SlideShare a Scribd company logo

Security and Privacy in SharePoint 2010: Healthcare

Marie-Michelle Strah, PhD
Marie-Michelle Strah, PhD

The document discusses security and privacy considerations for implementing SharePoint 2010 in healthcare organizations. It outlines regulations like HIPAA and HITECH that govern privacy and security of personal health information. It recommends planning permissions, access controls, encryption and other technical, physical and administrative safeguards. The document also recommends using SharePoint as part of a connected health framework and involving privacy experts when implementing SharePoint solutions that handle protected health information.

TechnologyBusiness
1 of 26
Download to read offline
Security and Privacy in SharePoint 2010: Healthcare Marie-Michelle Strah, PhD Richmond SharePoint User Group August 31, 2011
http://lifeincapslock.com http://www.sswug.org/usercenter/profile.aspx?id=563806 www.broadpoint.net http://www.meetup.com/fedspug-wspdc
Objectives • ARRA/HITECH: INFOSEC and connected health information • Reference models: security, enterprise architecture and compliance for healthcare • Overview of privacy and security in SharePoint Server 2010
Planning for Security and the “Black Swan”
Privacy • Data (opt in/out) • PHI • PII “Black Swans” • Consumer Engagement • Business Associates
������ ������ ������ = (������ ∗ ������ ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
From HIPAA to HITECH… • Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936) • The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on February 17, 2009 • American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115)
������ ������ ������ = (������ ∗ ������ ) do the HITECH math… Application of HIPAA Security Standards to Business “Business Associates”: Associates • Legal 42 USC §17931 • Accounting • Administrative New Security Breach • Claims Processing Requirements • Data Analysis 42 USC §17932(j) • QA • Billing Electronic Access Mandatory for 45 CFR §160.103 Patients 42 USC 17935(e) Consumer Engagement Prohibited Sale of PHI without Patient Authorization 42 USC §17935(d)
ONC (Office of the National Coordinator for Healthcare IT) • Health Information Exchange (HIE) • Accountable Care Organizations (ACO) • “Meaningful Use” • Interoperability • Service Oriented Architecture (SOA) Models for Healthcare Information Technology • Certification (ANSI) June 2011 • Conformance Testing (NIST)
Microsoft Connected Health Framework Business and Technical Framework (Joint Architecture)
Electronic Healthcare = Complexity Increases Opportunity for “Black Swans” (Security and Privacy Risk)
SOA “Hub” Model reduces complexity and variability while maintaining collaboration and interoperability
Codeplex: Health Connection Engine http://hce.codeplex.com/ • SOA • “Plug and Play” • Message represent clinical events, not data items • EHR data federated • Connection to existing messaging infrastructures
SharePoint 2010 as part of a Connected Health Framework • NOT a standalone solution • Technical barriers • Data barriers • Staffing barriers Office Business Applications (Office and SharePoint) as part of healthcare information architecture
Security Architecture – SPS2010 UPM Hardware Authorization Services Business Connectivity Authentication Permissions Data Level Endpoint Federated ID Security Security Security Classic/Claims Groups LOB Integration Mobile IIS/STS Remote ������ ������ ������ = (������ ∗ ������ )
Behavioral Factors: Security Architecture – SPS2010 • #hcsm • User population challenges -healthcare/providers -business associates • “Prurient interest” ������ ������ ������ = (������ ∗ ������ )
Why data security and privacy should matter to your SharePoint Administrator… Unfortunately, security and governance are absent in many cases Jay Simcox: Proactive vs. reactive approach • https://www.nothingbutsharepoint.com/sites/eusp/Pages/sharepoint-data- security-and-privacy-information-why-should-it-matter-to-you.aspx
Security Planning and SharePoint 2010 • Encryption • Data at rest/data in motion • Perimeter topologies • Segmentation and compartmentalization of PHI/PII (logical and physical) • Wireless (RFID/Bluetooth) • Business Continuity • Backup and Recovery
Security Planning and SharePoint 2010 • Plan permission levels and groups (least privileges) – providers and business associates • Plan site permissions • Fine-grained permissions (item-level) • Security groups (custom) • Contribute permissions
Additional Security Planning Considerations (SharePoint 2010) • Content types (PHI/PII) • ECM/OCR • Business Connectivity Services and Visio Services (external data sources) – Excel, lists, SQL, custom data providers – Integrated Windows with constrained Kerberos • Metadata and tagging (PHI/PII) • Blogs and wikis (PHI)
SharePoint 2010: Identity and Access Management in Healthcare • SharePoint as enabler for healthcare: – Access tracking and audits – Access controls • Recommend: third party tools (ControlPoint, AvePoint, etc.) • Recommend: IAM Solutions – Mobility – Workstations/Proximity
Best Practices - Prevention • Involve HIPAA specialists early in the planning process. (This is NOT an IT problem) • Consider removing PHI from the equation. (Compartmentalization and segregation) • Evaluate the outsourcing option. (Example: FPWeb) • Look to experts to help with existing implementations. (Domain expertise in healthcare and clinical workflow as well as HIPAA/HITECH privacy and security) • Use connected health framework reference model and other HC specific applications (Dynamics CRM for Patient Relationship Management/Case Management, HealthVault, Amalga, IAM)
Adapting the Joint Commission Continuous Process Improvement Model… Plan • Technical, Physical, Administrative Safeguards Document • Joint Commission, Policies, Procedures, IT Governance Train • Clinical, Administrative and Business Associates Track • Training, Compliance, Incidents, Access…. everything Review • Flexibility, Agility, Architect for Change
Case Studies • SharePoint 2007 Upgrade – Behavioral Health • SharePoint 2010 and Clinical Trial Data – Research (Biotech and Pharma) • Patient Relationship Management (Consumer Engagement) – SharePoint 2010 and CRM
Questions?
http://lifeincapslock.com http://www.sswug.org/usercenter/profile.aspx?id=563806 www.broadpoint.net http://www.meetup.com/fedspug-wspdc

