SlideShare une entreprise Scribd logo

Ensuring Security and Privacy in the HIE Market - Redspin Information Security

Redspin, Inc.
Redspin, Inc.

Ensuring Security and Privacy in the Rapidly Growing Healthcare Information Exchange Market

Technologie
1  sur  4
Télécharger pour lire hors ligne
Industry Brief Ensuring Security and Privacy in the Rapidly Growing Healthcare Information Exchange Market Recently, the first major distribution of HITECH Act Healthcare Information Exchange Background funds occurred when the Department of Health and Human Services (HHS) awarded over $547 The fundamental forces behind the adoption of million to states and territories for the establishment HIEs are pressures for modernization, improved of public Health Information Exchanges (HIEs). effectiveness of business processes, and increased These exchanges are intended to provide the management efficiencies. Most healthcare providers technology and infrastructure to support electronic in the United States still rely on paper records to sharing of data among hospitals, physicians, maintain, store, and share patient’s information. This clinical laboratories, pharmacies, health plans results in slow and cumbersome communications, (insurers), and public health departments. The often contributes to improper treatment, and lacks adoption of HIEs offers benefits to both providers the capability to secure information at many points and patients resulting from the electronic sharing in the system. HIEs address these deficiencies by The adoption of HIEs of health information such as improved quality of facilitating the sharing of electronic health information care, increased patient safety, reduced cost and by delivering services and technology that allow offers benefits to both increased efficiency of administrative functions. providers to request and receive information about However, HIEs may also increase the potential for providers and patients patients from other providers. A simplified model of misuse of data and they provide a high value target an HIE is shown in Figure 1. resulting from the for cyber crime organizations. This brief explores best practices for ensuring security and privacy electronic sharing of within HIE deployments and considers both the health information such business and technology driven forces shaping this emerging market. as improved quality of care, increased patient safety, reduced cost, and increased efficiency of administrative functions. Laboratories Physician’s Office Healthcare Information Exchange Public Health Dept. Hospital Physician’s Office Public Health Dept. Redspin, Inc. 800-721-9177 Figure 1. Simplified View of a Healthcare Information Exchange www.redspin.com Page 1
While HIEs have been getting significant attention lately because of the infusion of government money, Qual Rptg efforts to establish organizations that enable the Imaging EMR-b EMR-a App-n sharing of electronic healthcare information began One of the major in the early 1990s. These organizations, called Community Health Information Networks, evolved challenges to overcoming into Regional Health Information Organizations in the early 2000s. In 2009, according to the API driving HIE success, is eHealth Initiative (ref.1), there are 57 HIEs in a associated with ensuring fully operational state and nearly 100 others not HIE Cloud yet operational but readying market engagement “Platform as a Service” security and privacy, plans. 2010 represents a crucial year for HIEs as well as efficiently as states form and deploy their strategic and Figure 2. HIE Cloud Platform operational plans, and product vendors as well as demonstrating compliance service providers position themselves to tap into the with HIPAA and HITECH funding. Act requirements. Emerging HIE Deployment Models The platform as a service model can be very powerful in the HIE environment because security One of the major challenges to overcoming driving and privacy services can be leveraged by the HIE success, is associated with ensuring security applications as well as the providers and consumers and privacy, as well as efficiently demonstrating of the information. However, for rapid deployment compliance with HIPAA and HITECH Act and efficient ongoing operations, it is critical the requirements. With user requirements ranging providers of healthcare cloud services communicate from large hospitals to small physician’s offices, security, privacy, and compliance practices and answers to basic questions such as appropriate procedures to customers in a transparent fashion. technical protection mechanisms, and access The hospitals, laboratories, and physician practices controls present significant challenges (ref.2,3). To that form the customer base of the HIE need to be a certain extent, forming the appropriate answers to able to understand this information and ensure their questions of security and privacy requires definition security, privacy, and compliance needs are met. of the compute and storage model that will be most The following sections explore various domains of prevalent in the environment. In many respects, the governance and operation that are relevant in HIE leading model that is emerging in the HIE market deployments and provide guidance for optimizing is that of a cloud services based platform. In this security and privacy both for platform providers as model the cloud service provider is responsible for well as end customers. providing highly scalable services, authorization, access control, audit logging, and data protection. HIE Privacy and Security Considerations Many vendors such as Axolotl, Covisint, IBM, Microsoft HealthVault/Amalga, and Medicity have announced offerings in some form. These have The following sections form an outline for driving included API’s that allow specialized applications optimization of security, privacy, and compliance to be developed rapidly while taking advantage of management processes and practices for HIE the core infrastructure services. Example applications platform providers, operators, and customers. These range from clinical decision support to meaningful considerations have been derived from general use reporting. An illustration of this framework is purpose work done by the Cloud Security Alliance shown in Figure 2. and the Open Group (ref.4,5) that covers security in cloud services environments in forms ranging from Infrastructure as a Service (IaaS) to Software as a Service (SaaS). Redspin, Inc. 800-721-9177 www.redspin.com 1. eHealth Initiative; Migrating Toward Meaningful Use: The State of Health Information Exchange; August 2009 2. New England Journal of Medicine; The Use of Electronic Healthcare Records in U.S. Hospitals; April 2009 3. U.S. General Accounting Office; Electronic Personal Health Information Exchange – Healthcare Entities’ Reported Disclosure Practices and Effects on Quality of Care; February 2010 4. Cloud Security Alliance; Security Guidance for Critical Areas of Focus in Cloud Computing v2.1; December 2009 Page 2 5. The Open Group; Jericho Forum Cloud Computing Self-Assessment; March 2010
