The document discusses pseudonymization techniques for secondary use of patient data. It outlines various pseudonymization methods like encryption, linked lists, and randomization, each with tradeoffs. It also describes preparing data and establishing a new safe haven to support functions like derivation, validation, linkage and re-identification while maintaining privacy. Maintaining robust key management and access controls is important for any pseudonymization approach.
ControlCase discusses the following:
- What is Data Discovery
- Why Data Discovery
- PCI DSS requirements
- Need for Data Discovery in the context of PCI DSS
- Challenges in the Data Discovery space
ControlCase discusses the following:
- About the cloud
- About PCI DSS - PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe HarborRay Potter
HIPAA’s Safe Harbor provision is well-known: If PHI is encrypted so that it's unusable, unreadable, or indecipherable to unauthorized individuals, breach notifications aren’t required. However, the U.S. government considers that encryption not validated by NIST to FIPS 140-2 standards is the equal of plaintext. In other words, healthcare providers are rarely in full compliance with the federal benchmark. While governing bodies have been overlooking this incongruity, it is inevitable that the FIPS 140-2 cryptographic standard will be imposed on healthcare providers in the near future. This presentation will prepare attendees for this major hurdle.
ControlCase discusses the following:
- Requirements for PCI DSS, EI3PA, HIPAA, Business Associates, FFIEC and Banking Service Providers
- What is Vendor Management
- Why is Continual Compliance a challenge in Vendor Management
- How to mix technology and manual processes for effective Vendor Management
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
ControlCase discusses the following:
- What is Log Management and FIM
- PCI DSS, EI3PA, ISO 27001 requirements
- Log Management and regulation requirements/ mapping
- File Integrity
ControlCase discusses the following:
- What is Data Discovery
- Why Data Discovery
- PCI DSS requirements
- Need for Data Discovery in the context of PCI DSS
- Challenges in the Data Discovery space
ControlCase discusses the following:
- About the cloud
- About PCI DSS - PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
Unsafe Harbor - Tailoring Encryption to Meet HIPAA and Safe HarborRay Potter
HIPAA’s Safe Harbor provision is well-known: If PHI is encrypted so that it's unusable, unreadable, or indecipherable to unauthorized individuals, breach notifications aren’t required. However, the U.S. government considers that encryption not validated by NIST to FIPS 140-2 standards is the equal of plaintext. In other words, healthcare providers are rarely in full compliance with the federal benchmark. While governing bodies have been overlooking this incongruity, it is inevitable that the FIPS 140-2 cryptographic standard will be imposed on healthcare providers in the near future. This presentation will prepare attendees for this major hurdle.
ControlCase discusses the following:
- Requirements for PCI DSS, EI3PA, HIPAA, Business Associates, FFIEC and Banking Service Providers
- What is Vendor Management
- Why is Continual Compliance a challenge in Vendor Management
- How to mix technology and manual processes for effective Vendor Management
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
ControlCase discusses the following:
- What is Log Management and FIM
- PCI DSS, EI3PA, ISO 27001 requirements
- Log Management and regulation requirements/ mapping
- File Integrity
PCI DSS Compliance for Web ApplicationsSavan Gadhiya
This presentation includes basics of PCI DSS compliance.
Presented at Null Ahmedabad Meet: https://www.null.co.in/events/485-ahmedabad-null-ahmedabad-meet-16-september-2018-monthly-meet
Join upcoming Null Ahmedabad events:
https://www.null.co.in/chapters/17-ahmedabad
This slideshow discusses the following:
- About the cloud
- About PCI DSS
- PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
- Q&A
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu
Sarah Backhouse, Product Manager for Jadu Continuum CMS presented an easy to follow guide on GDPR at Jadu Academy in Scotland in November 2017. The guide helps you understand the key areas Website Owners and managers and Digital Service Managers can manage compliance with GDPR.
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Securing access to high performing API in a regulated environment
Subhabrata Chatterjee, Architect and Chapter Lead - Cloud at Danske IT Services
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Codemotion
L’Application Economy obbliga l’IT a correre alla stessa velocità del business. Nel contempo l’entrata in vigore di nuove stringenti normative in ambito sicurezza impone l’adeguamento del Software Delivery LifeCycle affinché queste possano essere implementate e testate già dalle fasi iniziale dello sviluppo, ottimizzando i tempi di delivery e minimizzando il time to market.
ControlCase Data Discovery (CDD) addresses the risk of having encrypted, unknown, or otherwise prohibited cardholder data in your operational environment. It is one of the first comprehensive scanners to not only search for credit card data in file systems, but also in leading commercial and open source databases.
Enabling trust in distributed eHealth applications
This talk was given at the "Trust in the Digital World" conference, organized by eema on 8th April, 2014 in Vienna.
AGENDA:
- About PCI DSS, ISO 27001, NERC, HIPAA, FISMA and EI3PA
- Best Practices and Cloud Implications for Integrated Compliance within IT Standards/Regulations
- Challenges in the Integrated Compliance Space
- Q&A
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
This presentation covers security principles for On-Premise organizations, security principles in the Cloud including Azure Deployment and Azure Build Services, and Environment Monitoring.
