SlideShare a Scribd company logo

HIPAA BYOD webinar-v6 - Final

Download as PPTX, PDF
M
Michael Flavin

This document discusses HIPAA-compliant faxing in a bring your own device (BYOD) environment. It notes that many healthcare providers now use personal mobile devices to access patient health information. While BYOD offers benefits like increased productivity, it also poses security risks if devices are lost, stolen or hacked. The document outlines HIPAA rules regarding technical safeguards like data encryption and reviews common misconceptions about BYOD compliance. It provides best practices for securing electronic protected health information accessed via BYOD, including mobile device management and data encryption. Finally, it presents examples of HIPAA-compliant mobile faxing use cases using eFax Corporate and discusses how the solution meets compliance requirements.

1 of 29
World Leader in Digital Faxing HIPAA-compliant Faxing… in a BYOD World Trends Misconceptions Best Practices HIPAA-compliant Faxing
World Leader in Digital Faxing The Speakers Michael Flavin Senior Product Marketing Manager eFaxCorporate®,partof j2CloudServices Brad Spannbauer Director, Product Development eFaxCorporate®,Partofj2CloudServices
World Leader in Digital Faxing HIPAA Concerns with BYOD — and Common Misconceptions Faxing in Healthcare Today Q&A Industry Trends: BYOD in Healthcare Compliant Mobile Faxing with eFax Corporate® and eFax Secure™ BYOD Best-Practices for Protecting ePHI Agenda
World Leader in Digital FaxingWorld Leader in Digital Faxing 4 Michael Flavin Sr. Product Marketing Manager j2 Cloud Services Michael Pearson CISSP
World Leader in Digital Faxing 81%of physicians now use their personal mobile devices to access ePHI. Source: World Leader in Digital Faxing
World Leader in Digital Faxing 60% of doctors say they avoid at least one adverse drug error a week by using medical apps. Source: 50% report these apps save them 20 minutes a day — for a busy primary-care physician, a chance to see 2 more patients a day.
World Leader in Digital Faxing  Lost devices  Hacked devices  Jail-broken devices  Stolen devices  Unauthorized access But BYOD Carries Real Risks for Healthcare Firms World Leader in Digital Faxing
World Leader in Digital Faxing 40% of all HIPAA violations involve lost or stolen mobile devices. Source: World Leader in Digital Faxing
World Leader in Digital Faxing Source: 88%of health firms let staff use personal devices to connect to the enterprise network — but fewer than half of these firms are confident that their staff’s devices are secure. World Leader in Digital Faxing
World Leader in Digital Faxing Healthcare providers are increasingly relying on medical apps in their practices. World Leader in Digital Faxing HIPAA Concerns in a BYOD Environment Source: HealthIToutcomes
World Leader in Digital Faxing What if your staff’s devices don’t have built-in security or anti-malware protection? What if your staff uses their devices to access ePHI without encryption on a public network? What if they lose a device containing ePHI? What happens to a device’s data if an employee leaves or is terminated? An employee uses access through apps to improperly World Leader in Digital Faxing BYOD Poses Real Security and HIPAAIssues With ePHI and BYOD Access viaApps
World Leader in Digital FaxingWorld Leader in Digital Faxing HIPAA PRIVACY RULE: Requires covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form. HIPAA SECURITY RULE: The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. No specific guidance on BYOD, but the onus is on the covered entity to anticipate and protect impermissible, unauthorized use of ePHI… World Leader in Digital Faxing ButAre These BYODApps HIPAACompliant? Source: www.hhs.gov
World Leader in Digital FaxingWorld Leader in Digital Faxing What RulesApply to BYOD andApps? Data Encryption Protocols TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION: 45 CFR Section 164.312(a)(2)(iv): Which one? “A covered entity or business associate must… Implement a mechanism to encrypt and decrypt electronic protected health information.”
World Leader in Digital Faxing TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION: 45 CFR Section 164.312(a)(2)(iv): “A covered entity or business associate must… Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.” What measures? Another Critical Question: Are Your Data Encryption Protocols Compliant?
World Leader in Digital Faxing Bottom Line Rules of HIPAAthat can help protect ePHI accessed on apps via BYOD devices • Access Control – CFR 164.308(a)(4) (Information Access Mgmt) • Transmission Security – 45 CFR 164.312(e)(2)(i) • Data Encryption – 45 CFR 164.312(a)(2)(iv) • Audit Control – 45 CFR 164.312(b)
