 1 SEMESTER V NATIONAL-POLICIES-AND-LEGISLATION.pdf
 
Enhancing-Patient-Centric-Clinical-Trials.pdf
Enhancing-Patient-Centric-Clinical-Trials.pdfEnhancing-Patient-Centric-Clinical-Trials.pdf
Enhancing-Patient-Centric-Clinical-Trials.pdf
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
 
Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...
Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...
Jesse Jhaj: Building Relationships with Patients as a Doctor or Healthcare Wo...
 
Management of psoriasis.pptx (Recent advances)
Management of psoriasis.pptx (Recent advances)Management of psoriasis.pptx (Recent advances)
Management of psoriasis.pptx (Recent advances)
 

Healthcare CyberSecurity Update: Ensuring HIPAA Compliance with Cloud Services | eFax Corporate

  • 1. Webinar & Live Q&A Healthcare CyberSecurity Update: EnsuringHIPAACompliancewithCloud Services
  • 2. 2 Brad Spannbauer Senior Director, Product Development HIPAA Privacy Officer eFax Corporate® David Hold Senior Product Marketing Manager eFax Corporate® Your Speakers
  • 3. 3 Agenda 1 Present State of Healthcare Cybersecurity: The latest stats on data breaches and HIPAA Violations 2 HHS-OCR Audit Program & Enforcement Actions 3 Cloud Service Providers and HIPAA Compliance 4 Cyber hacking, Data Breaches and Ransomware 5 HIPAA standard on encryption and integrity strategies, tips and techniques Common compliance and security pitfalls – 8 places your ePHI might be hiding 6 How Cloud Faxing is more secure AND compliant7
  • 4. 4 The information provided in this presentation does not constitute, and is no substitute for, legal or other professional advice. We strongly encourage you to consult your own legal or other professional advisors for individualized guidance regarding the application of the law to your particular situations, and in connection with any compliance-related concerns.
  • 5. 5 Source: Healthcare Is Under Attack! Healthcare is in the Cross-hairs of the Cyber-criminals • PHI commands 10-20 times value of credit card data • Credit cards can be easily cancelled, numbers changed • Personal health records are more or less permanent
  • 6. 6 Dept. of Health & Human Services Office of Civil Rights: 144,662 Complaints -- 97% resolved 24,617 cases (17%) corrective action 1688 large breaches >500 records 41 cases settled – $48.7 million 589 Criminal Referrals to DoJ Identity Theft Resource Center 2016 Data Breach Summary Healthcare Industry 376 Data Breaches 34.4% of Total 16 million PHI records affected 43.6% of Total Healthcare CyberSecurity & Compliance Stats Enforcement is ramping up! Record Number Of Settlements and Corrective Action Plans Source:
  • 7. 7 OCR Audit Program Update “We can open a compliance review for any reason whatsoever.” Deven McGraw, Deputy Director, Health Information Privacy, HHS Office for Civil Rights • Phase 2 of the HIPAAAudit Program began in 2nd half 2016 • Business Associates are now included in audits • New Guidance -- Cloud Service Providers are BAs • If Audited, must document applicable policies, procedures, and evidence of implementation Source:
  • 8. 8 $5.55M Advocate Health Care No company is too big or too small to escape… $2.75M University of Miss. Medical Center $25K Complete P.T. Physical Therapy Source:
  • 9. 9 $2.1M St. Joseph’s Health System Lessons Learned $2.7M Oregon State University Health Services $650K Catholic Health Care of Philadelphia Source:
  • 10. 10 Source: Cloud Service Provider Compliance Q. When is a CSP a BA? A. When it “creates, receives, maintains or transmits ePHI, for, or on behalf of, a CE or BA” 1. Cloud Service Providers (CSPs) that do any of the above are Business Associates (BAs) and need to comply with applicable HIPAA regulations. 2. When a CSP stores and/or processes ePHI for a CE or BA, that CSP is a BA and needs to sign a Business AssociateAgreement. 3. CSPs are not ‘conduits’ if they store ePHI on more than a temporary basis.
  • 11. 11 Source: Sources of Data Breaches Large data breaches affecting more than >500 individuals 2009 – 2016: Theft 45% Unauthorized Access/Disclos ure 25% Hacking 13% Loss 8% Other 6% Improper disposal 3%
  • 12. 12 Cyber Hacking Risks - Ransomware Ransomware emerged as a major threat in 2016 Questions – • Is a ransomware attack same as a data breach? • Does it trigger the reporting requirement? • What is the probability ePHI was compromised?
  • 13. 13 $221 Patients were affected in 2016 Cyber Hacking Risks 49% Of organizations were victims of data breaches in 2016 1 in 3 Average cost of breached data record in 2016 Source:
  • 14. 14 A Data Breach can have substantial consequences to revenues, customers, reputation Economic Consequences of Data Breach 42% lost 20% or more opportunities 38% lost 20% or more customers 39% lost 20% or more revenues 49% had to manage public scrutiny following a breach Source:
