This document discusses the key security challenges facing hospitals and medical centers. It identifies several top concerns, including workplace violence, budget constraints, active shooters, and patient behavioral health issues. The document also examines specific risks in areas like pharmacies, pediatric units, and patient safety. It evaluates data on common security threats such as theft, assaults, and cyber attacks. Finally, the document outlines several solutions that hospitals are implementing, such as integrated security systems, real-time locating technologies, and outsourcing of non-core services.
The Security of Electronic Health Information Surveyloglogic
A new study reveals that the push for Electronic Medical Records puts patient privacy at risk. The Ponemon Institute and LogLogic surveyed hospital security professionals and found that 70% say their senior management fails to prioritize privacy and data security.
Why a Risk Assessment is NOT Enough for HIPAA ComplianceCompliancy Group
A common misconception is that “A risk assessment makes me HIPAA compliant” Sadly this thought can cost your practice more than taking no action at all. A risk assessment is a requirement for HITECH under Meaningful Use Core Measure 15, but it does NOT make you HIPAA compliant. Furthermore it can enter you into the section of willful neglect and open your organization into the next level of fines.
Join industry experts to find out how you achieve Meaningful Use, HITECH and HIPAA compliance while protecting your practice. Don’t miss this webinar, it could be the biggest message you receive all year!
Preparing & Responding to an OCR HIPAA AuditPYA, P.C.
PYA Principal Barry Mathis presented “Preparing and Responding to an OCR HIPAA Audit” at the Association of Healthcare Internal Auditors (AHIA) 36th Annual Conference.
Areas of focus included:
Understanding the steps of an OCR HIPAA audit.
Learning methods for responding accurately and efficiently to audits.
Understanding how to assess ability to respond to, and identify gaps and weaknesses in, processes.
Discussing lessons learned from completed audits.
Copy of the presentation provided by Good to Go Safety at the IOSH Conference 2010, looking at the history and importance of checklists in the workplace.
The Security of Electronic Health Information Surveyloglogic
A new study reveals that the push for Electronic Medical Records puts patient privacy at risk. The Ponemon Institute and LogLogic surveyed hospital security professionals and found that 70% say their senior management fails to prioritize privacy and data security.
Why a Risk Assessment is NOT Enough for HIPAA ComplianceCompliancy Group
A common misconception is that “A risk assessment makes me HIPAA compliant” Sadly this thought can cost your practice more than taking no action at all. A risk assessment is a requirement for HITECH under Meaningful Use Core Measure 15, but it does NOT make you HIPAA compliant. Furthermore it can enter you into the section of willful neglect and open your organization into the next level of fines.
Join industry experts to find out how you achieve Meaningful Use, HITECH and HIPAA compliance while protecting your practice. Don’t miss this webinar, it could be the biggest message you receive all year!
Preparing & Responding to an OCR HIPAA AuditPYA, P.C.
PYA Principal Barry Mathis presented “Preparing and Responding to an OCR HIPAA Audit” at the Association of Healthcare Internal Auditors (AHIA) 36th Annual Conference.
Areas of focus included:
Understanding the steps of an OCR HIPAA audit.
Learning methods for responding accurately and efficiently to audits.
Understanding how to assess ability to respond to, and identify gaps and weaknesses in, processes.
Discussing lessons learned from completed audits.
Copy of the presentation provided by Good to Go Safety at the IOSH Conference 2010, looking at the history and importance of checklists in the workplace.
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
WE BUILD CORE HANDS-ON ON INFORMATION SECURITY SKILLS FOR ALL LEVELS AND DEPARTMENTS- It has already been two years since hackers shifted their main focus from BFSI sector to healthcare industry aggressively targeting hospitals all over the world, while U.S. is experiencing the most severe threat. How we can help you with HIPPA security and privacy concerns. DO YOU NEED TO INVEST IN INFORMATION SECURITY TRAINING, CONSULTING AND ADVISORY?
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
Since Omnibus started in 2013 Business Associates (BA) have scrambled to understand and adhere to the Federal Regulation. Though Omnibus alone was a reason for Business Associates to become compliant many realized that compliance could help differentiate their offerings. Helping the company retain and acquire new clients. Compliance is helping many BA’s open new revenue streams while increasing brand stickiness.
With the plethora of non-compliant Business Associates, Covered Entities are realizing that the best option for them is to choose a BA that is compliant to reduce their risk.