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
- What is Log Management and FIM
- PCI DSS, EI3PA, ISO 27001 requirements
- Log Management and regulation requirements/ mapping
- File Integrity Monitoring and regulation requirements/ mapping
- Challenges
- About PCI DSS, ISO 27001, NERC, HIPAA, FISMA and EI3PA
- Best Practices and Cloud Implications for Comprehensive Compliance within IT Standards/Regulations
- Challenges in the Comprehensive Compliance Space
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
In a recent survey of IBM Power Systems users, 52% state they are focusing security investments on compliance auditing and reporting while 28% said they anticipate increased regulatory complexity as a security challenge for the remainder of the year.
Do you need to accelerate compliance for your IBM i systems? Whether it be for PCI, SOX, GDPR or other regulations, view this 15-minute webcast on-demand to learn more about:
• The importance of security risk assessments for compliance
• Implementing compliance policies that align with regulations
• Generating reports and alerts that flag compliance issues
• Trade-offs between do-it-yourself and third-party solutions
PCI DSS Compliance for Web ApplicationsSavan Gadhiya
This presentation includes basics of PCI DSS compliance.
Presented at Null Ahmedabad Meet: https://www.null.co.in/events/485-ahmedabad-null-ahmedabad-meet-16-september-2018-monthly-meet
Join upcoming Null Ahmedabad events:
https://www.null.co.in/chapters/17-ahmedabad
This slideshow discusses the following:
- About the cloud
- About PCI DSS
- PCI DSS in the cloud
- How to keep sensitive data secure as you move to the cloud
- Q&A
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu
Sarah Backhouse, Product Manager for Jadu Continuum CMS presented an easy to follow guide on GDPR at Jadu Academy in Scotland in November 2017. The guide helps you understand the key areas Website Owners and managers and Digital Service Managers can manage compliance with GDPR.
apidays LIVE New York 2021 - Securing access to high performing API in a regu...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Securing access to high performing API in a regulated environment
Subhabrata Chatterjee, Architect and Chapter Lead - Cloud at Danske IT Services
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Codemotion
L’Application Economy obbliga l’IT a correre alla stessa velocità del business. Nel contempo l’entrata in vigore di nuove stringenti normative in ambito sicurezza impone l’adeguamento del Software Delivery LifeCycle affinché queste possano essere implementate e testate già dalle fasi iniziale dello sviluppo, ottimizzando i tempi di delivery e minimizzando il time to market.
ControlCase Data Discovery (CDD) addresses the risk of having encrypted, unknown, or otherwise prohibited cardholder data in your operational environment. It is one of the first comprehensive scanners to not only search for credit card data in file systems, but also in leading commercial and open source databases.
Enabling trust in distributed eHealth applications
This talk was given at the "Trust in the Digital World" conference, organized by eema on 8th April, 2014 in Vienna.
AGENDA:
- About PCI DSS, ISO 27001, NERC, HIPAA, FISMA and EI3PA
- Best Practices and Cloud Implications for Integrated Compliance within IT Standards/Regulations
- Challenges in the Integrated Compliance Space
- Q&A
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
This presentation covers security principles for On-Premise organizations, security principles in the Cloud including Azure Deployment and Azure Build Services, and Environment Monitoring.
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
- What is Log Management and FIM
- PCI DSS, EI3PA, ISO 27001 requirements
- Log Management and regulation requirements/ mapping
- File Integrity Monitoring and regulation requirements/ mapping
- Challenges
- About PCI DSS, ISO 27001, NERC, HIPAA, FISMA and EI3PA
- Best Practices and Cloud Implications for Comprehensive Compliance within IT Standards/Regulations
- Challenges in the Comprehensive Compliance Space
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
In a recent survey of IBM Power Systems users, 52% state they are focusing security investments on compliance auditing and reporting while 28% said they anticipate increased regulatory complexity as a security challenge for the remainder of the year.
Do you need to accelerate compliance for your IBM i systems? Whether it be for PCI, SOX, GDPR or other regulations, view this 15-minute webcast on-demand to learn more about:
• The importance of security risk assessments for compliance
• Implementing compliance policies that align with regulations
• Generating reports and alerts that flag compliance issues
• Trade-offs between do-it-yourself and third-party solutions
In this 45 minute webinar ControlCase will discuss the following in the context of PCI DSS and PA DSS
- Network Segmentation
- Card Data Discovery
- Vulnerability Scanning and Penetration Testing
- Card Data Storage in Memory
- Q&A
Shaping the Future of Trusted Digital IdentityNoreen Whysel
May 2019 presentation by Noreen Whysel to the CARIN Technology Committee. Discusses the Identity Ecosystem Framework Registry (idefregistry.org) and proposed health data use cases for potential trusted identity API for healthcare.
