Suche senden
Hochladen
Csa security risks_compliance_ramadoss_11102016_mo_d
•
Als PPTX, PDF herunterladen
•
0 gefällt mir
•
161 views
T
Trish McGinity, CCSK
Folgen
Csa security risks_compliance_ramadoss_11102016_mo_d
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 24
Jetzt herunterladen
Empfohlen
So familiar!
So familiar!
Abhishek Kumar
Startup sorocaba: Apresentação Institucional
Startup sorocaba: Apresentação Institucional
Startup Sorocaba
The transformation of business: From social media to social business
The transformation of business: From social media to social business
Neo Consulting
FINASK Bodwell - Graphic Organizer
FINASK Bodwell - Graphic Organizer
Ashley Slade
Ebay News 2006 7 19 Earnings
Ebay News 2006 7 19 Earnings
QuarterlyEarningsReports
One pagepdf
One pagepdf
testslidesha12
Startup Sorocaba: Entrevista - Jornal Rede Repórter
Startup Sorocaba: Entrevista - Jornal Rede Repórter
Startup Sorocaba
Scaling Agile without frameworks
Scaling Agile without frameworks
Jose Manuel Beas
Empfohlen
So familiar!
So familiar!
Abhishek Kumar
Startup sorocaba: Apresentação Institucional
Startup sorocaba: Apresentação Institucional
Startup Sorocaba
The transformation of business: From social media to social business
The transformation of business: From social media to social business
Neo Consulting
FINASK Bodwell - Graphic Organizer
FINASK Bodwell - Graphic Organizer
Ashley Slade
Ebay News 2006 7 19 Earnings
Ebay News 2006 7 19 Earnings
QuarterlyEarningsReports
One pagepdf
One pagepdf
testslidesha12
Startup Sorocaba: Entrevista - Jornal Rede Repórter
Startup Sorocaba: Entrevista - Jornal Rede Repórter
Startup Sorocaba
Scaling Agile without frameworks
Scaling Agile without frameworks
Jose Manuel Beas
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
Trish McGinity, CCSK
La guerra civil
La guerra civil
evapucela
Trabajo sociales
Trabajo sociales
evapucela
Distributed systems1
Distributed systems1
Sumita Das
Workshop Scrum Product Owner, Delírios de PO em Dia de Verão v6
Workshop Scrum Product Owner, Delírios de PO em Dia de Verão v6
Rildo (@rildosan) Santos
Maths: Addition Worksheet (CBSE Grade II)
Maths: Addition Worksheet (CBSE Grade II)
theeducationdesk
Hrvatski narodni preporod – Ilirski pokret
Hrvatski narodni preporod – Ilirski pokret
Privatna jezično-informatička gimnazija "Svijet"
Діма Зубець ” The Zachman Framework for Enterprise Architecture”
Діма Зубець ” The Zachman Framework for Enterprise Architecture”
Dakiry
Economy-Environment-DiscussionPaper-v2-4
Economy-Environment-DiscussionPaper-v2-4
Shannon Rohan
Úszás oktatás
Úszás oktatás
Vince Tordai
One pagepdf
One pagepdf
testslidesha12
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
Privacy 101
Privacy 101
Trish McGinity, CCSK
Cloud Seeding
Cloud Seeding
Trish McGinity, CCSK
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure Web
Trish McGinity, CCSK
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
Trish McGinity, CCSK
GDPR Overview
GDPR Overview
Trish McGinity, CCSK
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott Hogg
Trish McGinity, CCSK
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
Trish McGinity, CCSK
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
Trish McGinity, CCSK
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
Trish McGinity, CCSK
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities
Trish McGinity, CCSK
Weitere ähnliche Inhalte
Andere mochten auch
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
Trish McGinity, CCSK
La guerra civil
La guerra civil
evapucela
Trabajo sociales
Trabajo sociales
evapucela
Distributed systems1
Distributed systems1
Sumita Das
Workshop Scrum Product Owner, Delírios de PO em Dia de Verão v6
Workshop Scrum Product Owner, Delírios de PO em Dia de Verão v6
Rildo (@rildosan) Santos
Maths: Addition Worksheet (CBSE Grade II)
Maths: Addition Worksheet (CBSE Grade II)
theeducationdesk
Hrvatski narodni preporod – Ilirski pokret
Hrvatski narodni preporod – Ilirski pokret
Privatna jezično-informatička gimnazija "Svijet"
Діма Зубець ” The Zachman Framework for Enterprise Architecture”
Діма Зубець ” The Zachman Framework for Enterprise Architecture”
Dakiry
Economy-Environment-DiscussionPaper-v2-4