  • 15. 15 Mobile Devices 58%* Data in Public Cloud 57%* Cloud Infrastructure 57%* User Behavior 57%* Security Pros -- Top 4 Cybersecurity Concerns Source:*Percentage of Security Professionals Who Find the Categories Very or Extremely Challenging
  • 17. 17 Compliance is necessary but not sufficient to protect ePHI Compliance Alone is Not Enough Regulations will always be many steps behind the latest threat
  • 18. 18 The HIPAA Standard: Source: 45 CFR 164.306: • Ensure ePHI confidentiality • Protect from reasonably anticipated threats • Use any security measures that comply Security Standards: Encryption and Integrity of ePHI Transmissions TIP: Treat Addressable Standards as Required
  • 19. 19 Source: 1. Encryption and decryption -- 45 CFR § 164.312(a)(2)(iv) 2. Integrity controls -- 45 CFR § 164.312(e)(2)(i) 2 Secure-Transmission Requirements: Encryption and Integrity ePHI Encryption: The covered entity must: “Implement a mechanism to encrypt and decrypt electronic protected health information.” 1 ePHI Integrity: The covered entity must: “Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.” 2 HIPAA’s Demand for Encryption and Integrity
  • 20. 20 So, is Encryption Required under HIPAA? Required? No, but… “Although encryption is an addressable issue, encryption remains the Gold Standard for protection of ePHI.” Jocelyn Samuels, Director, Office for Civil Rights Department of Health & Human Services Source:
  • 21. 21 What’s Considered a “Secure” ePHI Transmission? Federal agencies generally follow the encryption standards set forth by The National Institute of Standards & Technology
  • 22. 22 encryption standards for ePHI in motion… TLS TLS 1.2 encryption What’s Considered a “Secure” ePHI Transmission? Source:
  • 23. 23 encryption standards for ePHI at rest… AES 256-bit encryptionAES What’s Considered a “Secure” ePHI Transmission? Source:
  • 24. 24 The HIPAA Security Rule: 45 CFR 164.308(a)(1)(ii)(A): • Conduct accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by the organization (Required) Administrative Safeguards: SOURCE: 45 CFR 164.308(a)(1)(i): • Security Management Process: Implement policies and procedures to Prevent, Detect, Contain and Correct Security Violations (Required) • See Also: 164.312(e)(2)(ii)(B)
  • 25. 25 Fax Transmissions (fax machine or fax servers) Desktop Virtualization Roaming desktop/SSO Secure fax by email (with TLS encryption) BYOD (text, email, file sharing apps) Paper Voice Health Information Exchange EHRs (e.g., Cerner, Athena Health) Email (via corporate network or personal email client) @ How Do Businesses Access and Disclose ePHI?
  • 26. 26 8 Places Your ePHI Might be Hiding USB drives and other portable media devices1 Your staff’s text messages 2 Your staff’s email accounts3 The hard drives of copiers, scanners and fax machines4
  • 27. 27 Your voice files and recordings5 Your old EMR system6 Your medical equipment’s hard drives7 Your ePHI data held by third-party providers8 8 Places Your ePHI Might be Hiding
  • 28. 28 Isn’t Fax Always HIPAA Compliant?
  • 29. 29 Problem: A doctor's office mistakenly faxed medical records disclosing patient's HIV status to the patient's employer instead of to the patient's new health care provider. OCR Enforcement – Fax Compliance Example Physician Revises Faxing Procedures to Safeguard PHI OCR also required the practice to revise the office's fax cover page to underscore a confidential communication for the intended recipient. The office informed all its employees of the incident and counseled staff on proper faxing procedures. Remedy: The employee responsible received a written disciplinary warning, and both the employee and the physician apologized to the patient.
  • 30. 30 Virtually no IT administration, maintenance and troubleshooting Brings faxing into alignment with HIPAA Employs the most secure encryption Provides clear audit trails Allows easy retrieval of archived faxes Protects fax data in-flight and at rest Eliminates security vulnerabilities in traditional fax machines and servers eFax Corporate®: The HIPAA–compliant Cloud Faxing Solution Will Sign BAA
  • 31. 31 eFax Corporate® The world’s #1 online fax company – and the industry’s most experienced hosted fax service The most widely deployed online fax service for the Fortune 500 Trusted by more major healthcare, legal, financial and other highly- regulated firms trust than any other online fax provider to transmit sensitive documents Inbound / Outbound Faxes Hosted Fax Service Encrypted Fax Storage via eFax Secure (optional) Email, Secure Browser, Mobile App & eFax Messenger User Interfaces Encrypted in Transit with TLS PSTN Telco Service
  • 32. 32 Helpful Resources Ponemon Institute: Data Security Report Identity Theft Resource Center 2016 Breach Report Cisco 2017 Annual Cybersecurity Report HIPAA Privacy Rule The HIPAA Security Rule Toolkit NIST Special Pub 800-52 (Transport Layer Security) NIST’s Special Pub 800-111 (Storage Encryption) HHS Guidance on HIPAA & Cloud Computing
  • 33. U.S. Sales (844) 241-1114 UK Sales 0800 689 0588 enterprise.efax.com Q&A