World Leader in Digital Faxing 5 Common MisconceptionsAbout BYOD and HIPAA Compliance We use leading medical apps tocheck ePHI on our smartphones, and thoseapps are probably HIPAAcompliant.1. If an employee leaves a mobile device at a coffee house or restaurant, the covered entity is not liable.2. Weask our staff topassword-protect themobile devices they use for work purposes. We’reHIPAAcompliant.3. Our corporate policy is tomakeevery efforttoprotect patient information— even on mobile devices— and that puts in compliance with HIPAA. 4. We’re compliant for sure, because the vendor that handles our data storage signed a BAA.5.
World Leader in Digital FaxingWorld Leader in Digital Faxing 10 BYOD Best-Practices for Protecting ePHI Create clear, concise and comprehensive policies regarding ePHI — and disseminate companywide.1. Create a list of allowed devices (and/or operating systems) your enterprisewill allow stafftouse for work and toaccessePHI.2. Makesure your ePHI datais secure“at rest” as well as in-transit.3. Install and regularly update virus-protection,anti-malware software on all of your staffs’mobile devices that access or storeePHI.4. Train all healthcare providers and other staffin thesecure and compliant use of ePHI on any device in any location.5. Source:
World Leader in Digital FaxingWorld Leader in Digital Faxing 10 BYOD Best-Practices for Protecting ePHI Employ the highest levels of encryption possible for all ePHI transmitted,shared or storedanywhere.6. Demand staffimplement password protectionfor all mobile devices that access ePHI.7. Deploy next-gen security technologies suchas IDS/IPS,virtualization and application firewalls.8. Implement biometrics, suchas fingerprint readers, on portable devices thataccess ePHI.9. ImplementMobileDevice Management — includingtracking and remote wipingof any device lost or stolen.10. Source:
World Leader in Digital FaxingWorld Leader in Digital Faxing Mobile Device Management: The Basics MDM is a process allowing IT to manage and protect mobile devices— both company owned and personal — used across the enterprise.
World Leader in Digital FaxingWorld Leader in Digital Faxing Mobile Device Management: Six Best Practices to Enhance Your Mobile Device (BYOD) Usage and Enhance HIPAACompliance Create a dynamic inventory of mobile devices.1. Distribute and enforce password and encryption policies.2. Adopt a tracking/deactivation/remoteswipe system.3. Implement a DLPprogram.4. Maintain separation of personal & professional data on BYODs.5. Balance employee productivity with ITControl.6.
World Leader in Digital Faxing HIPAA-compliant BYOD (Mobile Device) Faxing Use Cases Brad Spannbauer Director, Product Development eFaxCorporate®,Partofj2CloudServices
World Leader in Digital Faxing 61% of healthcare firms cite fax as one of two top approaches to exchanging critical information. World Leader in Digital Faxing Healthcare Survey Faxing: Still a Major Communication Protocol in Healthcare
World Leader in Digital Faxing 42% believe online fax is the most effective communication technology for HIPAA compliance. World Leader in Digital Faxing Healthcare Survey Faxing: Still a Major Communication Protocol in Healthcare
World Leader in Digital Faxing 37% cite fax technology as the most undervalued when it comes to security and business needs. World Leader in Digital Faxing Healthcare Survey Faxing: Still a Major Communication Protocol in Healthcare
World Leader in Digital Faxing HIPAA-Compliant Mobile Faxing with eFax Corporate® and eFax Secure™ Physician faxing image from mobile device to insurance company (Yep — HIPAACompliant!) Insurance company faxing approval for surgery (HIPAACompliant) Med staff faxing authorization to pharmacy (HIPAACompliant)
World Leader in Digital Faxing How eFax Corporate Measures UpAsYour HIPAA-Compliant Online Fax Solution Business Associate Agreement Security Protocols Compliance & Auditability Redundancy & DR BusinessAssociateAgreements Reportingfor Compliance andAudit Redundant Data Centers with DR Strong Encryption – at-rest and in-motion
World Leader in Digital Faxing Internet Unparalleled Cloud Fax Infrastructure 30+ Worldwide Colocations PSTN – SIP Trunk on Redundant Internet Fiber Circuits TLS Outbound Secure TLS Inbound Built on N+1 Network, Systems and Hardware Business Continuity Disaster Recovery 24/7/365 Monitoring 24/7/365 Tech Support Southeast Southwest Southwest Canada Northwest Europe
World Leader in Digital Faxing eFax Corporate: a Leader in Cloud Services eFax Corporate is Part of Publicly-Traded j2 Global (Nasdaq; JCOM)  Market Capitalization: $3.2 Billion  More than 12 million customers worldwide  Growing in revenue for over 17 consecutive years  Unique Intellectual Property (IP) of 40+ cloud-service companies  Deepest online-fax Intellectual Property portfolio  Numerous US and foreign patents  Patents pending across a host of cloud-based communication technologies World Leader in Digital Faxing
World Leader in Digital Faxing U.S.Sales (888)532-9265 UKSales +44(0)8707113811 www.enterprise.efax.com Q&A