Operational Considerations to ensure compliance as well as enabling customers to leverage their existing identity stores. Virtualization Virtual machine technology is a key enabler of Incident Response efficient cloud services. Operators and customers Platform providers need The same principles that make cloud services need to be concerned about the practices for deployments economically efficient can add to build in security compartmentalizing and hardening VM systems. Platform providers need to be able to communicate confusion and complexity in the case of a data processes that facilitate their security processes surrounding these systems. breach or general security incident. It is critical for Particular attention must be placed on the security customers to insist upon a prearranged plan and effective and efficient understand the communications mechanisms with controls used to protect administrative interfaces operation of a Security exposed to operators and customers. the operator’s incident response team. Platform providers need to build in security processes Operations Center (SOC). that facilitate effective and efficient operation Encryption and Key Management of a Security Operations Center (SOC). This This should include a Strong encryption is one of the core mechanisms should include a security information and event security information for protecting sensitive healthcare data. Although management (SIEM) system that consolidates data encryption itself does not prevent data loss, safe sources such as application logs, firewall logs and and event management harbor provisions associated with state laws network monitoring systems into a common analysis (SIEM) system that and HIPAA regulations treat encrypted data as and alerting center. acceptable loss. Customers and operators need consolidates data sources to understand the provisions for encrypting data Business Continuity and Disaster Recovery such as application logs, at rest, data in transit, and data stored on backup The rapid pace of change and in some cases media. Platform providers need to articulate their the lack of transparency associated with cloud firewall logs and network encryption programs and methods associated with computing, requires that customers closely examine monitoring systems into key management. Important areas to understand and continuously monitor the business continuity with respect to key management include protection and disaster recovery capabilities built in by cloud a common analysis and mechanisms for key stores, access procedures to platform providers and implemented by operators. key stores, and key backup/recovery processes. Customers need to ensure that recovery time alerting center. objectives are well defined in contractual documents Application Security and that operational capabilities can satisfy these As the application layer provides the most prevalent requirements. avenue of attack for cyber criminals and hackers, Governance Considerations particular attention must be paid to this area. Applications require design, testing, and change Governance management rigor similar to business critical Effective information security governance calls applications typically residing in a classic DMZ. In for collaboration among customers, operators, an HIE, platform providers are delivering their own and cloud platform providers. Programs must be applications as well as providing system services, structured to scale with business requirements, API’s, and libraries. Platform providers should also provide measurability, sustainability, and continuous ensure consistent usage of application management improvement as well as cost effectiveness on an utilities and coupling to external services. ongoing basis. Customer organizations should include a review of information security governance Identity and Access Management and processes as part of their due diligence in Effective management of identity and access control assessing operational organizations. The review is one of the most significant challenges in the should also include specific security controls that healthcare IT sector and presents multiple compliance support management processes. issues. Platform providers, operators, and customers need to understand several major areas including Risk Management provisioning, authentication, authorization, Given the lack of control over infrastructure and federation, and user profile management. As facilities in cloud services deployments, service an example, coordination across stakeholders level agreements, business associate agreements, groups is essential to provide a consistent single and contractual obligations, and platform sign-on authentication across applications from documentation play a larger role than with multiple sources. Platform providers need to clearly traditional on premise healthcare IT systems. A well Redspin, Inc. communicate their security processes in these areas 800-721-9177 www.redspin.com Page 3
structured risk management approach must include Information Management identification and valuation of assets, ongoing The value of an HIE is dependent upon effective analysis of threats and vulnerabilities coupled with information management across the lifecycle from their potential impact on the assets, analysis of the creation to destruction. Customers, operators, and likelihood of scenarios, and the development of cloud platform providers all play critical roles. In the programs to manage risk (control, avoid, transfer, data creation phase, the cloud platform provider and accept). The risk management program should be application developers must work with customers to facilitated by the cloud platform provider, carried identify data labeling and classification capabilities. out by the operating organization, and reflected in To protect stored data the operators and cloud service agreements with customers. platform providers must identify appropriate access controls and encryption solutions. Data in use must Compliance and Audit be protected by application logic and object level HIE customers are subject to HIPAA and HITECH controls within DBMS systems. Archived data should Act regulations as well as other state or industry be encrypted with a key management process mandated requirements. Customers should involve consistent with other data protection mechanisms. legal and contract teams to ensure their particular Data destruction can be accomplished through compliance requirements will be met given the a variety of means ranging from disk wiping to cloud platform intended for deployment and the physical destruction. Content discovery may be used operational procedures in place. Customers should as a mechanism to confirm destruction processes. insist upon a right to audit clause in contracts given Summary the fluid nature of regulations in the healthcare The HIE market will evolve rapidly over the next industry. The cloud services provider should offer year. Effective and efficient information security a SAS 70 Type II audit statement as a minimum management is a condition for success in the requirement and point of reference for assessors. case of customers, operators, and cloud platform Since HIEs are offering mission critical services and providers. We’ve shown that maximizing the impact protecting high value data, cloud services providers of the promise of HIE systems will require close should strive for ISO/IEC 27001 certification for cooperation in the information security management information security management systems. Consider area among all parties involved and the payback a security assessment focusing on HIPAA and will come in both economic benefits as well as HITECH act compliance to facilitate the process. improved patient outcomes. About Redspin Redspin is a leading provider of Information Security Assessment solutions that utilize a top-down, risk- based approach to providing a gap analysis of companies’ infrastructures. Companies can reduce risk, improve compliance, and increase the value of their business unit and IT portfolio by relying on Redspin as their objective information security partner. By leveraging our award-winning security engineers, Redspin presents detailed and actionable recommendations that provide cost-effective mitigation measures and specific prioritized findings, enabling you to resolve your network vulnerabilities. With more than 10 years of expertise, Redspin delivers its services to companies over a wide range of industries including banks/financial services, healthcare, Fortune 1000, retailers/eCommerce, and technology providers. WHEN YOU REALLY WANT TO KNOW... CALL REDSPIN Phone 800-721-9177 Web WWW.REDSPIN.COM Email INFO@REDSPIN.COM Page 4