Transforming Health Care Delivery through System Integration of the Resurrect...Resurrection Health Care
How Resurrection Health Care implemented a 24/7 specialized care system via centralized remote patient monitoring by intensivists that has reduced medical errors and ICU mortality, improved patient outcomes, saved costs plus enabled tracking of patient vital trends.
WEBINAR: HIPAA 101: Five Steps Toward Achieving ComplianceKSM Consulting
With penalties for noncompliance of HIPAA regulations ranging from $100 to $50,000 per violation, compliance isn’t optional. But with new regulations, it can be difficult to remain informed of the latest requirements. If you can’t confidently answer “yes” to the question, “Are you HIPAA compliant?,” this webinar is for you.
In this webinar, we’ll discuss five key actions you can take to improve your alignment with HIPAA and strengthen your organization’s overall security posture:
Implementing policies and procedures
Data discovery and asset inventory
Training and awareness
Implementing technical controls
Security risk assessment
Information Security Risk Management in Biomedical EquipmentBart Hubbs
Biomedical devices have evolved from largely stand-alone devices to more digitally integrated data collection and delivery units. The evolution has helped improve and streamline patient monitoring and subsequent care by collecting and delivering actionable patient data to the right
caregivers.
This presentation helps provide a framework for analyzing and mitigating information security risk in the biomedical device space.
ecfirst specializes in providing comprehensive and user friendly HIPAA training, HIPAA certification, and HIPAA compliance solutions for over 15 years. ecfirst is a leader with rich hands-on experience delivering Information Technology (IT) and Regulatory Compliance solutions. Executive training programs for end users to learn CHA, CHP, CSCS and cyber security programs.
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
High level overview of current security issues in medical device security, what is being hacked by security researchers, who are the major security players, hacking predictions, FUD vs. Reality.
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
WE BUILD CORE HANDS-ON ON INFORMATION SECURITY SKILLS FOR ALL LEVELS AND DEPARTMENTS- It has already been two years since hackers shifted their main focus from BFSI sector to healthcare industry aggressively targeting hospitals all over the world, while U.S. is experiencing the most severe threat. How we can help you with HIPPA security and privacy concerns. DO YOU NEED TO INVEST IN INFORMATION SECURITY TRAINING, CONSULTING AND ADVISORY?
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
Since Omnibus started in 2013 Business Associates (BA) have scrambled to understand and adhere to the Federal Regulation. Though Omnibus alone was a reason for Business Associates to become compliant many realized that compliance could help differentiate their offerings. Helping the company retain and acquire new clients. Compliance is helping many BA’s open new revenue streams while increasing brand stickiness.
With the plethora of non-compliant Business Associates, Covered Entities are realizing that the best option for them is to choose a BA that is compliant to reduce their risk.
Transforming Health Care Delivery through System Integration of the Resurrect...Resurrection Health Care
How Resurrection Health Care implemented a 24/7 specialized care system via centralized remote patient monitoring by intensivists that has reduced medical errors and ICU mortality, improved patient outcomes, saved costs plus enabled tracking of patient vital trends.
WEBINAR: HIPAA 101: Five Steps Toward Achieving ComplianceKSM Consulting
With penalties for noncompliance of HIPAA regulations ranging from $100 to $50,000 per violation, compliance isn’t optional. But with new regulations, it can be difficult to remain informed of the latest requirements. If you can’t confidently answer “yes” to the question, “Are you HIPAA compliant?,” this webinar is for you.
In this webinar, we’ll discuss five key actions you can take to improve your alignment with HIPAA and strengthen your organization’s overall security posture:
Implementing policies and procedures
Data discovery and asset inventory
Training and awareness
Implementing technical controls
Security risk assessment
Information Security Risk Management in Biomedical EquipmentBart Hubbs
Biomedical devices have evolved from largely stand-alone devices to more digitally integrated data collection and delivery units. The evolution has helped improve and streamline patient monitoring and subsequent care by collecting and delivering actionable patient data to the right
caregivers.
This presentation helps provide a framework for analyzing and mitigating information security risk in the biomedical device space.
ecfirst specializes in providing comprehensive and user friendly HIPAA training, HIPAA certification, and HIPAA compliance solutions for over 15 years. ecfirst is a leader with rich hands-on experience delivering Information Technology (IT) and Regulatory Compliance solutions. Executive training programs for end users to learn CHA, CHP, CSCS and cyber security programs.