Recommended

Hipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD WorldHipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD World
eFax Corporate®
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
K Singh
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
IBM Software India
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Jim Kaplan CIA CFE
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
Survey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate EnvironmentsSurvey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate Environments
Osterman Research, Inc.
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and Applications
EMMAIntl
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
iSSAL
 

Recommended

Hipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD WorldHipaa Compliant Faxing in a BYOD World
Hipaa Compliant Faxing in a BYOD World
eFax Corporate®
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
K Singh
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
IBM Software India
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Jim Kaplan CIA CFE
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
Survey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate EnvironmentsSurvey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate Environments
Osterman Research, Inc.
 
Understanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and ApplicationsUnderstanding Cybersecurity in Medical Devices and Applications
Understanding Cybersecurity in Medical Devices and Applications
EMMAIntl
 
Backing up Android and iOs devices
Backing up Android and iOs devicesBacking up Android and iOs devices
Backing up Android and iOs devices
iSSAL
 
Remote auditing: the pros and cons
Remote auditing: the pros and consRemote auditing: the pros and cons
Remote auditing: the pros and cons
Illumeo
 
Importance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in HealthcareImportance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in Healthcare
ChromeInfo Technologies
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle east
team-abr
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
Rajivarnan R
 
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Quarles & Brady
 
Cosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of ByodCosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of Byod
TAL Global - International Security and Counter-Terrorism Consultancy
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
Compliancy Group
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey Report
Symantec
 
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
Thierry Labro
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
sandhibhide
 
IDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Live | Mitigating Data Risks from Cloud to GroundIDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Software
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
CheapSSLsecurity
 
Impact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + BotImpact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + Bot
Vinod Kashyap
 
PREPARING FOR THE GDPR
PREPARING FOR THE GDPRPREPARING FOR THE GDPR
PREPARING FOR THE GDPR
Annelore van der Lint
 
Top Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingTop Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software Testing
Cigniti Technologies Ltd
 
RFID Simulation of the US Pharmaceutical Supply Chain
RFID Simulation of the US Pharmaceutical Supply ChainRFID Simulation of the US Pharmaceutical Supply Chain
RFID Simulation of the US Pharmaceutical Supply Chain
Paul Hofmann
 
Insight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight 2020 Technology Report: IT Trends for Midmarket and Small BusinessInsight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight
 
Big data security
Big data securityBig data security
Big data security
CloudBees
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
Blueboxer2014
 
The Future of BYOD, BYOA and Consumerization
The Future of BYOD, BYOA and ConsumerizationThe Future of BYOD, BYOA and Consumerization
The Future of BYOD, BYOA and Consumerization
Jay McBain
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Calgary Scientific Inc.
 

More Related Content

What's hot

Remote auditing: the pros and cons
Remote auditing: the pros and consRemote auditing: the pros and cons
Remote auditing: the pros and cons
Illumeo
 
Importance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in HealthcareImportance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in Healthcare
ChromeInfo Technologies
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle east
team-abr
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
Rajivarnan R
 
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Quarles & Brady
 
Cosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of ByodCosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of Byod
TAL Global - International Security and Counter-Terrorism Consultancy
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
Compliancy Group
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey Report
Symantec
 
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
Thierry Labro
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
sandhibhide
 
IDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Live | Mitigating Data Risks from Cloud to GroundIDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Software
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
CheapSSLsecurity
 
Impact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + BotImpact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + Bot
Vinod Kashyap
 
PREPARING FOR THE GDPR
PREPARING FOR THE GDPRPREPARING FOR THE GDPR
PREPARING FOR THE GDPR
Annelore van der Lint
 
Top Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingTop Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software Testing
Cigniti Technologies Ltd
 
RFID Simulation of the US Pharmaceutical Supply Chain
RFID Simulation of the US Pharmaceutical Supply ChainRFID Simulation of the US Pharmaceutical Supply Chain
RFID Simulation of the US Pharmaceutical Supply Chain
Paul Hofmann
 
Insight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight 2020 Technology Report: IT Trends for Midmarket and Small BusinessInsight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight
 
Big data security
Big data securityBig data security
Big data security
CloudBees
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
Blueboxer2014
 

What's hot (20)

Remote auditing: the pros and cons
Remote auditing: the pros and consRemote auditing: the pros and cons
Remote auditing: the pros and cons
 
Importance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in HealthcareImportance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in Healthcare
 
Byod in the middle east
Byod in the middle eastByod in the middle east
Byod in the middle east
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
 
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...Legal Risks of Operating in the World of Connected Technologies (Internet of ...
Legal Risks of Operating in the World of Connected Technologies (Internet of ...
 
Cosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of ByodCosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of Byod
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey Report
 
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
“The Impact of Mobile Devices on Information Security: A Survey of IT and Sec...
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
 
IDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Live | Mitigating Data Risks from Cloud to GroundIDERA Live | Mitigating Data Risks from Cloud to Ground
IDERA Live | Mitigating Data Risks from Cloud to Ground
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
 
Impact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + BotImpact of Technology on Profession: Human Vs. AI + Bot
Impact of Technology on Profession: Human Vs. AI + Bot
 
PREPARING FOR THE GDPR
PREPARING FOR THE GDPRPREPARING FOR THE GDPR
PREPARING FOR THE GDPR
 
Top Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software TestingTop Software Glitches and Growing Significance of Software Testing
Top Software Glitches and Growing Significance of Software Testing
 
RFID Simulation of the US Pharmaceutical Supply Chain
RFID Simulation of the US Pharmaceutical Supply ChainRFID Simulation of the US Pharmaceutical Supply Chain
RFID Simulation of the US Pharmaceutical Supply Chain
 
Insight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight 2020 Technology Report: IT Trends for Midmarket and Small BusinessInsight 2020 Technology Report: IT Trends for Midmarket and Small Business
Insight 2020 Technology Report: IT Trends for Midmarket and Small Business
 
Big data security
Big data securityBig data security
Big data security
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
 

Similar to HIPAA BYOD webinar-v6 - Final

The Future of BYOD, BYOA and Consumerization
The Future of BYOD, BYOA and ConsumerizationThe Future of BYOD, BYOA and Consumerization
The Future of BYOD, BYOA and Consumerization
Jay McBain
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Calgary Scientific Inc.
 
How Disruptive Technologies Drive Innovation in the Channel
How Disruptive Technologies Drive Innovation in the ChannelHow Disruptive Technologies Drive Innovation in the Channel
How Disruptive Technologies Drive Innovation in the Channel
Jay McBain
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containers
Abhishek Sood
 
Mobile monday mhealth
Mobile monday mhealthMobile monday mhealth
Mobile monday mhealth
Joe Drumgoole
 
BYOD, BYOA and Consumerization
BYOD, BYOA and ConsumerizationBYOD, BYOA and Consumerization
BYOD, BYOA and Consumerization
Jay McBain
 
Digital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences JulyDigital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences July
Paul Gulbin
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptx
MyAppGurus
 
HIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdfHIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdf
philipthomas428223
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
Concetto Labs
 
The Finder
The FinderThe Finder
The Finder
milkyserge
 
Cyber security
Cyber securityCyber security
Cyber security
healthsoftware
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
Provider Resources Group
 
HP Whitepaper BYOD in Healthcare
HP Whitepaper BYOD in Healthcare HP Whitepaper BYOD in Healthcare
HP Whitepaper BYOD in Healthcare
Wirehead Technology
 
A case study on BFSI and healthcare
A case study on BFSI and healthcare A case study on BFSI and healthcare
A case study on BFSI and healthcare
Anubhuti Pandey
 
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
Nageena Vijayan
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
PYA, P.C.
 
Healthcare data breach
Healthcare data breachHealthcare data breach
Healthcare data breach
healthsoftware
 
HxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason WangHxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason Wang
HxRefactored
 

Similar to HIPAA BYOD webinar-v6 - Final (20)

The Future of BYOD, BYOA and Consumerization
The Future of BYOD, BYOA and ConsumerizationThe Future of BYOD, BYOA and Consumerization
The Future of BYOD, BYOA and Consumerization
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
How Disruptive Technologies Drive Innovation in the Channel
How Disruptive Technologies Drive Innovation in the ChannelHow Disruptive Technologies Drive Innovation in the Channel
How Disruptive Technologies Drive Innovation in the Channel
 
Guide to hipaa compliance for containers
Guide to hipaa compliance for containersGuide to hipaa compliance for containers
Guide to hipaa compliance for containers
 
Mobile monday mhealth
Mobile monday mhealthMobile monday mhealth
Mobile monday mhealth
 
BYOD, BYOA and Consumerization
BYOD, BYOA and ConsumerizationBYOD, BYOA and Consumerization
BYOD, BYOA and Consumerization
 
Digital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences JulyDigital Innovation Impact in Life Sciences July
Digital Innovation Impact in Life Sciences July
 