Recommandé

Mass HIway Implementation Grants Presentation - March 2013
Mass HIway Implementation Grants Presentation - March 2013Mass HIway Implementation Grants Presentation - March 2013
Mass HIway Implementation Grants Presentation - March 2013Think DCS
 
7.wild ga partnership for tele health 3.19.2013 savannah,(2)
7.wild ga partnership for tele health 3.19.2013 savannah,(2)7.wild ga partnership for tele health 3.19.2013 savannah,(2)
7.wild ga partnership for tele health 3.19.2013 savannah,(2)Samantha Haas
 
Healthcare Services Industry Overview
Healthcare Services Industry OverviewHealthcare Services Industry Overview
Healthcare Services Industry Overviewsteelerdave8
 
J0956064
J0956064J0956064
J0956064IOSR Journals
 
Participatory Health Waegemann M Hi091809
Participatory Health Waegemann M Hi091809Participatory Health Waegemann M Hi091809
Participatory Health Waegemann M Hi091809mHealth Initiative
 
Future Of Healthcare It August 2010
Future Of Healthcare It August 2010Future Of Healthcare It August 2010
Future Of Healthcare It August 2010Mike Wons
 
Text Msgs Hlth Dev Countries Coppock M Hi091809
Text Msgs Hlth Dev Countries Coppock M Hi091809Text Msgs Hlth Dev Countries Coppock M Hi091809
Text Msgs Hlth Dev Countries Coppock M Hi091809mHealth Initiative
 
Aetna care pass challenge webinar 8.1.12
Aetna care pass challenge webinar 8.1.12Aetna care pass challenge webinar 8.1.12
Aetna care pass challenge webinar 8.1.12health2dev
 

Recommandé

Mass HIway Implementation Grants Presentation - March 2013
Mass HIway Implementation Grants Presentation - March 2013Mass HIway Implementation Grants Presentation - March 2013
Mass HIway Implementation Grants Presentation - March 2013Think DCS
 
7.wild ga partnership for tele health 3.19.2013 savannah,(2)
7.wild ga partnership for tele health 3.19.2013 savannah,(2)7.wild ga partnership for tele health 3.19.2013 savannah,(2)
7.wild ga partnership for tele health 3.19.2013 savannah,(2)Samantha Haas
 
Healthcare Services Industry Overview
Healthcare Services Industry OverviewHealthcare Services Industry Overview
Healthcare Services Industry Overviewsteelerdave8
 
J0956064
J0956064J0956064
J0956064IOSR Journals
 
Participatory Health Waegemann M Hi091809
Participatory Health Waegemann M Hi091809Participatory Health Waegemann M Hi091809
Participatory Health Waegemann M Hi091809mHealth Initiative
 
Future Of Healthcare It August 2010
Future Of Healthcare It August 2010Future Of Healthcare It August 2010
Future Of Healthcare It August 2010Mike Wons
 
Text Msgs Hlth Dev Countries Coppock M Hi091809
Text Msgs Hlth Dev Countries Coppock M Hi091809Text Msgs Hlth Dev Countries Coppock M Hi091809
Text Msgs Hlth Dev Countries Coppock M Hi091809mHealth Initiative
 
Aetna care pass challenge webinar 8.1.12
Aetna care pass challenge webinar 8.1.12Aetna care pass challenge webinar 8.1.12
Aetna care pass challenge webinar 8.1.12health2dev
 
mHealth Application Clusters
mHealth Application ClustersmHealth Application Clusters
mHealth Application ClustersmHealth Initiative
 
Enterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperEnterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperBart de Witte
 
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...Apthealth
 
Top 10 canada health innovations 2011
Top 10 canada health innovations 2011Top 10 canada health innovations 2011
Top 10 canada health innovations 2011hosnah
 
Connected Care: Technology-Enabled Care at Home
Connected Care: Technology-Enabled Care at HomeConnected Care: Technology-Enabled Care at Home
Connected Care: Technology-Enabled Care at Homewhatifound
 
Shaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionShaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionCareer Communications Group
 
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...Microsoft Private Cloud
 
The Patient Centered Medical Home
The Patient Centered Medical HomeThe Patient Centered Medical Home
The Patient Centered Medical HomePhytel
 
At&t wireless ehealth
At&t wireless ehealthAt&t wireless ehealth
At&t wireless ehealthEnterprise Mobility Solutions
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentationqueeniejoy
 
Smarter planet: Healthcare
Smarter planet: HealthcareSmarter planet: Healthcare
Smarter planet: HealthcareStrategy Advisory Group
 
Healthcare Small Business
Healthcare Small BusinessHealthcare Small Business
Healthcare Small BusinessWirehead Technology
 
Secrets To Success On The Journey To Meaningful Use
Secrets To Success On The Journey To Meaningful UseSecrets To Success On The Journey To Meaningful Use
Secrets To Success On The Journey To Meaningful UseCherian & Associates
 
InTouch Health
InTouch HealthInTouch Health
InTouch Healthguest1b9504
 
Interconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years LaterInterconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years Laterprivacypros
 
A framework for secure healthcare systems based on big data analytics in mobi...
A framework for secure healthcare systems based on big data analytics in mobi...A framework for secure healthcare systems based on big data analytics in mobi...
A framework for secure healthcare systems based on big data analytics in mobi...ijasa
 
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...ponencias_mihealth2012
 
TripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthTripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthChris Hoffmann
 
Analytics-Driven Healthcare: Improving Care, Compliance and Cost
Analytics-Driven Healthcare: Improving Care, Compliance and CostAnalytics-Driven Healthcare: Improving Care, Compliance and Cost
Analytics-Driven Healthcare: Improving Care, Compliance and CostCognizant
 
Changing the paradigm in healthcare information technology
Changing the paradigm in healthcare information technology Changing the paradigm in healthcare information technology
Changing the paradigm in healthcare information technology Antony Sapbuddy
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeTrend Micro
 
Blandin broadband c stephens
Blandin broadband c stephensBlandin broadband c stephens
Blandin broadband c stephensAnn Treacy
 

Contenu connexe

Tendances

Enterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperEnterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperBart de Witte
 
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...Apthealth
 
Top 10 canada health innovations 2011
Top 10 canada health innovations 2011Top 10 canada health innovations 2011
Top 10 canada health innovations 2011hosnah
 
Connected Care: Technology-Enabled Care at Home
Connected Care: Technology-Enabled Care at HomeConnected Care: Technology-Enabled Care at Home
Connected Care: Technology-Enabled Care at Homewhatifound
 
Shaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionShaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionCareer Communications Group
 
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...Microsoft Private Cloud
 
The Patient Centered Medical Home
The Patient Centered Medical HomeThe Patient Centered Medical Home
The Patient Centered Medical HomePhytel
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentationqueeniejoy
 
Secrets To Success On The Journey To Meaningful Use
Secrets To Success On The Journey To Meaningful UseSecrets To Success On The Journey To Meaningful Use
Secrets To Success On The Journey To Meaningful UseCherian & Associates
 
Interconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years LaterInterconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years Laterprivacypros
 
A framework for secure healthcare systems based on big data analytics in mobi...
A framework for secure healthcare systems based on big data analytics in mobi...A framework for secure healthcare systems based on big data analytics in mobi...
A framework for secure healthcare systems based on big data analytics in mobi...ijasa
 
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...ponencias_mihealth2012
 
TripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthTripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthChris Hoffmann
 
Analytics-Driven Healthcare: Improving Care, Compliance and Cost
Analytics-Driven Healthcare: Improving Care, Compliance and CostAnalytics-Driven Healthcare: Improving Care, Compliance and Cost
Analytics-Driven Healthcare: Improving Care, Compliance and CostCognizant
 

Tendances (19)

mHealth Application Clusters
mHealth Application ClustersmHealth Application Clusters
mHealth Application Clusters
 
Enterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White PaperEnterprise Master Patient Index - IBM White Paper
Enterprise Master Patient Index - IBM White Paper
 
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...
AptSpend - Physicians sunshine act solution - aggregate spend solution - v3 -...
 