Medical Device Security: State of the Art -- NoConName, Barcelona, 2011 shawn_merdinger
High level overview of current security issues in medical device security, what is being hacked by security researchers, who are the major security players, hacking predictions, FUD vs. Reality.
This slideshow was used in an Introduction to Research Data Management course taught for the Mathematical, Physical and Life Sciences Division, University of Oxford, on 2015-02-09. It provides an overview of some key issues, looking at both day-to-day data management, and longer term issues, including sharing, and curation.
Meeting Federal Research Requirements for Data Management Plans, Public Acces...ICPSR
These slides cover evolving federal research requirements for sharing scientific data. Provided are updates on federal agency responses to the 2013 OSTP memo, guidance on data management plans, resources for data management and curation training for staff/researchers, and tips for evaluating public data-sharing services. ICPSR's public data-sharing service, openICPSR, is also presented. Recording of this presentation is here: https://www.youtube.com/watch?v=2_erMkASSv4&feature=youtu.be
This slideshow was used in a Research Data Management Planning course taught at IT Services, University of Oxford, on 2015-02-18 and 2015-05-13. It provides an overview of the elements of a data management plan, plus an introduction to some tools that can be used to build one.
Have you implemented a Data Management Plan (DMP) tool at your institution or are you currently involved in discussions to implement one? Would you like to connect with others who are involved in implementing DMPs? Then this webinar is for you!
This webinar will bring together those involved in planning or implementing DMP to exchange information and explore ideas around DMP.
>>>>>>>>>>>>>>>>>>>>>>>>
Kathryn Unsworth and Natasha Simons lead the conversation by starting off with a few thoughts on:
-- a wrap up of the DMP Birds of a Feather session at eResearch Australasia (Oct 2016)
-- DMPs v2
-- discussion around DMPs as Thing 15 in the 23 (Research Data) Things program
-- and some thought provoking ideas.
This section WILL be recorded.
Then open up for discussion - NOT recorded.
We will also be looking to gauge interest in the formation of a DMP Community of Practice in Australia.
>>>>>>>>>>>>>>>>>>>>>>>>
Background:
Significant advocacy and technical enterprise have been directed towards the development and use of DMP tools. However, the agents and motivations driving DMP use differ, presenting use cases to explore and questions to be answered:
-- Why implement a DMP tool?
-- Does DMP use align with an agent’s motivations and more importantly with intended outcomes?
-- What are the expected outcomes?
-- Is there a one-size-fits-all DMP?
-- Is best practice for researchers an aim or a hoped-for by product?
>>>>>>>>>>>>>>>>>>>>>>>>
More info about DMPs: http://www.ands.org.au/working-with-data/data-management/data-management-plans
Australian DMP examples: https://projects.ands.org.au/policy.php
>>>>>>>>>>>>>>>>>>>>>>>>
Contact:
Kathryn.Unsworth@ands.org.au
Natasha.Simons@ands.org.au
5 Reasons Why Healthcare Data is Unique and Difficult to MeasureHealth Catalyst
Healthcare data is not linear. It is a complex, diverse beast unlike the data of any other industry. There are five ways in particular that make healthcare data unique:
1. Much of the data is in multiple places.
2. The data is structured and unstructured.
3. It has inconsistent and variable definitions; evidence-based practice and new research is coming out every day. 4. The data is complex.
5. Changing regulatory requirements.
The answer for this unpredictability and complexity is the agility of a late-binding Data Warehouse.
EUDAT & OpenAIRE Webinar: How to write a Data Management Plan - July 7, 2016|...EUDAT
| www.eudat.eu | 1st Session: July 7, 2016.
In this webinar, Sarah Jones (DCC) and Marjan Grootveld (DANS) talked through the aspects that Horizon 2020 requires from a DMP. They discussed examples from real DMPs and also touched upon the Software Management Plan, which for some projects can be a sensible addition
Taking the Physician's Pulse on Cybersecurityaccenture
Accenture and the American Medical Association (AMA) surveyed U.S. physicians regarding their experiences and attitudes toward cybersecurity. The findings suggest a strong need for improved cybersecurity education for physicians.
