The Security of Electronic Health Information Survey

•Als PPT, PDF herunterladen•

1 gefällt mir•344 views

A new study reveals that the push for Electronic Medical Records puts patient privacy at risk. The Ponemon Institute and LogLogic surveyed hospital security professionals and found that 70% say their senior management fails to prioritize privacy and data security.

Technologie Gesundheit & Medizin

Page 1
The Security of Electronic
Health Information Survey

Security of Electronic Health Information
Sponsored by LogLogic
Presented by Dr. Larry Ponemon
Webinar: September 30, 2009

About the study
• The purpose of the study is to determine from IT security
practitioners in healthcare organizations how secure they
believe electronic patient health records are – especially
those records stored in databases.

The survey addressed the
following topics
• The adequacy of the organization’s approach to the security of
health information.
• Senior management’s views about the importance of securing
health information.
• How electronic health information is used by the organization.
• The database applications that cause the most risk to health
information and the difficulty in securing health information in
databases.
• Steps taken to secure health information in databases and their
effectiveness.
• The impact of compliance on the security of electronic health
information.

How is the above electronic health
information used by your organization?
The top five uses
67%
60%
58%
54% 53%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Billing & payments Insurance verification Marketing &
communications
Patient relations Patient care (clinical)

What kinds of database applications
cause the most risk to electronic
health information?
1.9
2.5
1.6
0.0
0.5
1.0
1.5
2.0
2.5
3.0
Administrative applications such as
patient scheduling systems
Business applications such as billing and
insurance processing
Clinical applications such as physician
notes, prescriptions or diagnostic
reports
Each bar represents the average ranking where 3 = highest risk and 1 = lowest risk.

How would you rate the effectiveness of the
above mentioned data security measures you
have in-place for securing electronic health
information in databases?
19%
24% 25%
24%
9%
0%
5%
10%
15%
20%
25%
30%
Very effective Effective Somew hat effective Not effective Unsure

How many of the above data breaches experienced
by your organization involved electronic health
information stored in a database?
33%
19%
16%
10%
8%
5%
9%
0%
5%
10%
15%
20%
25%
30%
35%
More than 90% 75% to 90% 50% and 74% 25% and 49% 10 and 24% Less than 10% None

If your organization had a data breach involving the
loss or theft of patient health information (say 1,000
or more records), what would this incident cost your
company on a per lost record basis?
6%
9%
19%
30%
10%
3%
12%
0%
5%
10%
15%
20%
25%
30%
35%
Less than $50 $50 to $100 $101 to $150 $151 to $200 $201 to $250 $251 to $300 More than $300
The extrapolated value of a data breach involving EPHI on a per compromised record basis is $211.

Page 10Page 10
Log & Security Management Helps …
» Visibility – Broad Based Monitoring
» Access to electronic healthcare records
» Database activity monitoring
» Creation/deletion of new user accounts
» Assigning/changing access rights and privileges
» Threat monitoring and incident response
» Forensic analysis (immutable audit trail, electronic evidence)

Page 11Page 11
Log & Security Management Helps …
» Control – Real-Time Prevention
» Firewall and network policy (re)-configuration
» Database firewall – real-time blocking of suspect
transactions
» Database security – virtual patch management

Page 12Page 12
CONNECTED
HOSPITAL
Employers
Public Health
Organizations
Laboratories
Pharmacies
Connected
Clinicians
Social Services
Clinics
Emergency /
First Responders
Suppliers
Government and
Private Payers
Home and
Long-Term Care
Hospitals
Monitoring Allows You To “Trust But Verify”

Page 13Page 13
Read The Full Report!
» You can view the entire webcast on demand at:
http://www.loglogic.com/news/webcasts
» A full copy of the report is available at:
www.loglogic.com/resources/analyst-reports/ponemon-
electronic-health-info-at-risk/

Page 14
Thank You!
For more information or
to schedule a demo contact us at:
info@loglogic.com

Weitere ähnliche Inhalte

Was ist angesagt?