Top 10 canada health innovations 2011
Top 10 canada health innovations 2011Top 10 canada health innovations 2011
Top 10 canada health innovations 2011
 
Connected Care: Technology-Enabled Care at Home
Connected Care: Technology-Enabled Care at HomeConnected Care: Technology-Enabled Care at Home
Connected Care: Technology-Enabled Care at Home
 
Shaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submissionShaping a brighter future advancements in health it ccg submission
Shaping a brighter future advancements in health it ccg submission
 
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...
Microsoft Unified Communications – Role in Healthcare Service Improvement Whi...
 
The Patient Centered Medical Home
The Patient Centered Medical HomeThe Patient Centered Medical Home
The Patient Centered Medical Home
 
At&t wireless ehealth
At&t wireless ehealthAt&t wireless ehealth
At&t wireless ehealth
 
Nursing informatic'spresentation
Nursing informatic'spresentationNursing informatic'spresentation
Nursing informatic'spresentation
 
Smarter planet: Healthcare
Smarter planet: HealthcareSmarter planet: Healthcare
Smarter planet: Healthcare
 
Healthcare Small Business
Healthcare Small BusinessHealthcare Small Business
Healthcare Small Business
 
Secrets To Success On The Journey To Meaningful Use
Secrets To Success On The Journey To Meaningful UseSecrets To Success On The Journey To Meaningful Use
Secrets To Success On The Journey To Meaningful Use
 
InTouch Health
InTouch HealthInTouch Health
InTouch Health
 
Interconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years LaterInterconnected Health 2012 Hitech 3 Years Later
Interconnected Health 2012 Hitech 3 Years Later
 
A framework for secure healthcare systems based on big data analytics in mobi...
A framework for secure healthcare systems based on big data analytics in mobi...A framework for secure healthcare systems based on big data analytics in mobi...
A framework for secure healthcare systems based on big data analytics in mobi...
 
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...
Webb, Kip - Using Information Technology to achieve the triple Aim: A Global ...
 
TripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile HealthTripleTree Wireless & Mobile Health
TripleTree Wireless & Mobile Health
 
Analytics-Driven Healthcare: Improving Care, Compliance and Cost
Analytics-Driven Healthcare: Improving Care, Compliance and CostAnalytics-Driven Healthcare: Improving Care, Compliance and Cost
Analytics-Driven Healthcare: Improving Care, Compliance and Cost
 

Similaire à Ensuring Security and Privacy in the HIE Market - Redspin Information Security

Changing the paradigm in healthcare information technology
Changing the paradigm in healthcare information technology Changing the paradigm in healthcare information technology
Changing the paradigm in healthcare information technology Antony Sapbuddy
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeTrend Micro
 
Blandin broadband c stephens
Blandin broadband c stephensBlandin broadband c stephens
Blandin broadband c stephensAnn Treacy
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:Mirasolmanginyog
 
U.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to RealityU.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to RealityCognizant
 
Dell healthcare-training-it-buzzwords-presentation
Dell healthcare-training-it-buzzwords-presentationDell healthcare-training-it-buzzwords-presentation
Dell healthcare-training-it-buzzwords-presentationLiberteks
 
Telemedicine Benefits Study09 21 10a
Telemedicine Benefits Study09 21 10aTelemedicine Benefits Study09 21 10a
Telemedicine Benefits Study09 21 10aDonaldino
 
Healthcare Nous InfoSystem
Healthcare Nous InfoSystemHealthcare Nous InfoSystem
Healthcare Nous InfoSystemUjjwal Anand
 
Personalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized HealthcarePersonalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized HealthcareIBM HealthCare
 
Modern Era of Medical Field : E-HealthFull Text
Modern Era of Medical Field : E-HealthFull Text Modern Era of Medical Field : E-HealthFull Text
Modern Era of Medical Field : E-HealthFull Text ijbbjournal
 
MODERN ERA OF MEDICAL FIELD: E-HEALTH
MODERN ERA OF MEDICAL FIELD: E-HEALTHMODERN ERA OF MEDICAL FIELD: E-HEALTH
MODERN ERA OF MEDICAL FIELD: E-HEALTHijbbjournal
 
nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17gail18
 
nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)jennvargas5711
 
Hit poster
Hit posterHit poster
Hit postersherv
 
Top 10 Canada Healthcare Game Changers
Top 10 Canada Healthcare Game ChangersTop 10 Canada Healthcare Game Changers
Top 10 Canada Healthcare Game ChangersCherian & Associates
 
Leveraging ICT in Healthcare 2023.pptx
Leveraging ICT in Healthcare 2023.pptxLeveraging ICT in Healthcare 2023.pptx
Leveraging ICT in Healthcare 2023.pptxLeoSoft
 

Similaire à Ensuring Security and Privacy in the HIE Market - Redspin Information Security (20)

Changing the paradigm in healthcare information technology
Changing the paradigm in healthcare information technology Changing the paradigm in healthcare information technology
Changing the paradigm in healthcare information technology
 
Security Best Practices for Health Information Exchange
Security Best Practices for Health Information ExchangeSecurity Best Practices for Health Information Exchange
Security Best Practices for Health Information Exchange
 
Blandin broadband c stephens
Blandin broadband c stephensBlandin broadband c stephens
Blandin broadband c stephens
 
ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:ELECTRONIC HEALTH RECORD SYSTEMS:
ELECTRONIC HEALTH RECORD SYSTEMS:
 
U.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to RealityU.S. Healthcare - Converting Vision to Reality
U.S. Healthcare - Converting Vision to Reality
 
Dell healthcare-training-it-buzzwords-presentation
Dell healthcare-training-it-buzzwords-presentationDell healthcare-training-it-buzzwords-presentation
Dell healthcare-training-it-buzzwords-presentation
 
Integration and Accountability for Aged Care
Integration and Accountability for Aged CareIntegration and Accountability for Aged Care
Integration and Accountability for Aged Care
 
Telemedicine Benefits Study09 21 10a
Telemedicine Benefits Study09 21 10aTelemedicine Benefits Study09 21 10a
Telemedicine Benefits Study09 21 10a
 
Healthcare Nous InfoSystem
Healthcare Nous InfoSystemHealthcare Nous InfoSystem
Healthcare Nous InfoSystem
 
Personalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized HealthcarePersonalized Health and Care: IT-enabled Personalized Healthcare
Personalized Health and Care: IT-enabled Personalized Healthcare
 
Modern Era of Medical Field : E-HealthFull Text
Modern Era of Medical Field : E-HealthFull Text Modern Era of Medical Field : E-HealthFull Text
Modern Era of Medical Field : E-HealthFull Text
 
MODERN ERA OF MEDICAL FIELD: E-HEALTH
MODERN ERA OF MEDICAL FIELD: E-HEALTHMODERN ERA OF MEDICAL FIELD: E-HEALTH
MODERN ERA OF MEDICAL FIELD: E-HEALTH
 
nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17nursing informatics chapter 14,15,16,17
nursing informatics chapter 14,15,16,17
 
nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)nursing informatics(jennifer vargas)
nursing informatics(jennifer vargas)
 
Hit poster
Hit posterHit poster
Hit poster
 
Top 10 Canada Healthcare Game Changers
Top 10 Canada Healthcare Game ChangersTop 10 Canada Healthcare Game Changers
Top 10 Canada Healthcare Game Changers
 
State Of EHR Adoption
State Of EHR AdoptionState Of EHR Adoption
State Of EHR Adoption
 
Driving enterprise efficiency through interoperability
Driving enterprise efficiency through interoperabilityDriving enterprise efficiency through interoperability
Driving enterprise efficiency through interoperability
 
Leveraging ICT in Healthcare 2023.pptx
Leveraging ICT in Healthcare 2023.pptxLeveraging ICT in Healthcare 2023.pptx
Leveraging ICT in Healthcare 2023.pptx
 
Ibm
IbmIbm
Ibm
 

Plus de Redspin, Inc.

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateRedspin, Inc.
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedRedspin, Inc.
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Redspin, Inc.
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?Redspin, Inc.
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Redspin, Inc.
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Redspin, Inc.
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin, Inc.
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin, Inc.
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin, Inc.
 
Mobile Device Security Policy
Mobile Device Security PolicyMobile Device Security Policy
Mobile Device Security PolicyRedspin, Inc.
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security riskRedspin, Inc.
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineRedspin, Inc.
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin, Inc.
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin, Inc.
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felonyRedspin, Inc.
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationRedspin, Inc.
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Redspin, Inc.
 

Plus de Redspin, Inc. (20)

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest State
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP Template
 
Mobile Device Security Policy
Mobile Device Security PolicyMobile Device Security Policy
Mobile Device Security Policy
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the Commandline
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful Use
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach Report
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felony
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health information
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...
 

Dernier

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Dernier (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Ensuring Security and Privacy in the HIE Market - Redspin Information Security