Tips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptxTips for creating Effective & HIPPA compliant mobile.pptx
Tips for creating Effective & HIPPA compliant mobile.pptx
 
HIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdfHIPAA-Compliant Healthcare App.pdf
HIPAA-Compliant Healthcare App.pdf
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
 
The Finder
The FinderThe Finder
The Finder
 
Cyber security
Cyber securityCyber security
Cyber security
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
 
HP Whitepaper BYOD in Healthcare
HP Whitepaper BYOD in Healthcare HP Whitepaper BYOD in Healthcare
HP Whitepaper BYOD in Healthcare
 
A case study on BFSI and healthcare
A case study on BFSI and healthcare A case study on BFSI and healthcare
A case study on BFSI and healthcare
 
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
RapidValue White Paper on Regulations and compliance for enterprise mHealth a...
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
 
Healthcare data breach
Healthcare data breachHealthcare data breach
Healthcare data breach
 
HxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason WangHxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason Wang
 

HIPAA BYOD webinar-v6 - Final

  • 1. World Leader in Digital Faxing HIPAA-compliant Faxing… in a BYOD World Trends Misconceptions Best Practices HIPAA-compliant Faxing
  • 2. World Leader in Digital Faxing The Speakers Michael Flavin Senior Product Marketing Manager eFaxCorporate®,partof j2CloudServices Brad Spannbauer Director, Product Development eFaxCorporate®,Partofj2CloudServices
  • 3. World Leader in Digital Faxing HIPAA Concerns with BYOD — and Common Misconceptions Faxing in Healthcare Today Q&A Industry Trends: BYOD in Healthcare Compliant Mobile Faxing with eFax Corporate® and eFax Secure™ BYOD Best-Practices for Protecting ePHI Agenda
  • 4. World Leader in Digital FaxingWorld Leader in Digital Faxing 4 Michael Flavin Sr. Product Marketing Manager j2 Cloud Services Michael Pearson CISSP
  • 5. World Leader in Digital Faxing 81%of physicians now use their personal mobile devices to access ePHI. Source: World Leader in Digital Faxing
  • 6. World Leader in Digital Faxing 60% of doctors say they avoid at least one adverse drug error a week by using medical apps. Source: 50% report these apps save them 20 minutes a day — for a busy primary-care physician, a chance to see 2 more patients a day.
  • 7. World Leader in Digital Faxing  Lost devices  Hacked devices  Jail-broken devices  Stolen devices  Unauthorized access But BYOD Carries Real Risks for Healthcare Firms World Leader in Digital Faxing
  • 8. World Leader in Digital Faxing 40% of all HIPAA violations involve lost or stolen mobile devices. Source: World Leader in Digital Faxing
  • 9. World Leader in Digital Faxing Source: 88%of health firms let staff use personal devices to connect to the enterprise network — but fewer than half of these firms are confident that their staff’s devices are secure. World Leader in Digital Faxing
  • 10. World Leader in Digital Faxing Healthcare providers are increasingly relying on medical apps in their practices. World Leader in Digital Faxing HIPAA Concerns in a BYOD Environment Source: HealthIToutcomes
  • 11. World Leader in Digital Faxing What if your staff’s devices don’t have built-in security or anti-malware protection? What if your staff uses their devices to access ePHI without encryption on a public network? What if they lose a device containing ePHI? What happens to a device’s data if an employee leaves or is terminated? An employee uses access through apps to improperly World Leader in Digital Faxing BYOD Poses Real Security and HIPAAIssues With ePHI and BYOD Access viaApps
  • 12. World Leader in Digital FaxingWorld Leader in Digital Faxing HIPAA PRIVACY RULE: Requires covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form. HIPAA SECURITY RULE: The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. No specific guidance on BYOD, but the onus is on the covered entity to anticipate and protect impermissible, unauthorized use of ePHI… World Leader in Digital Faxing ButAre These BYODApps HIPAACompliant? Source: www.hhs.gov
  • 13. World Leader in Digital FaxingWorld Leader in Digital Faxing What RulesApply to BYOD andApps? Data Encryption Protocols TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION: 45 CFR Section 164.312(a)(2)(iv): Which one? “A covered entity or business associate must… Implement a mechanism to encrypt and decrypt electronic protected health information.”
  • 14. World Leader in Digital Faxing TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION: 45 CFR Section 164.312(a)(2)(iv): “A covered entity or business associate must… Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.” What measures? Another Critical Question: Are Your Data Encryption Protocols Compliant?
  • 15. World Leader in Digital Faxing Bottom Line Rules of HIPAAthat can help protect ePHI accessed on apps via BYOD devices • Access Control – CFR 164.308(a)(4) (Information Access Mgmt) • Transmission Security – 45 CFR 164.312(e)(2)(i) • Data Encryption – 45 CFR 164.312(a)(2)(iv) • Audit Control – 45 CFR 164.312(b)