Economy-Environment-DiscussionPaper-v2-4
Shannon Rohan
Úszás oktatás
Úszás oktatás
Vince Tordai
One pagepdf
One pagepdf
testslidesha12
Andere mochten auch
(11)
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
La guerra civil
La guerra civil
Trabajo sociales
Trabajo sociales
Distributed systems1
Distributed systems1
Workshop Scrum Product Owner, Delírios de PO em Dia de Verão v6
Workshop Scrum Product Owner, Delírios de PO em Dia de Verão v6
Maths: Addition Worksheet (CBSE Grade II)
Maths: Addition Worksheet (CBSE Grade II)
Hrvatski narodni preporod – Ilirski pokret
Hrvatski narodni preporod – Ilirski pokret
Діма Зубець ” The Zachman Framework for Enterprise Architecture”
Діма Зубець ” The Zachman Framework for Enterprise Architecture”
Economy-Environment-DiscussionPaper-v2-4
Economy-Environment-DiscussionPaper-v2-4
Úszás oktatás
Úszás oktatás
One pagepdf
One pagepdf
Mehr von Trish McGinity, CCSK
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
Privacy 101
Privacy 101
Trish McGinity, CCSK
Cloud Seeding
Cloud Seeding
Trish McGinity, CCSK
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure Web
Trish McGinity, CCSK
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
Trish McGinity, CCSK
GDPR Overview
GDPR Overview
Trish McGinity, CCSK
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott Hogg
Trish McGinity, CCSK
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
Trish McGinity, CCSK
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
Trish McGinity, CCSK
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
Trish McGinity, CCSK
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities
Trish McGinity, CCSK
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
Trish McGinity, CCSK
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Trish McGinity, CCSK
Ed Rios - New ncc brief
Ed Rios - New ncc brief
Trish McGinity, CCSK
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
Trish McGinity, CCSK
Davitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
Trish McGinity, CCSK
Mehr von Trish McGinity, CCSK
(16)
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Privacy 101
Privacy 101
Cloud Seeding
Cloud Seeding
Token Binding as the Foundation for a More Secure Web
Token Binding as the Foundation for a More Secure Web
Security and Automation: Can they work together? Can we survive if they don't?
Security and Automation: Can they work together? Can we survive if they don't?
GDPR Overview
GDPR Overview
Practical AWS Security - Scott Hogg
Practical AWS Security - Scott Hogg
Csa presentation november 2016 sloane ghx
Csa presentation november 2016 sloane ghx
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
Steve Kosten - Exploiting common web application vulnerabilities
Steve Kosten - Exploiting common web application vulnerabilities
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Ed Rios - New ncc brief
Ed Rios - New ncc brief
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
Davitt Potter - CSA Arrow
Davitt Potter - CSA Arrow
Kürzlich hochgeladen
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Kürzlich hochgeladen
(20)
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Csa security risks_compliance_ramadoss_11102016_mo_d
1.
www.cloudsecurityalliance.org Healthcare Information Security Risks
and Compliance 2016 Colorado CSA Fall Summit | November 10, 2016 Ram Ramadoss, Vice President, CRP Privacy, Information Security and EHR Compliance Oversight, Catholic Health Initiatives Copyright © 2016 Cloud Security Alliance
2.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Overview • About Catholic Health Initiatives • Healthcare Industry Overview • Top Technology Trends • HIPAA Compliance/Risk Assessment • OCR’s Cloud Computing Guidance • Q&A
3.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance About Catholic Health initiatives • The nation’s third-largest nonprofit health system • CHI operates in 19 states and comprises 103 hospitals; Four academic health centers and major teaching hospitals as well as 30 critical-access facilities; Home Health, Senior Living Facilities • Other facilities and services that span the inpatient and outpatient continuum of care
4.