A recent survey commissioned by Synopsys was designed to understand the risks to clinicians and patients due to insecure medical devices. The resulting report identified some expected findings, but others were extremely surprising. For instance, 67% of medical device manufacturers and 56% of healthcare delivery organizations believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. Join Larry Ponemon of the Ponemon Institute and Mike Ahmadi of Synopsys as they discuss report highlights. They provide insight and predictions regarding the future of security in the medical device and healthcare industries.
How Good Privacy Practices can help prepare for a Data Breach from TRUSTe TrustArc
Webinar on data privacy guidelines and best practices that will go a long way to prepare your company for a data breach.
Access the complete webinar from industry experts on how to be ready for a big data breach https://info.truste.com/On-Demand-Webinar-Reg-Page-V3.html?asset=IZC8I93X-553
Medical device security presentation - Frank SiepmannFrank Siepmann
Since I am not presenting (due to personal reasons) at the Medical Device Security conference 25/26 July 2016 in Arlington, VA I thought I post my slides about the current problems with Medical Device security and what can be done on a tactical level and what is needed at a strategic level.
Transforming Pharmacovigilance from Operational to Scientifically DrivenVeeva Systems
Learn how scientifically driven pharmacovigilance can enable safety teams to provide faster, more comprehensive benefit-risk assessment to improve patient’s lives. Watch the on-demand webinar: https://go.veeva.com/transforming-pv
CynergisTek’s Survey Data Reveals Leading Cybersecurity Concerns for Healthcare Organization Executives.
Client-Conference Data Unveils That Risks Associated with Internet of Things, Medical Devices, Third-Party Vendors, and Program Management are Top of Mind for Security Executives, Yet Action is Lagging
"Case Studies from the Field: Putting Cyber Security Strategies into Action" with Miroslav Belote, Director of Systems & Privacy Officer, JFK Health Systems
Patient Safety Incident Reporting Functionality Reduces Barriers and Improves...Health Catalyst
For organizations that are striving to improve patient safety, incident reports are a valuable tool for safety leaders to identify and investigate conditions that may lead to errors or cause harm. Historically, incident reporting has involved complicated forms and a lack of transparency which can discourage employees from reporting events. The newest module in Health Catalyst’s Patient Safety Monitor application, Voluntary Event Reporting, provides an easy-to-use application that is convenient, efficient, productive, and informative. Voluntary Event Reporting offers game-changing support for organizations dedicated to nurturing a safety culture and leveraging reliable data and analytics for better outcomes by ensuring your teams have what they need to report events, follow up, learn, and improve.
QA Paediatric dentistry department, Hospital Melaka 2020Azreen Aj
QA study - To improve the 6th monthly recall rate post-comprehensive dental treatment under general anaesthesia in paediatric dentistry department, Hospital Melaka
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptxR3 Stem Cell
R3 Stem Cells and Kidney Repair: A New Horizon in Nephrology" explores groundbreaking advancements in the use of R3 stem cells for kidney disease treatment. This insightful piece delves into the potential of these cells to regenerate damaged kidney tissue, offering new hope for patients and reshaping the future of nephrology.
Antibiotic Stewardship by Anushri Srivastava.pptxAnushriSrivastav
Stewardship is the act of taking good care of something.
Antimicrobial stewardship is a coordinated program that promotes the appropriate use of antimicrobials (including antibiotics), improves patient outcomes, reduces microbial resistance, and decreases the spread of infections caused by multidrug-resistant organisms.
WHO launched the Global Antimicrobial Resistance and Use Surveillance System (GLASS) in 2015 to fill knowledge gaps and inform strategies at all levels.
ACCORDING TO apic.org,
Antimicrobial stewardship is a coordinated program that promotes the appropriate use of antimicrobials (including antibiotics), improves patient outcomes, reduces microbial resistance, and decreases the spread of infections caused by multidrug-resistant organisms.
ACCORDING TO pewtrusts.org,
Antibiotic stewardship refers to efforts in doctors’ offices, hospitals, long term care facilities, and other health care settings to ensure that antibiotics are used only when necessary and appropriate
According to WHO,
Antimicrobial stewardship is a systematic approach to educate and support health care professionals to follow evidence-based guidelines for prescribing and administering antimicrobials
In 1996, John McGowan and Dale Gerding first applied the term antimicrobial stewardship, where they suggested a causal association between antimicrobial agent use and resistance. They also focused on the urgency of large-scale controlled trials of antimicrobial-use regulation employing sophisticated epidemiologic methods, molecular typing, and precise resistance mechanism analysis.