  • 16. World Leader in Digital Faxing 5 Common MisconceptionsAbout BYOD and HIPAA Compliance We use leading medical apps tocheck ePHI on our smartphones, and thoseapps are probably HIPAAcompliant.1. If an employee leaves a mobile device at a coffee house or restaurant, the covered entity is not liable.2. Weask our staff topassword-protect themobile devices they use for work purposes. We’reHIPAAcompliant.3. Our corporate policy is tomakeevery efforttoprotect patient information— even on mobile devices— and that puts in compliance with HIPAA. 4. We’re compliant for sure, because the vendor that handles our data storage signed a BAA.5.
  • 17. World Leader in Digital FaxingWorld Leader in Digital Faxing 10 BYOD Best-Practices for Protecting ePHI Create clear, concise and comprehensive policies regarding ePHI — and disseminate companywide.1. Create a list of allowed devices (and/or operating systems) your enterprisewill allow stafftouse for work and toaccessePHI.2. Makesure your ePHI datais secure“at rest” as well as in-transit.3. Install and regularly update virus-protection,anti-malware software on all of your staffs’mobile devices that access or storeePHI.4. Train all healthcare providers and other staffin thesecure and compliant use of ePHI on any device in any location.5. Source:
  • 18. World Leader in Digital FaxingWorld Leader in Digital Faxing 10 BYOD Best-Practices for Protecting ePHI Employ the highest levels of encryption possible for all ePHI transmitted,shared or storedanywhere.6. Demand staffimplement password protectionfor all mobile devices that access ePHI.7. Deploy next-gen security technologies suchas IDS/IPS,virtualization and application firewalls.8. Implement biometrics, suchas fingerprint readers, on portable devices thataccess ePHI.9. ImplementMobileDevice Management — includingtracking and remote wipingof any device lost or stolen.10. Source:
  • 19. World Leader in Digital FaxingWorld Leader in Digital Faxing Mobile Device Management: The Basics MDM is a process allowing IT to manage and protect mobile devices— both company owned and personal — used across the enterprise.
  • 20. World Leader in Digital FaxingWorld Leader in Digital Faxing Mobile Device Management: Six Best Practices to Enhance Your Mobile Device (BYOD) Usage and Enhance HIPAACompliance Create a dynamic inventory of mobile devices.1. Distribute and enforce password and encryption policies.2. Adopt a tracking/deactivation/remoteswipe system.3. Implement a DLPprogram.4. Maintain separation of personal & professional data on BYODs.5. Balance employee productivity with ITControl.6.
  • 21. World Leader in Digital Faxing HIPAA-compliant BYOD (Mobile Device) Faxing Use Cases Brad Spannbauer Director, Product Development eFaxCorporate®,Partofj2CloudServices
  • 22. World Leader in Digital Faxing 61% of healthcare firms cite fax as one of two top approaches to exchanging critical information. World Leader in Digital Faxing Healthcare Survey Faxing: Still a Major Communication Protocol in Healthcare
  • 23. World Leader in Digital Faxing 42% believe online fax is the most effective communication technology for HIPAA compliance. World Leader in Digital Faxing Healthcare Survey Faxing: Still a Major Communication Protocol in Healthcare
  • 24. World Leader in Digital Faxing 37% cite fax technology as the most undervalued when it comes to security and business needs. World Leader in Digital Faxing Healthcare Survey Faxing: Still a Major Communication Protocol in Healthcare
  • 25. World Leader in Digital Faxing HIPAA-Compliant Mobile Faxing with eFax Corporate® and eFax Secure™ Physician faxing image from mobile device to insurance company (Yep — HIPAACompliant!) Insurance company faxing approval for surgery (HIPAACompliant) Med staff faxing authorization to pharmacy (HIPAACompliant)
  • 26. World Leader in Digital Faxing How eFax Corporate Measures UpAsYour HIPAA-Compliant Online Fax Solution Business Associate Agreement Security Protocols Compliance & Auditability Redundancy & DR BusinessAssociateAgreements Reportingfor Compliance andAudit Redundant Data Centers with DR Strong Encryption – at-rest and in-motion
  • 27. World Leader in Digital Faxing Internet Unparalleled Cloud Fax Infrastructure 30+ Worldwide Colocations PSTN – SIP Trunk on Redundant Internet Fiber Circuits TLS Outbound Secure TLS Inbound Built on N+1 Network, Systems and Hardware Business Continuity Disaster Recovery 24/7/365 Monitoring 24/7/365 Tech Support Southeast Southwest Southwest Canada Northwest Europe
  • 28. World Leader in Digital Faxing eFax Corporate: a Leader in Cloud Services eFax Corporate is Part of Publicly-Traded j2 Global (Nasdaq; JCOM)  Market Capitalization: $3.2 Billion  More than 12 million customers worldwide  Growing in revenue for over 17 consecutive years  Unique Intellectual Property (IP) of 40+ cloud-service companies  Deepest online-fax Intellectual Property portfolio  Numerous US and foreign patents  Patents pending across a host of cloud-based communication technologies World Leader in Digital Faxing
  • 29. World Leader in Digital Faxing U.S.Sales (888)532-9265 UKSales +44(0)8707113811 www.enterprise.efax.com Q&A