The Next Gen Auditor - Auditing through technological disruptionsBharath Rao
Presentation on the risks and my ideas of audit procedures that can be executed to processes that involve technological disruptions incorporated by businesses.
This presentation consists of the newer technological risks that are to be considered by audit professionals during their audit engagements.
Thoughts and points of views are welcome to mailme@bharathraob.com
How MongoDB is Transforming Healthcare TechnologyMongoDB
Healthcare providers continue to feel increased margin pressure, due to both macro-economic factors as well as significant regulatory change. In response to these pressures, leading healthcare organizations are leveraging new technologies to increase quality of care while simultaneously reducing costs.
In this session, we'll cover:
- How MongoDB has enabled successful real world projects with EHR / EMR in the healthcare industry
- How MongoDB allows providers to create a single view in order to collect patient information from multiple systems
- The challenges with healthcare data collection and how MongoDB handles various data types, HIPAA/PII and hybrid deployments
PCI stands for “Payment Card Industry”. which is comprised of representatives from the major card brands (Visa, MasterCard, American Express, Discover, JCB etc.) who came together to set minimum security requirements for protecting cardholder data.
To achieve this, they wrote a framework of security controls known as the PCI DSS. They wrote a number of other directives but this is the main one that applies to the majority of businesses.
The PCI DSS consists of six goals, 12 requirements and 286 controls and must be implemented by any business that processes, stores or transmits credit or debit card holder data. The requirement for PCI DSS compliance is stated in your agreement with the bank that issues you a merchant identification. Your business is required to certify compliance to your bank upon achieving it and annually thereafter. The banks report your compliance to the PCI SCC and can issues fines for non-compliance.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
PCI DSS Compliance can be very challenging for businesses, especially when they are expected to meet the stringent standard requirements. They are constantly under the pressure of being compliant and struggle to keep up with the compliance challenges. Addressing this challenge, VISTA InfoSec hosted a very informative webinar on “Reducing Cardholder Data Footprint with Tokenization and other Techniques” that provides details on various techniques to reduce the scope of compliance. The webinar highlights different techniques that can be implemented to reduce the scope of Compliance by limiting the Cardholder Data footprint in the environment.
If you find this video interesting and wish to learn more about different techniques or have any queries regarding the same, then do drop us a comment in the comment section below. We would be more than happy to educate you on it and clear all your doubts. You can subscribe to our channel for more videos on Information Security and Compliance Standards. Do like, share, and comment on our video, if you find it informative and useful to you.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
3. • Legal / Information Governance
• Cryptography
• Sector Specific Knowledge – NHS Local/National
• World Wide Standards – ISO
• Technical Systems – Data, Architecture, Platforms
Modules would include…
4. Secondary data uses could include
• Research Purposes
• Audits
• Service Management
• Commissioning
• Contract Monitoring and Reporting
[Sector Knowledge]
5. • name
• address
• date of birth
• postcode
• nhs number
• ethnic category
• local patient identifier
• patient pathway identifier
• spell id
• unique booking reference number
• social service client number
[Sector Knowledge, Data]
6. • People
• Those who had access to PID previously
• Introduction of RBAC
• PID (and non PID) access should be auditable
• Creating more-conscious users
• Business Processes
• Establishment of New Safe Haven
• Business processes previously dependent on PID
• Compliance with IG toolkit level 2
[Sector Knowledge, Local]
7. Source Data (NHS Number = 1111122222)
Encryption Linked List Randomise
Column
Transpose
Surrogates
NHS Number = 0x1965E2B11C761….
NHS Number = 1011211 NHS Number = 01/12/2008
NHS Number = 1011211
NHS Number Pseud
1111122222 1011211
NHS Number Pseud
1111122222 01/12/2008
Multi
Pseud
Unique
PseudKey
[Technical]
8. + Robust
- Key Management
Encryption Linked List Randomise
Column
Transpose
Surrogates
+ Pseudonym Reuse
- Easily compromised
(if simple list)
+ Pseudonym Reuse
- Highly Identifiable
+ Easy to implement
- Easily compromised
Source Data (NHS Number = 1111122222)
Multi
Pseud
Unique
PseudKey
[Technical]
10. New Safe Haven Boundary
Clear Data Pseudo Data
Supports
• Derivation
• Validation
Supports
• Linkage
• De-ID
• Re-ID
[Technical, Information Governance, Sector Knowledge]
11. • Pseudonymisation applies to secondary data only
• Various techniques used for pseudonymisation –
• Encryption
• Linked list
• Randomisation
• Each technique has a trade off
• Data can be prepared in different ways
• New Safe Haven supports many functions
• Audit is a mandatory requirement
• Many solutions – from integrated components to enterprise self
service to open source solutions
Contact Details
www.oka-bi.co.uk
David@oka-bi.co.uk
01926 800218
Editor's Notes
Check Mike height
Drink water
Breathe
Go thru , points 1 – 7 and then ask questions
Show of hands for those that have been involved in pseudonymisation programmes
Show of hands for those who feel that it is complicated
“Thank you, this leads nicely to the next slide”