  • 1. Industry Brief Ensuring Security and Privacy in the Rapidly Growing Healthcare Information Exchange Market Recently, the first major distribution of HITECH Act Healthcare Information Exchange Background funds occurred when the Department of Health and Human Services (HHS) awarded over $547 The fundamental forces behind the adoption of million to states and territories for the establishment HIEs are pressures for modernization, improved of public Health Information Exchanges (HIEs). effectiveness of business processes, and increased These exchanges are intended to provide the management efficiencies. Most healthcare providers technology and infrastructure to support electronic in the United States still rely on paper records to sharing of data among hospitals, physicians, maintain, store, and share patient’s information. This clinical laboratories, pharmacies, health plans results in slow and cumbersome communications, (insurers), and public health departments. The often contributes to improper treatment, and lacks adoption of HIEs offers benefits to both providers the capability to secure information at many points and patients resulting from the electronic sharing in the system. HIEs address these deficiencies by The adoption of HIEs of health information such as improved quality of facilitating the sharing of electronic health information care, increased patient safety, reduced cost and by delivering services and technology that allow offers benefits to both increased efficiency of administrative functions. providers to request and receive information about However, HIEs may also increase the potential for providers and patients patients from other providers. A simplified model of misuse of data and they provide a high value target an HIE is shown in Figure 1. resulting from the for cyber crime organizations. This brief explores best practices for ensuring security and privacy electronic sharing of within HIE deployments and considers both the health information such business and technology driven forces shaping this emerging market. as improved quality of care, increased patient safety, reduced cost, and increased efficiency of administrative functions. Laboratories Physician’s Office Healthcare Information Exchange Public Health Dept. Hospital Physician’s Office Public Health Dept. Redspin, Inc. 800-721-9177 Figure 1. Simplified View of a Healthcare Information Exchange www.redspin.com Page 1
  • 2. While HIEs have been getting significant attention lately because of the infusion of government money, Qual Rptg efforts to establish organizations that enable the Imaging EMR-b EMR-a App-n sharing of electronic healthcare information began One of the major in the early 1990s. These organizations, called Community Health Information Networks, evolved challenges to overcoming into Regional Health Information Organizations in the early 2000s. In 2009, according to the API driving HIE success, is eHealth Initiative (ref.1), there are 57 HIEs in a associated with ensuring fully operational state and nearly 100 others not HIE Cloud yet operational but readying market engagement “Platform as a Service” security and privacy, plans. 2010 represents a crucial year for HIEs as well as efficiently as states form and deploy their strategic and Figure 2. HIE Cloud Platform operational plans, and product vendors as well as demonstrating compliance service providers position themselves to tap into the with HIPAA and HITECH funding. Act requirements. Emerging HIE Deployment Models The platform as a service model can be very powerful in the HIE environment because security One of the major challenges to overcoming driving and privacy services can be leveraged by the HIE success, is associated with ensuring security applications as well as the providers and consumers and privacy, as well as efficiently demonstrating of the information. However, for rapid deployment compliance with HIPAA and HITECH Act and efficient ongoing operations, it is critical the requirements. With user requirements ranging providers of healthcare cloud services communicate from large hospitals to small physician’s offices, security, privacy, and compliance practices and answers to basic questions such as appropriate procedures to customers in a transparent fashion. technical protection mechanisms, and access The hospitals, laboratories, and physician practices controls present significant challenges (ref.2,3). To that form the customer base of the HIE need to be a certain extent, forming the appropriate answers to able to understand this information and ensure their questions of security and privacy requires definition security, privacy, and compliance needs are met. of the compute and storage model that will be most The following sections explore various domains of prevalent in the environment. In many respects, the governance and operation that are relevant in HIE leading model that is emerging in the HIE market deployments and provide guidance for optimizing is that of a cloud services based platform. In this security and privacy both for platform providers as model the cloud service provider is responsible for well as end customers. providing highly scalable services, authorization, access control, audit logging, and data protection. HIE Privacy and Security Considerations Many vendors such as Axolotl, Covisint, IBM, Microsoft HealthVault/Amalga, and Medicity have announced offerings in some form. These have The following sections form an outline for driving included API’s that allow specialized applications optimization of security, privacy, and compliance to be developed rapidly while taking advantage of management processes and practices for HIE the core infrastructure services. Example applications platform providers, operators, and customers. These range from clinical decision support to meaningful considerations have been derived from general use reporting. An illustration of this framework is purpose work done by the Cloud Security Alliance shown in Figure 2. and the Open Group (ref.4,5) that covers security in cloud services environments in forms ranging from Infrastructure as a Service (IaaS) to Software as a Service (SaaS). Redspin, Inc. 800-721-9177 www.redspin.com 1. eHealth Initiative; Migrating Toward Meaningful Use: The State of Health Information Exchange; August 2009 2. New England Journal of Medicine; The Use of Electronic Healthcare Records in U.S. Hospitals; April 2009 3. U.S. General Accounting Office; Electronic Personal Health Information Exchange – Healthcare Entities’ Reported Disclosure Practices and Effects on Quality of Care; February 2010 4. Cloud Security Alliance; Security Guidance for Critical Areas of Focus in Cloud Computing v2.1; December 2009 Page 2 5. The Open Group; Jericho Forum Cloud Computing Self-Assessment; March 2010