Recommended

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
Marie-Michelle Strah, PhD
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
Marie-Michelle Strah, PhD
 
EnterpriseCollaboration_SolutionOverview_06Jun2016
EnterpriseCollaboration_SolutionOverview_06Jun2016EnterpriseCollaboration_SolutionOverview_06Jun2016
EnterpriseCollaboration_SolutionOverview_06Jun2016Wesley Veitch
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
Don Daubert
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Gluu
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Gene Kim
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
Hexnode
 
Making Your E Biz Legal
Making Your E Biz LegalMaking Your E Biz Legal
Making Your E Biz Legallegalinfo
 

Recommended

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
Marie-Michelle Strah, PhD
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
Marie-Michelle Strah, PhD
 
EnterpriseCollaboration_SolutionOverview_06Jun2016
EnterpriseCollaboration_SolutionOverview_06Jun2016EnterpriseCollaboration_SolutionOverview_06Jun2016
EnterpriseCollaboration_SolutionOverview_06Jun2016Wesley Veitch
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
Don Daubert
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Gluu
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
Gene Kim
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
Hexnode
 
Making Your E Biz Legal
Making Your E Biz LegalMaking Your E Biz Legal
Making Your E Biz Legallegalinfo
 
CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT Security
Haluk Demirkan
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
NextLabs, Inc.
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Need of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless EnterpriseNeed of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless Enterprise
hardik soni
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
Hitachi ID Systems, Inc.
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
OracleIDM
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC
NextLabs, Inc.
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Accenture
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
NextLabs, Inc.
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery
Prof. Jacques Folon (Ph.D)
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
Entrust Datacard
 
Con8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade finalCon8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade final
OracleIDM
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
OracleIDM
 
EDW Webinar: Designing Master Data Services for Application Integration
EDW Webinar: Designing Master Data Services for Application IntegrationEDW Webinar: Designing Master Data Services for Application Integration
EDW Webinar: Designing Master Data Services for Application Integration
DATAVERSITY
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthrough
siddarthc
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
Anil Pandey
 
Identity Management
Identity ManagementIdentity Management
Identity Management
Venkatesh Jambulingam
 
IntraLinks Company Overview
IntraLinks Company OverviewIntraLinks Company Overview
IntraLinks Company Overviewtillbrennan
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoTnsangary
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Twitter ppt18.12.2010
Twitter ppt18.12.2010Twitter ppt18.12.2010
Twitter ppt18.12.2010
dianabhathena
 
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Neil Horowitz
 

More Related Content

What's hot

CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT Security
Haluk Demirkan
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
NextLabs, Inc.
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
Intel IT Center
 