Antimicrobial Stewardship(AMS) refers to the optimal selection, dosing, and duration of antimicrobial treatment resulting in the best clinical outcome with minimal side effects to the patients and minimal impact on subsequent resistance.
According to the 2019 report, in the US, more than 2.8 million antibiotic-resistant infections occur each year, and more than 35000 people die. In addition to this, it also mentioned that 223,900 cases of Clostridoides difficile occurred in 2017, of which 12800 people died. The report did not include viruses or parasites
VISION
Being proactive
Supporting optimal animal and human health
Exploring ways to reduce overall use of antimicrobials
Using the drugs that prevent and treat disease by killing microscopic organisms in a responsible way
GOAL
to prevent the generation and spread of antimicrobial resistance (AMR). Doing so will preserve the effectiveness of these drugs in animals and humans for years to come.
being to preserve human and animal health and the effectiveness of antimicrobial medications.
to implement a multidisciplinary approach in assembling a stewardship team to include an infectious disease physician, a clinical pharmacist with infectious diseases training, infection preventionist, and a close collaboration with the staff in the clinical microbiology laboratory
to prevent antimicrobial overuse, misuse and abuse.
to minimize the developme
Global launch of the Healthy Ageing and Prevention Index 2nd wave – alongside...ILC- UK
The Healthy Ageing and Prevention Index is an online tool created by ILC that ranks countries on six metrics including, life span, health span, work span, income, environmental performance, and happiness. The Index helps us understand how well countries have adapted to longevity and inform decision makers on what must be done to maximise the economic benefits that comes with living well for longer.
Alongside the 77th World Health Assembly in Geneva on 28 May 2024, we launched the second version of our Index, allowing us to track progress and give new insights into what needs to be done to keep populations healthier for longer.
The speakers included:
Professor Orazio Schillaci, Minister of Health, Italy
Dr Hans Groth, Chairman of the Board, World Demographic & Ageing Forum
Professor Ilona Kickbusch, Founder and Chair, Global Health Centre, Geneva Graduate Institute and co-chair, World Health Summit Council
Dr Natasha Azzopardi Muscat, Director, Country Health Policies and Systems Division, World Health Organisation EURO
Dr Marta Lomazzi, Executive Manager, World Federation of Public Health Associations
Dr Shyam Bishen, Head, Centre for Health and Healthcare and Member of the Executive Committee, World Economic Forum
Dr Karin Tegmark Wisell, Director General, Public Health Agency of Sweden
Telehealth Psychology Building Trust with Clients.pptxThe Harvest Clinic
Telehealth psychology is a digital approach that offers psychological services and mental health care to clients remotely, using technologies like video conferencing, phone calls, text messaging, and mobile apps for communication.
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfSachin Sharma
This content provides an overview of preventive pediatrics. It defines preventive pediatrics as preventing disease and promoting children's physical, mental, and social well-being to achieve positive health. It discusses antenatal, postnatal, and social preventive pediatrics. It also covers various child health programs like immunization, breastfeeding, ICDS, and the roles of organizations like WHO, UNICEF, and nurses in preventive pediatrics.
Navigating the Health Insurance Market_ Understanding Trends and Options.pdfEnterprise Wired
From navigating policy options to staying informed about industry trends, this comprehensive guide explores everything you need to know about the health insurance market.
The dimensions of healthcare quality refer to various attributes or aspects that define the standard of healthcare services. These dimensions are used to evaluate, measure, and improve the quality of care provided to patients. A comprehensive understanding of these dimensions ensures that healthcare systems can address various aspects of patient care effectively and holistically. Dimensions of Healthcare Quality and Performance of care include the following; Appropriateness, Availability, Competence, Continuity, Effectiveness, Efficiency, Efficacy, Prevention, Respect and Care, Safety as well as Timeliness.
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...Guillermo Rivera
This conference will delve into the intricate intersections between mental health, legal frameworks, and the prison system in Bolivia. It aims to provide a comprehensive overview of the current challenges faced by mental health professionals working within the legislative and correctional landscapes. Topics of discussion will include the prevalence and impact of mental health issues among the incarcerated population, the effectiveness of existing mental health policies and legislation, and potential reforms to enhance the mental health support system within prisons.