Editor's Notes

  1. Hello and welcome to our webinar HIPAA-compliant faxing in a BYOD World Thank you for joining us today!
  2. I’m Michael Flavin Sr. Product Marketing Manager with eFax® Corporate, part of j2 Cloud Services I’m Joined by Brad Spannbauer, Director, Product Development, also from j2 Cloud Services™ Thank you for joining us today!
  3. Our agenda for today – is to discuss the explosive growth that has occurred with BYOD – Bring-your-own-devices programs, and the corresponding growth in healthcare apps *we’ll discuss concerns with BYOD and compliance – including common misconceptions *we’ll review some BYOD best-practices from healthcare IT thought leadership *we’ll discuss faxing in healthcare today; how it is still a key mode of communication *then Brad Spannbauer, our director of Product Development will demonstrate specific use cases showing how eFax Corporate® and eFax Secure™ can help your organization with HIPAA-compliant faxing from BYOD – or personal devices. *Finally, we’ll conclude with our Q&A: we’ve allotted time for Q&A at the end of our Webinar today; if you have questions, right hand side of your screen – feel free to pop in a question at any time. If we can’t get to you…
  4. A little housekeeping…read above (Michael)
  5. Narrative: The business case for BYOD in healthcare has been made and the upside has been great for healthcare Research from ABA shows that most physicians and healthcare staff utilize personal devices BYOD and healthcare apps Patients are now demanding the same real-time access and applications for engagement, such as appointments, test results, personal health records and confidential communications with care providers
  6. Narrative: CE’s also see improved efficiency and accuracy – another factor contributing to increased patient care. According to research from Health Management Technology: 60% of physicians avoid RX adverse drug errors through apps on BYOD devices 50% report time savings which would equate to seeing 2 more patients each day
  7. Narrative: this shift to BYOD in healthcare has resulted in a huge concern and headaches for IT professionals: How do they track all of these devices and access to sensitive patient information – ePHI How do they stay compliant with HIPAA and HITECH? Known risks of breaches: lost devices, hacks, jail breaks and stolen devices, public wi-fi, unauthorized access by rogue employees While demand for applications is being met by IT departments apple and android developers, security is still lagging in many areas -
  8. For example, the increase in BYOD and associated applications has resulted in a spike in HIPAA violations MD News – 40% since 2010 due to lost or stolen mobile devices. Some examples: Lost or stolen device – left at coffee house or restaurant (without BYOD protection) Compromised devices – malware, public wi-Fi, no password protection or encryption Unauthorized access by employees – to look at PHI of someone they’re interested in but not auth.
  9. While most covered entities have implemented some form of BYOD-enabled networks, there’s not a high level of confidence that they are secure.
  10. Narrative: To complicate this trend, there’s been a related explosion in apps supporting the healthcare market. Research shows that the apple store alone last year had over 43,000 genuine healthcare apps There are over 100,000 healthcare apps on the market; Apple has a very large share of apps in healthcare with over 43,000 apps in the apple store alone. The app market will be worth $26 billion in the US alone by 2017 (1) according to HealthIToutcomes 1) Source: HealthIToutcomes http://www.healthitoutcomes.com/doc/the-evolving-landscape-of-medical-apps-0001
  11. For example – With so many o/s’s and apps, how do CE s manage security centrally? What about use of devices at coffee house or public wi-fi? What if a device is lost or stolen, jail broken? How do we know if someone accesses epHI improperly?
  12. HIPAA privacy & security rules – covered entities must implement reasonable safeguards to limit incidental or prohibited uses and disclosures of PHI, and ePHI And…No mention of BYOD or personal devices such as iPad, iPhone or Android - There’s no specific solution identified by HHS written before security rule was done in 2003 years before iPhone, android… Puts onus on CE’s to implement reasonable measures and safeguards to protect ePHI – but what specific rules can apply to BYOD and healthcare Apps?
  13. Again, HIPAA doesn’t specific a type of encryption, however, it is a best practice to encrypt ePHI at rest and in motion. TLS encryption is the most enhanced available and should be utilized when faxing or sending information over public networks. (email).
  14. The rule further specifies that data sent over a network, if deemed at risk, Covered entity must implement technical security measures to guard against unauthorized access. The specific solution is not identified by design…it is up to the organization to implement this, if it deems necessary to protect PHI. (epHI).