Unisys Security Insights Infographic: Netherlands

Unisys Corporation

This SlideShare is aimed at providing a review of the cases against Insys Therapeutics Inc., and analyze the data that prosecutors used as part of the allegations against the manufacturer. Compiled by Brian A. Dahl, Principal, Dahl Compliance Consulting LLC, and Mohammad Ovais, Founder & CEO, it will also present information about the ways in which compliance teams can analyze publicly available Open Payments and Medicare Part D data to avoid risks of kickback violations.

Risks of Open Payments and Medicare Part D Data

qordata

The Use of EDC in Canadian Clinical Trials

Khaled El Emam

Minding the Gap: Path Innovation, Collaboration and Quality

Barry Chaiken

OHMC 201509 lin

Danie Schoeman

Consumer centric healthcare workshop

Leo Barella

The challenge of ensuring secure clinics and hospitals for patients and staff

Danie Schoeman

Protecting Healthcare Data from Hackers

Joshua Spencer

Emmes

narendra

Managing The Risk of Open Payments - Validate Spend Report Before CMS Submission

qordata

Challenges of Implementing Health IT

Margaret Hoisington

[Infographic] Healthcare Cyber Security: Threat Prognosis

FireEye, Inc.

SK&A's Research Center in Irvine, Calif., conducts telephone interviews with office managers and physicians in all 50 states and the District of Columbia. Every month, the researchers survey and verify information at more than 40,000 sites. Medical offices are asked about their intent to purchase an EHR and about their timeframe, decision factors (such as price and functionality), and awareness of government incentives for adopting EHR technology.

May 2013 EHR Market Share

Lindsay Meyer

Emmes Corporation

narendra

Data Driven Healthcare Transformation ... Are You Making the Grade?

Michelle Blackmer

Was ist angesagt? (15)

Unisys Security Insights Infographic: Netherlands

Risks of Open Payments and Medicare Part D Data

The Use of EDC in Canadian Clinical Trials

Minding the Gap: Path Innovation, Collaboration and Quality

OHMC 201509 lin

Consumer centric healthcare workshop

The challenge of ensuring secure clinics and hospitals for patients and staff

Protecting Healthcare Data from Hackers

Emmes

Managing The Risk of Open Payments - Validate Spend Report Before CMS Submission

Challenges of Implementing Health IT

[Infographic] Healthcare Cyber Security: Threat Prognosis

May 2013 EHR Market Share

Emmes Corporation

Data Driven Healthcare Transformation ... Are You Making the Grade?

Ähnlich wie The Security of Electronic Health Information Survey

The potential benefits of mobile medical technology and telemedicine are enormous, from better quality of life to saving lives, not to mention controlling healthcare costs. Yet keeping data safe when it is beyond the confines of hospitals and clinics is a serious challenge, one that cannot be met merely through regulatory compliance. In these slides I show why HIPAA compliant is not the same as being secure, and why protecting health data on mobile devices is a such a big security challenge.

The mobile health IT security challenge: way bigger than HIPAA?

Stephen Cobb

Taking the Physician's Pulse on Cybersecurity

accenture

Systems Adminstrator As your systems administrator person I am responsible for the upkeep, configuration, and reliable operation of computer systems; especially multi-user computers, such as servers. The system administrator seeks to ensure that the uptime, performance, resources, and security of the computers he or she manages meet the needs of the users, without exceeding the budget. To meet these needs, a system administrator may acquire, install, or upgrade computer components and software; provide routine automation; maintain security policies; troubleshoot; train or supervise staff; or offer technical support for projects. Infrustructure of IT Infrastructure components Data center infrastructure often includes the power, cooling and building elements necessary to support data center hardware. The data center hardware infrastructure usually involves servers; storage subsystems; networking devices, like switches, routers and physical cabling; and dedicated network appliances, such as network firewalls. A data center infrastructure also requires careful consideration of IT in frastructure security. This can include physical security for the building, such as electronic key entry, But in this case Infrustucture management an IT infrastructure must provide a suitable platform for all the necessary IT applications and functions an organization or individual requires. This means the design and implementation of any IT infrastructure must also support efficient infrastructure management. The healthcare industry is going through tremendous change due to the automation of patient care, causing huge impacts on IT organizations. The entire system managing the interaction between healthcare professionals and patients is dramatically evolving, and will completely impact the way a hospital does business. Mobility continues to trend upward in healthcare, as doctors make use of tablet devices at the bedside to access Computerized Physician Order Entry systems (CPOE). These orders are communicated over thenetwork to the medical staff in other departments, such as radiology, giving them treatment instructions on a specific patient. After these large images are captured, they are stored and made available for analysis by the physician, even at the bedside. Ssecurity Breaches will affect these departments : Human Resources Finance Accunts payable Billing Schedule The Healthcare Organization as a System Good leadership is important for the success of any organization. In a healthcare organization, good leadership is more than just important—it is absolutely critical to the organization’s success. Why is it so critical—but also challenging—in healthcare organizations? Breach in information Why Should Good Leaders Be Concerned? A recent Phonemon Institute survey reveals that, “for the first time, criminal attacks are the number-one root cause of healthcare data breaches.”5 “Cyber criminals recognize two critical facts abou ...