3. Critical issues for hospitals and
medical centres
Workplace violence
Budget/funding
Technology
integration and
management
Active shooter
Staffing and training
Patient behavioural
health and violence
Asset protection/theft
ASIS: The 2014 Security 500 Sector Reports
4. Top security concerns
Guardian 8 Survey
8%
10%
12%
16%
17%
19%
24%
56%
57%
OSHA fines
Employee retention
High incidence of fatalities
Lack of
accountability/documentat…
Administrators'
understanding of regulations
Legal fees/repercussions
Disruptions to patient care
Office safety
Patient safety
5. Increasing crime and violence
Health Facilities Management/ASHE 2012 Hospital Security Survey
0%
0%
1%
1%
3%
3%
8%
9%
10%
11%
12%
17%
17%
18%
21%
25%
26%
33%
79%
80%
78%
78%
74%
79%
77%
78%
74%
75%
77%
70%
75%
64%
68%
68%
68%
60%
21%
20%
21%
21%
23%
18%
15%
13%
16%
14%
11%
13%
8%
18%
11%
7%
6%
7%
Infant abduction - actual
Infant abduction - attempted
Shootings in hospital and on grounds, excl. ED
Shootings in ED
Bomb threats
Staff-on-staff violence
Other thefts (major - more than $500/item)
Patient care equipment thefts
Pharmaceutical and supply thefts
IT equipment thefts
Domestic incidents involving employees
Other thefts (minor - $500 or less/item)
Elopements/patient wandering
Auto thefts/car break-ins
Property damage/vandalism
Attacks/assaults
Patient/family violence against staff in hospital, excl. ED
Patient/family violence against staff in ED
Change in frequency of incidents
Increase About the same Decrease
10. Patient safety
Patient elopement,
especially high-risk patients
Patients need access to
reliable emergency call
systems
Paediatric patients need to be
protected from abduction and
patient flight
Patients who may be a danger
to themselves or others
12. Patient information security
Verizon 2015 Data Breach Investigations Report
0,1%
3,1%
3,3%
8,1%
9,4%
10,6%
18,0%
18,8%
28,5%
Denial of service
attacks
Payment card
skimmers
Physical theft and
loss
Miscellaneous
errors
Web app attacks
Insider and
privilege misuse
Cyber espionage
Crime ware
Point of sale
intrusions
Almost all cyber attacks can be
classified by 9 patterns
13. 32% 26% 16%Healthcare
Miscellaneous errors Insider misuse Physical theft / loss
Typical cyber attack incidents for
healthcare
of the incidents in an industry can be described by just
three of the nine patterns.
PHYSICAL THEFT / LOSS
Any incident where an
information asset went
missing, whether through
misplacement or malice.
INSIDER AND PRIVILEGE MISUSE
This is mainly by insider’s misuse,
but outsiders (due to collusion) and
partners (because they are granted
privileges) show up as well.
Potential culprits come from every
level of the business, from the
frontline to the boardroom.
MISCELLANEOUS ERRORS
Incidents where unintentional
actions directly compromised
a security attribute of an
information asset. This does
not include lost devices,
which is grouped with theft
instead.
Verizon 2015 Data Breach Investigations Report
ON AVERAGE
76%
14. Cyber attacks are physical
of insider and
privilege misuse
attacks used the
corporate LAN.
of theft / loss
happened at
work.
of miscellaneous
errors involved
printed
documents.