Need of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless EnterpriseNeed of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless Enterprise
hardik soni
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
Hitachi ID Systems, Inc.
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
OracleIDM
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC
NextLabs, Inc.
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Accenture
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
NextLabs, Inc.
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery
Prof. Jacques Folon (Ph.D)
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
Entrust Datacard
 
Con8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade finalCon8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade final
OracleIDM
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
OracleIDM
 
EDW Webinar: Designing Master Data Services for Application Integration
EDW Webinar: Designing Master Data Services for Application IntegrationEDW Webinar: Designing Master Data Services for Application Integration
EDW Webinar: Designing Master Data Services for Application Integration
DATAVERSITY
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthrough
siddarthc
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
Anil Pandey
 
Identity Management
Identity ManagementIdentity Management
Identity Management
Venkatesh Jambulingam
 
IntraLinks Company Overview
IntraLinks Company OverviewIntraLinks Company Overview
IntraLinks Company Overviewtillbrennan
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoTnsangary
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 

What's hot (20)

CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT Security
 
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
Using Microsoft Dynamic Access Control to create Information Barriers for SEC...
 
Intel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management JourneyIntel IT's Identity and Access Management Journey
Intel IT's Identity and Access Management Journey
 
Need of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless EnterpriseNeed of Adaptive Authentication in defending the borderless Enterprise
Need of Adaptive Authentication in defending the borderless Enterprise
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
 
Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC Requirements for Implementing Data-Centric ABAC
Requirements for Implementing Data-Centric ABAC
 
Veriphyr bright talk 20120523
Veriphyr bright talk 20120523Veriphyr bright talk 20120523
Veriphyr bright talk 20120523
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Con8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade finalCon8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade final
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
EDW Webinar: Designing Master Data Services for Application Integration
EDW Webinar: Designing Master Data Services for Application IntegrationEDW Webinar: Designing Master Data Services for Application Integration
EDW Webinar: Designing Master Data Services for Application Integration
 
Seclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder WalkthroughSeclore FileSecure HotFolder Walkthrough
Seclore FileSecure HotFolder Walkthrough
 
8 i internet_security
8 i internet_security8 i internet_security
8 i internet_security
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
IntraLinks Company Overview
IntraLinks Company OverviewIntraLinks Company Overview
IntraLinks Company Overview
 
The Weakest Point of Security in IoT
The Weakest Point of Security in IoTThe Weakest Point of Security in IoT
The Weakest Point of Security in IoT
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 

Viewers also liked

Twitter ppt18.12.2010
Twitter ppt18.12.2010Twitter ppt18.12.2010
Twitter ppt18.12.2010
dianabhathena
 
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Neil Horowitz
 
American Tales of Social Justice Engagement
American Tales of Social Justice EngagementAmerican Tales of Social Justice Engagement
American Tales of Social Justice Engagement
Australian Centre for Student Equity and Success
 
Sundance Vacations and Travel Advantage Network Case Study
Sundance Vacations and Travel Advantage Network Case StudySundance Vacations and Travel Advantage Network Case Study
Sundance Vacations and Travel Advantage Network Case Study
soapbox
 
Edicto 2013
Edicto 2013Edicto 2013
Edicto 2013
mauricio benitez
 
My hoilday picture album
My hoilday picture albumMy hoilday picture album
My hoilday picture album
andrewtanrui
 
5 Charitable Gifts You Can Buy for the Price of an iPhone 5S
5 Charitable Gifts You Can Buy for the Price of an iPhone 5S5 Charitable Gifts You Can Buy for the Price of an iPhone 5S
5 Charitable Gifts You Can Buy for the Price of an iPhone 5S
Mashable
 
Suco de Clorofila do Programa Terrapia
Suco de Clorofila do Programa TerrapiaSuco de Clorofila do Programa Terrapia
Suco de Clorofila do Programa Terrapiafss77
 
The Global Goals for Sustainable Development: The world's most important bran...
The Global Goals for Sustainable Development: The world's most important bran...The Global Goals for Sustainable Development: The world's most important bran...
The Global Goals for Sustainable Development: The world's most important bran...
Brandwatch
 
[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle
[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle
[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle
GreenLabCenter
 
Newsworks E.ON effectiveness
Newsworks E.ON effectivenessNewsworks E.ON effectiveness
Newsworks E.ON effectiveness
Newsworks
 
Testing/Manufacture/Izod Impact Tester For Metal Testing
Testing/Manufacture/Izod Impact Tester For Metal TestingTesting/Manufacture/Izod Impact Tester For Metal Testing
Testing/Manufacture/Izod Impact Tester For Metal Testing
fec2020
 