Systems AdminstratorAs your systems administrator person I am.docx

ssuserf9c51d

Hitech for HIPAA

dkarpinsky

Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...

mosmedicalreview

The state of privacy and data security compliance

FindWhitePapers

As hospitals and health care systems continue to expand their digital collection and capabilities, surveys show that their security measures lag behind those of other industries. Hospitals’ weaknesses include their failure to assess the security of staffers’ mobile devices and of medical monitoring equipment that store patient identifiers as well as medical information. Physician groups represent another vulnerability because they often fail to do any security risk analysis. This session will examine best practices that providers can implement to help keep data safe and hackers at bay.

Safeguarding Patient Privacy in a Digital Age (Brian Kalis)

U.S. News Healthcare of Tomorrow

“Your Web Site is Their First Impression”

Michele Affronte

WE BUILD CORE HANDS-ON ON INFORMATION SECURITY SKILLS FOR ALL LEVELS AND DEPARTMENTS- It has already been two years since hackers shifted their main focus from BFSI sector to healthcare industry aggressively targeting hospitals all over the world, while U.S. is experiencing the most severe threat. How we can help you with HIPPA security and privacy concerns. DO YOU NEED TO INVEST IN INFORMATION SECURITY TRAINING, CONSULTING AND ADVISORY?

Cyber Risk in Healthcare Industry- Are you Protected?

Mark Merrill

“Your Web Site is Their First Impression” Handout

Michele Affronte

Towards predictive medicine

The Economist Media Businesses

Healthcare organizations are awash with data. However, electronic health records (EHRs) and digital clinical systems in many healthcare organizations have been deployed without strategic data and IT infrastructure security planning. As a result, chief information security officers (CISOs) frequently have limited authority, sparse staffing and tight budgets. Data security spending in healthcare lags behind other top cybercrime targets such as financial services, according to new research by HIMSS Analytics on behalf of Symantec Corporation.

Addressing Cybersecurity Strategically

Symantec

Healthcare Cybersecurity Whitepaper FINAL

Steve Knapp

Running head: Information security threats 1 Information security threats 7 Information security threats Khaleem Pasha Mohammad Campbellsville University Introduction The development of technology has been greatly embraced in hospitals, saved innumerable lives, and improved the quality of care provision. Not exclusively has technology changed patients knowledgeable and of their families but further consideration has had a significant impact on the strategy and practices of practitioners. One in every five of the areas that have greatly embraced technology is care data. Technology has helped inside the treatment of care records through the introduction of electronic health records, that's exchange paper records. With the availability of electronic care record (EHR) systems, a nurse can merely check for patients’ allergies, case history, weight, age, and prescription through the press of a button. However, the most quantity as institutions are clasp technology to stay up their health records, there are series of risks associated with these technologies. Since the start of technology inside the upkeep of care records, the care trade has been a primary target for cyber crimes. The motives behind cyber-attacks on care are clear as insurance firms, hospitals, care clinics, and totally different care suppliers keep health records that contain valuable information. The use of America Department of Health and Human Services for Civil Rights has acknowledged that over 100 million people square measure suffering from care data security breach. Gregorian calendar month 2015 was a foul month for electronic data jointly of the most important hacks on health care records on Anthem Blue Cross resulting in over seventy-eight million patients’ health data was taken. The cyber-attack scarf sensitive data that contained social securities, names, and residential addresses of people. Constant year, Premera Blue Cross reported that a cyber-attack has exposed medical information of over eleven million customers. Back in 2011, over 4.9 million health records were taken electronically from Science Application International Corporation. These are few cases of a care data breach with sensitive data falling into the hands of third parties. In guaranteeing that there are privacy and security in care records, bureau insurance mobility and responsibility (HIPPA) is providing legislation that hospital and totally different institutions that handle patient’s data to adopt in guaranteeing that varied security measures are enforced in protecting data. HIPPA and Security Compliance As much as institutions are clasp technology in storing care data, it is vital for institutions like HIPPA to regulate these bodies to substantiate that shopper rights are protected. The HIPAA Security Rule provides that electronic records of patients got to be protected in any respect times from any unauthorized access nonetheless the information being at rest or in transit.