Verizon 2014 & 2015 Data Breach Investigations Report
85%
49%
55%
15. Look inside your company
PWC Global State of Information Security Survey 2015
0% 5% 10% 15% 20% 25% 30% 35% 40%
Unknown
Domestic intelligence service
Foreign nation-states
Competitors
Activists / activist organisations / hacktivist
Organised crime
Hackers
Suppliers / business partners
Former service providers / consultants / contractors
Current service providers / consultants / contractors
Former employees
Current employees
Likely sources of incidents
All industries in all regions Healthcare
16. Screening and vetting is business
critical
PWC Global State of Information Security Survey 2015
0% 10% 20% 30% 40% 50% 60% 70% 80%
Conduct personnel background checks
Require 3rd parties to comply with our privacy policies
Employee security awareness training programme
Priviledged user access
Secure access-control measures
Accurate inventory of where personal data for
employees and customers are collected, transmitted…
Employee Chief Information Security Officer in charge
of security
Information security strategy that is aligned to the
specific needs of the business
Security safeguards in place
All industries in all regions Healthcare
17. Staff safety
Workplace violence
Even though you know that workplace
violence occurs more frequently in
certain departments—including ED,
mental health, geriatrics, and substance
abuse—it’s very difficult to predict and
prevent staff duress
Staff duress during emergency
situations
High turnover, low morale in certain
departments particularly the ED
due to with frequent staff duress
Staff members get injured, injury
claims push up costs and overtime
needed to cover absent caregivers’
shifts
18. Workplace violence
Occurrences Perpetrators
30%
18%
10%
4%
1%
One type Two types Three
types
Four types Five types
27%
15%
31%
14%
4% 4% 4%
Number of different types of violence experienced
per respondent
Susan Steinman; Workplace Violence in the Health Sector; Country Case Study: South Africa (ILO, ICN, WHO, PSI)
19. Pharmacy inventory management
Little or no inventory visibility
causing overstocking to
compensate
Increased risk to patient safety due
to product expiration or
unavailability
Inefficient manual processes
Complex payment structures and
regulations
Data disconnection between
inventory costs and procedural
measures
8 to 10% of items expire annually in procedure rooms and
as much as 15% of critical assets are lost
Stanley Healthcare
20. Healthcare asset tracking and
management
Productivity losses due to manual
processes to manage capital and rental
equipment
“Squirrel stores” due to equipment
availability
Having a hard time locating needed
equipment, health systems end up
purchasing or renting more than they
actually need
Patient dissatisfaction due to waiting for
equipment when staff have difficulty
locating it
40% of nurses report spending up to one hour per shift
searching for equipment
Stanley Healthcare
22. Top hospital security systems
being implemented
Health Facilities Management/ASHE 2012 Hospital Security Survey
12%
14%
16%
12%
20%
18%
27%
38%
25%
50%
41%
52%
72%
67%
76%
69%
71%
88%
5%
6%
4%
14%
7%
13%
14%
11%
26%
10%
21%
17%
7%
14%
10%
18%
19%
8%
Man traps
Metal detectors
Outsourced remote video surveillance and monitoring
Wireless RFID clinician badges with panic alert buttons
Biometrics
Video analytics capabilities
Physical security information management (PSIM)
Wireless panic alarm system
RFID for tracking equipment, supplies, medications,…
Patient elopement system
Visitor management system
Electronic lockdown from a central location
Wired panic alarm systems
Integrated security system
Vendor management system
Mass notification system for emergency preparedness
Digital IP-video surveillance system
Electronic access control
Already implemented Plan to implement in the next 24 months
23. Conduct a Hospital Security
Assessment
Analyses existing
Protocols,
Policies, and
Procedures
Evaluates physical
security
Vulnerabilities, and
Threats
24. Develop a Hospital Security
Management Plan
Develop and implement
protocols, policies, and
procedures
Hazard surveillance
program
Identify trends from
monitored data
Maintain, evaluate and
improve system
Ensure regulatory
compliance
Employ reputable security
organisation
25. Is there a doctor in the house?
Patient
management
Patient flow
Safety
Asset
management
Inventory
management
Environmental
monitoring
Real-time locating system (RTLS)
26. Beyond basic security technology
Enhance with video
analytics
Integrate intrusion
detection, access
control, and video
surveillance
Add RTLS
Environmental monitoring
Asset management
Enterprise Systems
Integration
27. Beyond basic security technology
Enhance with video
analytics
Integrate intrusion
detection, access
control, and video
surveillance
Add RTLS
Environmental monitoring
Asset management
Enterprise Systems
Integration
28. Beyond basic security technology
Enhance with video
analytics
Integrate intrusion
detection, access
control, and video
surveillance
Add RTLS
Environmental monitoring
Asset management
Enterprise Systems
Integration
32. Benefits to you
Reduction in operational costs such as administration and
maintenance
Lower capital expenditures due to flexibility of single integrated
system to accommodate add-on security components
Single system also keeps training costs lower
Decreased losses and lower associated operational costs
Improved business continuity via a more robust, resilient, and
responsive operation
Greater end-to-end transparency for improved process
management and efficiency
Independent study showed that for single integrated system
24% saving in installation cost for 13500m2 building
33% reduction in training
82% reduction in IT administration
32% reduction in cost of changes, upgrades and additions
Strategic ICT Consulting, Teng & Associates