Healthcare Industry
5.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Overview • Current state • Evolution • Complexity • Challenges and Opportunities
6.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Evolution • Major consolidation of Healthcare providers • Small and Medium sized practices are struggling • A major movement to Electronic Health Record systems • We are seeing an increasing shift towards outsourcing • Competing priorities and budget limitations • Consumerization
7.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Complexity • A significant number of legacy electronic systems • 20 plus years retention timeframe for medical records • Legacy medical devices / wireless capability
8.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Security Challenges Unique to the Healthcare Sector • Protected Health Information (PHI) includes fundamental, unchanging facts about a patient • An average security breach cost - $363 per record in healthcare versus $154 per record in other industries • In 2015 alone,113 million patients were affected by breaches • Fraud opportunities for criminals include: Identity theft Exploitation of insurance details Prescription drug benefits
9.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Challenges and Opportunities Challenges: • Vulnerabilities and weak security controls • Aggressive Threat Landscape • HIPAA regulatory requirements Opportunities: • Desperately looking for technology solutions • An open minded approach with outsourcing • Exploring efficiency and automation opportunities
10.
Top Technology Trends
11.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance The Consumerization of Healthcare • Consumer connected to the New Healthcare Economy • A greater expectation for personalized experience • Business intelligence tools to derive patterns and consumer trends
12.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Big Data • 360-degree view of customers/patients • Unstructured data to help with predictive analytics • Increasing focus on Health Clouds • Medium size providers – huge opportunity • Large Healthcare providers - partnerships
13.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Mobile Devices/Applications • Not just the Millennials • Access to Health Information using smartphones • Online scheduling / Insurance shopping / Virtual care drive off • Developing a digital eco-system • Patient/Physician portals; information sharing Engagement and interactions with patients
14.
Patient Data vs
Patient Safety Focus
15.
HIPAA Compliance and
Risk Assessments
16.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Business Associate Agreements (BAA) • A contractual agreement between a Covered Entity (CE) and any third party company with access to patient information (Business Associate) • A mandatory requirement – HIPAA Administrative Safeguard • Key provisions include but not limited to: Return or Destruction of Protected Health Information (PHI) upon Termination Safeguard the ePHI and Breach Notification
17.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Information Security Amendments • Additional language regarding a minimum security program • Security provisions regarding access from foreign locations and storage of data outside the country • Risk stratification of partners and Business Associates • Monitoring of partners security and compliance
18.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Suppliers/Business Associates Facts: • Increasing outsourcing activities (Business Process/IT) • Cloud-based electronic health record systems • Patient care program is reliant upon the support received from partners / BAs Mitigation: • Cybersecurity insurance coverage • BAAs and security amendments • Access and storage outside the United States • Supplier risk management program
19.
The Office for
Civil Rights’ (OCR) Cloud Computing Guidance
20.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Cloud Computing Guidance • Covered Entities (CE) must execute BAAs with Cloud Service Providers (OCR’s recent fines against a CE) • Risk Analysis – both CE and CSP • Service Level Agreements must include: System availability and reliability Back-up and data recovery Manner in which data will be returned to the customer after service use termination Security responsibility Use, retention and disclosure limitations
21.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Cloud Computing Guidance • CSP is directly liable under the HIPAA Privacy Rule Use and disclosure of data not authorized by the contract, law and HIPAA • CSP is directly liable under the HIPAA Security Rule Failure to safeguard ePHI Failure to notify a Covered Entity regarding a breach • CSP’s are still considered Business Associates: If the data is encrypted Even if the CSPs do not have access to data
22.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Cloud Computing Guidance • Can a CSP be considered to be a “conduit” like the postal service? the conduit exception is limited to transmission-only services for PHI including any temporary storage of PHI • Lack of actual knowledge by CSPs that their services are used to handle ePHI Affirmative defense - address compliance within 30 days • Breach Notification – CSPs must implement: Policies and Procedures Document security incidents Report incidents to CEs and Business Associates
23.
www.cloudsecurityalliance.orgCopyright © 2011
Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2015 Cloud Security Alliance Cloud Computing Guidance • CSPs must return or destroy all PHI at the termination of the BAA where feasible If such return or destruction is not feasible, the BAA must extend the privacy and security protections • HIPAA rule does not restrict storage of data outside the US Risk Assessment is the key • Customers may require additional assurances from CSPs such as the documentation of safeguards or audits • De-identified ePHI per HIPAA Privacy Rule CSP is not a Business Associate
24.
24 Thank You
Hinweis der Redaktion
40 mins.
Jetzt herunterladen