Running head Information security threats 1Information secur.docx

wlynn1

Watson Health a Population Health Platform

Health Informatics New Zealand

Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH

Novell

Healthcare Nous InfoSystem

Ujjwal Anand

Cybersecurity Challenges in Healthcare

Doug Copley

Nur3563 group project sol1 2

JLANurse

Information Governance in the Healthcare Industry

Amber Guy

Ähnlich wie The Security of Electronic Health Information Survey (20)

The mobile health IT security challenge: way bigger than HIPAA?

Taking the Physician's Pulse on Cybersecurity

Systems AdminstratorAs your systems administrator person I am.docx

Hitech for HIPAA

Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...

The state of privacy and data security compliance

Safeguarding Patient Privacy in a Digital Age (Brian Kalis)

“Your Web Site is Their First Impression”

Cyber Risk in Healthcare Industry- Are you Protected?

“Your Web Site is Their First Impression” Handout

Towards predictive medicine

Addressing Cybersecurity Strategically

Healthcare Cybersecurity Whitepaper FINAL

Running head Information security threats 1Information secur.docx

Watson Health a Population Health Platform

Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH

Healthcare Nous InfoSystem

Cybersecurity Challenges in Healthcare

Nur3563 group project sol1 2

Information Governance in the Healthcare Industry

Kürzlich hochgeladen

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Histor y of HAM Radio presentation slide

vu2urc

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Kürzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)

Finology Group – Insurtech Innovation Award 2024

Artificial Intelligence: Facts and Myths

Histor y of HAM Radio presentation slide

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Boost Fertility New Invention Ups Success Rates.pdf

Driving Behavioral Change for Information Management through Data-Driven Gree...

Strategies for Landing an Oracle DBA Job as a Fresher

Partners Life - Insurer Innovation Award 2024

Automating Google Workspace (GWS) & more with Apps Script

Scaling API-first – The story of a global engineering organization

Exploring the Future Potential of AI-Enabled Smartphone Processors

Axa Assurance Maroc - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Apidays New York 2024 - The value of a flexible API Management solution for O...

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

A Domino Admins Adventures (Engage 2024)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

🐬 The future of MySQL is Postgres 🐘

How to Troubleshoot Apps for the Modern Connected Worker

The Security of Electronic Health Information Survey

1. Page 1 The Security of Electronic Health Information Survey

2. Security of Electronic Health Information Sponsored by LogLogic Presented by Dr. Larry Ponemon Webinar: September 30, 2009

3. About the study • The purpose of the study is to determine from IT security practitioners in healthcare organizations how secure they believe electronic patient health records are – especially those records stored in databases.

4. The survey addressed the following topics • The adequacy of the organization’s approach to the security of health information. • Senior management’s views about the importance of securing health information. • How electronic health information is used by the organization. • The database applications that cause the most risk to health information and the difficulty in securing health information in databases. • Steps taken to secure health information in databases and their effectiveness. • The impact of compliance on the security of electronic health information.

5. How is the above electronic health information used by your organization? The top five uses 67% 60% 58% 54% 53% 0% 10% 20% 30% 40% 50% 60% 70% 80% Billing & payments Insurance verification Marketing & communications Patient relations Patient care (clinical)

6. What kinds of database applications cause the most risk to electronic health information? 1.9 2.5 1.6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 Administrative applications such as patient scheduling systems Business applications such as billing and insurance processing Clinical applications such as physician notes, prescriptions or diagnostic reports Each bar represents the average ranking where 3 = highest risk and 1 = lowest risk.