Mind the Gap - State of the Browser 2015
Mind the Gap - State of the Browser 2015Mind the Gap - State of the Browser 2015
Mind the Gap - State of the Browser 2015
Christian Heilmann
 
Generation digital – Was der digitale Automobilkunde heute von Herstellern un...
Generation digital – Was der digitale Automobilkunde heute von Herstellern un...Generation digital – Was der digitale Automobilkunde heute von Herstellern un...
Generation digital – Was der digitale Automobilkunde heute von Herstellern un...
Iskander Business Partner GmbH
 
Flat design for a non flat world
Flat design for a non flat worldFlat design for a non flat world
Flat design for a non flat worldGregory Raiz
 
A avaliação deve orientar a aprendizagem
A avaliação deve orientar a aprendizagemA avaliação deve orientar a aprendizagem
A avaliação deve orientar a aprendizagemRoberto Costa
 
Posten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT TransitionPosten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT Transition
Capgemini
 

Viewers also liked (19)

Twitter ppt18.12.2010
Twitter ppt18.12.2010Twitter ppt18.12.2010
Twitter ppt18.12.2010
 
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
Sam Laird of Mashable on the Digital and Social Media Sports Podcast, episode 4
 
Pourquoi MOI.4
Pourquoi MOI.4Pourquoi MOI.4
Pourquoi MOI.4
 
American Tales of Social Justice Engagement
American Tales of Social Justice EngagementAmerican Tales of Social Justice Engagement
American Tales of Social Justice Engagement
 
Sundance Vacations and Travel Advantage Network Case Study
Sundance Vacations and Travel Advantage Network Case StudySundance Vacations and Travel Advantage Network Case Study
Sundance Vacations and Travel Advantage Network Case Study
 
Edicto 2013
Edicto 2013Edicto 2013
Edicto 2013
 
My hoilday picture album
My hoilday picture albumMy hoilday picture album
My hoilday picture album
 
5 Charitable Gifts You Can Buy for the Price of an iPhone 5S
5 Charitable Gifts You Can Buy for the Price of an iPhone 5S5 Charitable Gifts You Can Buy for the Price of an iPhone 5S
5 Charitable Gifts You Can Buy for the Price of an iPhone 5S
 
Suco de Clorofila do Programa Terrapia
Suco de Clorofila do Programa TerrapiaSuco de Clorofila do Programa Terrapia
Suco de Clorofila do Programa Terrapia
 
The Global Goals for Sustainable Development: The world's most important bran...
The Global Goals for Sustainable Development: The world's most important bran...The Global Goals for Sustainable Development: The world's most important bran...
The Global Goals for Sustainable Development: The world's most important bran...
 
[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle
[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle
[WEBINAR] Kaliterre : 10 raisons d'intégrer l'éco-conception logicielle
 
Koshkin The ballads
Koshkin The balladsKoshkin The ballads
Koshkin The ballads
 
Newsworks E.ON effectiveness
Newsworks E.ON effectivenessNewsworks E.ON effectiveness
Newsworks E.ON effectiveness
 
Testing/Manufacture/Izod Impact Tester For Metal Testing
Testing/Manufacture/Izod Impact Tester For Metal TestingTesting/Manufacture/Izod Impact Tester For Metal Testing
Testing/Manufacture/Izod Impact Tester For Metal Testing
 
Mind the Gap - State of the Browser 2015
Mind the Gap - State of the Browser 2015Mind the Gap - State of the Browser 2015
Mind the Gap - State of the Browser 2015
 
Generation digital – Was der digitale Automobilkunde heute von Herstellern un...
Generation digital – Was der digitale Automobilkunde heute von Herstellern un...Generation digital – Was der digitale Automobilkunde heute von Herstellern un...
Generation digital – Was der digitale Automobilkunde heute von Herstellern un...
 