  15. However: applying some of the HIPAA requirements for Privacy and Security Access Control – implement technical policies and procedures…maintain epHI, allow access only to those who have been granted access – Examples are strong passwords, timeout screen savers, mutli-factor authentication Transmission Security – a CE must implement technical security measures to guard against unauthorized access of ePHI over an electronic network. Strong encryption such as TLS in transit – to protect against breach over public networks (e.g. coffe house, public Wi-fi) Internet. Data Encryption – where reasonable and appropriate – implement mechanism to encrypted and decryption – ePHI. Data at rest should be password protected and encrypted. Encryption of data at rest is a best practice and renders ePHI unusable to would-be hackers or criminals. AES 256-bit encryption is a strong standard according to NIST. Audit Control – procedural mechanisms to record and examine activity in the systems containing ePHI. Who has accessed data, what data and when? What data left the network and to whom was it disclosed? Was data deleted, altered or destroyed.
  16. Because of the lack of language in the HIPAA Security Rule about BYOD-specific devices, there’s some common misconceptions that could put your employees or organization at risk of a reportable event or data breach. #1 Call/Answer: just because apps are compliant, doesn’t mean they’re used in a compliant manner. For example, if an employee uses public wi-fi or reception area accidentally exposes PC window with info to 3rd party. #2 call/Answer: Not true: an employee’s actions can cause your organization to be fined – whether it was intentional or unintentional. #3 call/Answer: password protection is one piece of a layered BYOD approach. For example – if the screenlock was not enforced, a password protected device is useless. If ePHI is on the device, should it have been encrypted? Again, it’s up to the covered entity to implement reasonable measures and mechanisms to protect ePHI – answer is yes. #4 Call/Answer: having policies, procedures, and proper admin, physical, technical and organizational safeguards in place are required by HIPAA, but employee training is key to ensure they understand the rules and they are enforced! For instance, an employee at the front desk with a big screen exposing ePHI to others behind the current patient – would be a HIPAA violation! #5 Call/Answer: having a BAA in place does NOT mean you’re compliant, OR shift liability to a 3dr party vendor. It’s a shared liability. So, it’s even more important to fully vet any vendor or application that purports itself to be HIPAA compliant. A BAA is required, but, like with P&P, it does not equal security or a plan.
  17. 1. Define, document all policies and procedures – train, inform and enforce! 2. Create list of all allowed BYOD devices 3. As a best practices and to be compliant, encrypt ePHI 4. Implement centrally managed protection software 5. Training in compliant use of apps – don’t assume employees will do or know the right thing
  18. 6. Encrypt data to make it useless to hackers if they are able to gain acess 7. Strong password protection with timeouts 8. Deploy Intrusion Detection and Prevention tech – firewalls, software – identify and triage breaches 9. Implement biometrics or other multi-factor authentication 10. Utilize MDM (mobile device management) technologies – which can help you: centrally manage, deploy and update all software, apps and permissions. Separate personal from business data (ePHI for example from gmail) Enable provisioning and remote wipe in case of lost or stolen device
  19. There are many MDM solutions out there – offering robust BYOD protection, tracking and remote wipe capability. Just a few of the capabilities – to enhance compliance This software enables IT to centrally manage all BYOD devices in inventory Provides ability to separate company data from personal data Provides for encryption of any PHI stored on devices GPS remote locate Remote wiping if lost Provisioning of approved apps centrally
  20. Another key differentiator about eFax Corporate® is that faxing is our core business The eFax Corporate® has a geographically disperse, global network with Tier III and Tier IV colocations, providing a 99.5% uptime, rapid delivery times and unparalleled transmission security.
  21. A little about j2: eFax Corporate® is part of j2 Cloud Services™ Specialization in cloud applications to help businesses be more productive HQ – Hollywood CA Tier III & Tier IV geographically redundant data centers around the world We’re an enterprise company with the infrastructure and scale to support many of the fortune 500 companies worldwide Significant IP/patents relating to cloud services