7. How would you rate the effectiveness of the above mentioned data security measures you have in-place for securing electronic health information in databases? 19% 24% 25% 24% 9% 0% 5% 10% 15% 20% 25% 30% Very effective Effective Somew hat effective Not effective Unsure

8. How many of the above data breaches experienced by your organization involved electronic health information stored in a database? 33% 19% 16% 10% 8% 5% 9% 0% 5% 10% 15% 20% 25% 30% 35% More than 90% 75% to 90% 50% and 74% 25% and 49% 10 and 24% Less than 10% None

9. If your organization had a data breach involving the loss or theft of patient health information (say 1,000 or more records), what would this incident cost your company on a per lost record basis? 6% 9% 19% 30% 10% 3% 12% 0% 5% 10% 15% 20% 25% 30% 35% Less than $50 $50 to $100 $101 to $150 $151 to $200 $201 to $250 $251 to $300 More than $300 The extrapolated value of a data breach involving EPHI on a per compromised record basis is $211.

10. Page 10Page 10 Log & Security Management Helps … » Visibility – Broad Based Monitoring » Access to electronic healthcare records » Database activity monitoring » Creation/deletion of new user accounts » Assigning/changing access rights and privileges » Threat monitoring and incident response » Forensic analysis (immutable audit trail, electronic evidence)

11. Page 11Page 11 Log & Security Management Helps … » Control – Real-Time Prevention » Firewall and network policy (re)-configuration » Database firewall – real-time blocking of suspect transactions » Database security – virtual patch management

12. Page 12Page 12 CONNECTED HOSPITAL Employers Public Health Organizations Laboratories Pharmacies Connected Clinicians Social Services Clinics Emergency / First Responders Suppliers Government and Private Payers Home and Long-Term Care Hospitals Monitoring Allows You To “Trust But Verify”

13. Page 13Page 13 Read The Full Report! » You can view the entire webcast on demand at: http://www.loglogic.com/news/webcasts » A full copy of the report is available at: www.loglogic.com/resources/analyst-reports/ponemon- electronic-health-info-at-risk/

14. Page 14 Thank You! For more information or to schedule a demo contact us at: info@loglogic.com

Hinweis der Redaktion

I promise to try and keep it simple, while we address many important issues that will help you gain a better understanding of the risks and trends that require healthcare organizations to adopt a culture of proactive information security with real-time database security & log management throughout your IT, clinical, business, and program practices. I will explore several drivers from a legal, clinical, and business perspective that are driving the need for real-time database security & log management. I will also show how LogLogic has helped some of your peers and can help you.
Now this is from the perspective of a single hospital. Lets look at how many affiliated entities are connected. Each one of these has many security devices that share security event data in addition to devices that access and use sensitive data. On the first pass, I look at this and think “wow, the healthcare service model is really big with a lot of players.” But then I also begin to think about the risks. This connected electronic information sharing model also exposes insurers and providers to cybercrime, fraud, and accidental loss of sensitive data. We need a health information technology architecture that allows ubiquitous and secure exchange and use of health information. So as you think about how many computer devices you have and each of these entities may have, I hope you can begin to understand why I say, “Real-time data protection is a foundation for delivery of high quality care and patient safety.” We have: call centers with remote workers; office workers that take records home on flash drives and laptops; claims and field workers with mobile access device; Physicians accessing e-prescribing systems and using PDAs and laptops; nurses with wireless pagers or phones on the floor; and this is just a few examples of the day-to-day activities. All of these users are endpoints with endpoint devices that have to be connected through a secure exchange of sensitive data. And as if the day-to-day clinical and business demands were enough to manage, you are now also living through the compliance decade. Lets take a look at our next slide.

The Security of Electronic Health Information Survey

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (15)

Ähnlich wie The Security of Electronic Health Information Survey

Ähnlich wie The Security of Electronic Health Information Survey (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

The Security of Electronic Health Information Survey

Hinweis der Redaktion