  • 3. Operational Considerations to ensure compliance as well as enabling customers to leverage their existing identity stores. Virtualization Virtual machine technology is a key enabler of Incident Response efficient cloud services. Operators and customers Platform providers need The same principles that make cloud services need to be concerned about the practices for deployments economically efficient can add to build in security compartmentalizing and hardening VM systems. Platform providers need to be able to communicate confusion and complexity in the case of a data processes that facilitate their security processes surrounding these systems. breach or general security incident. It is critical for Particular attention must be placed on the security customers to insist upon a prearranged plan and effective and efficient understand the communications mechanisms with controls used to protect administrative interfaces operation of a Security exposed to operators and customers. the operator’s incident response team. Platform providers need to build in security processes Operations Center (SOC). that facilitate effective and efficient operation Encryption and Key Management of a Security Operations Center (SOC). This This should include a Strong encryption is one of the core mechanisms should include a security information and event security information for protecting sensitive healthcare data. Although management (SIEM) system that consolidates data encryption itself does not prevent data loss, safe sources such as application logs, firewall logs and and event management harbor provisions associated with state laws network monitoring systems into a common analysis (SIEM) system that and HIPAA regulations treat encrypted data as and alerting center. acceptable loss. Customers and operators need consolidates data sources to understand the provisions for encrypting data Business Continuity and Disaster Recovery such as application logs, at rest, data in transit, and data stored on backup The rapid pace of change and in some cases media. Platform providers need to articulate their the lack of transparency associated with cloud firewall logs and network encryption programs and methods associated with computing, requires that customers closely examine monitoring systems into key management. Important areas to understand and continuously monitor the business continuity with respect to key management include protection and disaster recovery capabilities built in by cloud a common analysis and mechanisms for key stores, access procedures to platform providers and implemented by operators. key stores, and key backup/recovery processes. Customers need to ensure that recovery time alerting center. objectives are well defined in contractual documents Application Security and that operational capabilities can satisfy these As the application layer provides the most prevalent requirements. avenue of attack for cyber criminals and hackers, Governance Considerations particular attention must be paid to this area. Applications require design, testing, and change Governance management rigor similar to business critical Effective information security governance calls applications typically residing in a classic DMZ. In for collaboration among customers, operators, an HIE, platform providers are delivering their own and cloud platform providers. Programs must be applications as well as providing system services, structured to scale with business requirements, API’s, and libraries. Platform providers should also provide measurability, sustainability, and continuous ensure consistent usage of application management improvement as well as cost effectiveness on an utilities and coupling to external services. ongoing basis. Customer organizations should include a review of information security governance Identity and Access Management and processes as part of their due diligence in Effective management of identity and access control assessing operational organizations. The review is one of the most significant challenges in the should also include specific security controls that healthcare IT sector and presents multiple compliance support management processes. issues. Platform providers, operators, and customers need to understand several major areas including Risk Management provisioning, authentication, authorization, Given the lack of control over infrastructure and federation, and user profile management. As facilities in cloud services deployments, service an example, coordination across stakeholders level agreements, business associate agreements, groups is essential to provide a consistent single and contractual obligations, and platform sign-on authentication across applications from documentation play a larger role than with multiple sources. Platform providers need to clearly traditional on premise healthcare IT systems. A well Redspin, Inc. communicate their security processes in these areas 800-721-9177 www.redspin.com Page 3
  • 4. structured risk management approach must include Information Management identification and valuation of assets, ongoing The value of an HIE is dependent upon effective analysis of threats and vulnerabilities coupled with information management across the lifecycle from their potential impact on the assets, analysis of the creation to destruction. Customers, operators, and likelihood of scenarios, and the development of cloud platform providers all play critical roles. In the programs to manage risk (control, avoid, transfer, data creation phase, the cloud platform provider and accept). The risk management program should be application developers must work with customers to facilitated by the cloud platform provider, carried identify data labeling and classification capabilities. out by the operating organization, and reflected in To protect stored data the operators and cloud service agreements with customers. platform providers must identify appropriate access controls and encryption solutions. Data in use must Compliance and Audit be protected by application logic and object level HIE customers are subject to HIPAA and HITECH controls within DBMS systems. Archived data should Act regulations as well as other state or industry be encrypted with a key management process mandated requirements. Customers should involve consistent with other data protection mechanisms. legal and contract teams to ensure their particular Data destruction can be accomplished through compliance requirements will be met given the a variety of means ranging from disk wiping to cloud platform intended for deployment and the physical destruction. Content discovery may be used operational procedures in place. Customers should as a mechanism to confirm destruction processes. insist upon a right to audit clause in contracts given Summary the fluid nature of regulations in the healthcare The HIE market will evolve rapidly over the next industry. The cloud services provider should offer year. Effective and efficient information security a SAS 70 Type II audit statement as a minimum management is a condition for success in the requirement and point of reference for assessors. case of customers, operators, and cloud platform Since HIEs are offering mission critical services and providers. We’ve shown that maximizing the impact protecting high value data, cloud services providers of the promise of HIE systems will require close should strive for ISO/IEC 27001 certification for cooperation in the information security management information security management systems. Consider area among all parties involved and the payback a security assessment focusing on HIPAA and will come in both economic benefits as well as HITECH act compliance to facilitate the process. improved patient outcomes. About Redspin Redspin is a leading provider of Information Security Assessment solutions that utilize a top-down, risk- based approach to providing a gap analysis of companies’ infrastructures. Companies can reduce risk, improve compliance, and increase the value of their business unit and IT portfolio by relying on Redspin as their objective information security partner. By leveraging our award-winning security engineers, Redspin presents detailed and actionable recommendations that provide cost-effective mitigation measures and specific prioritized findings, enabling you to resolve your network vulnerabilities. With more than 10 years of expertise, Redspin delivers its services to companies over a wide range of industries including banks/financial services, healthcare, Fortune 1000, retailers/eCommerce, and technology providers. WHEN YOU REALLY WANT TO KNOW... CALL REDSPIN Phone 800-721-9177 Web WWW.REDSPIN.COM Email INFO@REDSPIN.COM Page 4