Flat design for a non flat world
Flat design for a non flat worldFlat design for a non flat world
Flat design for a non flat world
 
A avaliação deve orientar a aprendizagem
A avaliação deve orientar a aprendizagemA avaliação deve orientar a aprendizagem
A avaliação deve orientar a aprendizagem
 
Posten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT TransitionPosten Norge Achieves Economies of Scale through Efficient IT Transition
Posten Norge Achieves Economies of Scale through Efficient IT Transition
 

Similar to Security and Privacy in SharePoint 2010: Healthcare

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
Marie-Michelle Strah, PhD
 
Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...
DataWorks Summit
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and Security
Marie-Michelle Strah, PhD
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & Security
Brian Ahier
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
BigDataEverywhere
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Edge Pereira
 
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthConnecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
Prolifics
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
Bob Rhubart
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risks
Liming Zhu
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Danny Miller
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinal
Alan Hartman
 
Share point encryption
Share point encryptionShare point encryption
Share point encryptioncsmith2009
 
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...Stichting ePortfolio Support
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Denodo
 
Data Virtualization: Introduction and Business Value (UK)
Data Virtualization: Introduction and Business Value (UK)Data Virtualization: Introduction and Business Value (UK)
Data Virtualization: Introduction and Business Value (UK)
Denodo
 
6 aproaches
6 aproaches6 aproaches
6 aproaches
adeel hamid
 
KASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data VirtualizationKASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
Denodo
 

Similar to Security and Privacy in SharePoint 2010: Healthcare (20)

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and Security
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & Security
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
 
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthConnecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risks
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinal
 
Share point encryption
Share point encryptionShare point encryption
Share point encryption
 
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
Square Pegs In Round Holes: Rethinking Data Availability in the Age of Automa...
 
Data Virtualization: Introduction and Business Value (UK)
Data Virtualization: Introduction and Business Value (UK)Data Virtualization: Introduction and Business Value (UK)
Data Virtualization: Introduction and Business Value (UK)
 
6 aproaches
6 aproaches6 aproaches
6 aproaches
 
KASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data VirtualizationKASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
 
Next_Gen_Overview
Next_Gen_OverviewNext_Gen_Overview
Next_Gen_Overview
 

More from Marie-Michelle Strah, PhD

Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Marie-Michelle Strah, PhD
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
Marie-Michelle Strah, PhD
 
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...Marie-Michelle Strah, PhD
 
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Marie-Michelle Strah, PhD
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Marie-Michelle Strah, PhD
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
Marie-Michelle Strah, PhD
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Marie-Michelle Strah, PhD
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePoint
Marie-Michelle Strah, PhD
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical Command
Marie-Michelle Strah, PhD
 
Case Study for a SharePoint SDLC
Case Study for a SharePoint SDLCCase Study for a SharePoint SDLC
Case Study for a SharePoint SDLC
Marie-Michelle Strah, PhD
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Marie-Michelle Strah, PhD
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Marie-Michelle Strah, PhD
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare Outcomes
Marie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Marie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Marie-Michelle Strah, PhD
 

More from Marie-Michelle Strah, PhD (15)

Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
 
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
 
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePoint
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical Command
 
Case Study for a SharePoint SDLC
Case Study for a SharePoint SDLCCase Study for a SharePoint SDLC
Case Study for a SharePoint SDLC
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare Outcomes
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
 

Recently uploaded

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 

Recently uploaded (20)

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 

Security and Privacy in SharePoint 2010: Healthcare

  • 1. Security and Privacy in SharePoint 2010: Healthcare Marie-Michelle Strah, PhD Richmond SharePoint User Group August 31, 2011
  • 2. http://lifeincapslock.com http://www.sswug.org/usercenter/profile.aspx?id=563806 www.broadpoint.net http://www.meetup.com/fedspug-wspdc
  • 3. Objectives • ARRA/HITECH: INFOSEC and connected health information • Reference models: security, enterprise architecture and compliance for healthcare • Overview of privacy and security in SharePoint Server 2010
  • 4. Planning for Security and the “Black Swan”
  • 5. Privacy • Data (opt in/out) • PHI • PII “Black Swans” • Consumer Engagement • Business Associates
  • 6. ������ ������ ������ = (������ ∗ ������ ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
  • 7. From HIPAA to HITECH… • Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936) • The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on February 17, 2009 • American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115)
  • 8. ������ ������ ������ = (������ ∗ ������ ) do the HITECH math… Application of HIPAA Security Standards to Business “Business Associates”: Associates • Legal 42 USC §17931 • Accounting • Administrative New Security Breach • Claims Processing Requirements • Data Analysis 42 USC §17932(j) • QA • Billing Electronic Access Mandatory for 45 CFR §160.103 Patients 42 USC 17935(e) Consumer Engagement Prohibited Sale of PHI without Patient Authorization 42 USC §17935(d)
  • 9. ONC (Office of the National Coordinator for Healthcare IT) • Health Information Exchange (HIE) • Accountable Care Organizations (ACO) • “Meaningful Use” • Interoperability • Service Oriented Architecture (SOA) Models for Healthcare Information Technology • Certification (ANSI) June 2011 • Conformance Testing (NIST)
  • 10. Microsoft Connected Health Framework Business and Technical Framework (Joint Architecture)
  • 11. Electronic Healthcare = Complexity Increases Opportunity for “Black Swans” (Security and Privacy Risk)
  • 12. SOA “Hub” Model reduces complexity and variability while maintaining collaboration and interoperability
  • 13. Codeplex: Health Connection Engine http://hce.codeplex.com/ • SOA • “Plug and Play” • Message represent clinical events, not data items • EHR data federated • Connection to existing messaging infrastructures
  • 14. SharePoint 2010 as part of a Connected Health Framework • NOT a standalone solution • Technical barriers • Data barriers • Staffing barriers Office Business Applications (Office and SharePoint) as part of healthcare information architecture
  • 15. Security Architecture – SPS2010 UPM Hardware Authorization Services Business Connectivity Authentication Permissions Data Level Endpoint Federated ID Security Security Security Classic/Claims Groups LOB Integration Mobile IIS/STS Remote ������ ������ ������ = (������ ∗ ������ )
  • 16. Behavioral Factors: Security Architecture – SPS2010 • #hcsm • User population challenges -healthcare/providers -business associates • “Prurient interest” ������ ������ ������ = (������ ∗ ������ )
  • 17. Why data security and privacy should matter to your SharePoint Administrator… Unfortunately, security and governance are absent in many cases Jay Simcox: Proactive vs. reactive approach • https://www.nothingbutsharepoint.com/sites/eusp/Pages/sharepoint-data- security-and-privacy-information-why-should-it-matter-to-you.aspx
  • 18. Security Planning and SharePoint 2010 • Encryption • Data at rest/data in motion • Perimeter topologies • Segmentation and compartmentalization of PHI/PII (logical and physical) • Wireless (RFID/Bluetooth) • Business Continuity • Backup and Recovery
  • 19. Security Planning and SharePoint 2010 • Plan permission levels and groups (least privileges) – providers and business associates • Plan site permissions • Fine-grained permissions (item-level) • Security groups (custom) • Contribute permissions
  • 20. Additional Security Planning Considerations (SharePoint 2010) • Content types (PHI/PII) • ECM/OCR • Business Connectivity Services and Visio Services (external data sources) – Excel, lists, SQL, custom data providers – Integrated Windows with constrained Kerberos • Metadata and tagging (PHI/PII) • Blogs and wikis (PHI)
  • 21. SharePoint 2010: Identity and Access Management in Healthcare • SharePoint as enabler for healthcare: – Access tracking and audits – Access controls • Recommend: third party tools (ControlPoint, AvePoint, etc.) • Recommend: IAM Solutions – Mobility – Workstations/Proximity
  • 22. Best Practices - Prevention • Involve HIPAA specialists early in the planning process. (This is NOT an IT problem) • Consider removing PHI from the equation. (Compartmentalization and segregation) • Evaluate the outsourcing option. (Example: FPWeb) • Look to experts to help with existing implementations. (Domain expertise in healthcare and clinical workflow as well as HIPAA/HITECH privacy and security) • Use connected health framework reference model and other HC specific applications (Dynamics CRM for Patient Relationship Management/Case Management, HealthVault, Amalga, IAM)
  • 23. Adapting the Joint Commission Continuous Process Improvement Model… Plan • Technical, Physical, Administrative Safeguards Document • Joint Commission, Policies, Procedures, IT Governance Train • Clinical, Administrative and Business Associates Track • Training, Compliance, Incidents, Access…. everything Review • Flexibility, Agility, Architect for Change
  • 24. Case Studies • SharePoint 2007 Upgrade – Behavioral Health • SharePoint 2010 and Clinical Trial Data – Research (Biotech and Pharma) • Patient Relationship Management (Consumer Engagement) – SharePoint 2010 and CRM
  • 26. http://lifeincapslock.com http://www.sswug.org/usercenter/profile.aspx?id=563806 www.broadpoint.net http://www.meetup.com/fedspug-wspdc