SlideShare une entreprise Scribd logo

Securing Microsoft Technologies for HITECH Compliance

Marie-Michelle Strah, PhD
Marie-Michelle Strah, PhD

This document provides a summary of a presentation on securing Microsoft technologies for HITECH compliance. It discusses how Microsoft business solutions can help with healthcare information security and compliance with privacy laws like HIPAA and HITECH. It outlines challenges around managing unstructured data, compliance, security, and recruitment in healthcare. The presentation addresses privacy, data security, and how technologies like SharePoint can help with managing electronic protected health information and personally identifiable information according to healthcare regulations.

Technologie
1  sur  27
Télécharger pour lire hors ligne
Securing Microsoft Technologies for HITECH Compliance: Update 2/13/2012 Marie-Michelle Strah, PhD SharePoint Saturday Philadelphia 2/4/2012
Introductions http://ideas.appliedis.com http://lifeincapslock.com
Objectives Introduction: Why Microsoft Business Solutions for healthcare? •Context: ARRA/HITECH: INFOSEC and connected health information •Reference models: security, enterprise architecture and compliance for healthcare •Best Practices: privacy and security in Microsoft SharePoint Server 2010, Microsoft Dynamics CRM and Office365 Panel: Q&A
What keeps a CMIO up at night? Excerpted from John D. Halamka, MD Life as a Healthcare CIO Blog… • Unstructured data • Compliance • Security • Workforce recruitment http://geekdoctor.blogspot.com/2011/10/w hat-keeps-me-up-at-night-fy12-edition.html
Planning for Security and the “Black Swan”
2012 = Year of Privacy and ECM Privacy • Data (opt in/out) • PHI • PII “Black Swans” • Consumer Engagement • Business Associates
Enterprise Security Model ������ ������ ������ = (������ ∗ ������ ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
2012: From HIPAA to HITECH and “Meaningful Use” • Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936) • The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on February 17, 2009 • American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115)
Complexity: RM, ECM and eDiscovery ������ ������ ������ = (������ ∗ ������ ) do the HITECH math… Application of HIPAA Security Standards to Business Associates “Business Associates”: 42 USC §17931 • Legal • Accounting New Security Breach • Administrative Requirements • Claims Processing 42 USC §17932(j) • Data Analysis • QA Electronic Access Mandatory for • Billing Patients 42 USC 17935(e) 45 CFR §160.103 Prohibited Sale of PHI without Consumer Engagement Patient Authorization 42 USC §17935(d)
You Don’t Believe Me?: In the News Recent Cryptzone Survey Healthcare IT News Gothenburg, 19 January 2012 Sacramento, 23 November 2011 Survey finds almost half of The theft of a computer during a SharePoint users disregard the break-in in October has spurred a security within SharePoint, and $1B class action lawsuit against copy sensitive or confidential Sutter Health, according to a documents to insecure hard report published today by the drives, USB keys or even email it to Sacramento Bee. The computer a third party. contained data on more than 4 million patients. Read more: SharePoint Users Develop Insecure Habits - See also: Room for improvement FierceContentManagement on security, HIMSS survey shows
Complexity = Higher Risks and Costs
SOA: Service-Oriented Architecture “Hub” Model reduces complexity and variability while maintaining collaboration and interoperability
Challenge: connect, collaborate and compartmentalize Microsoft Connected Health Framework Business and Technical Framework (Joint Architecture) http://hce.codeplex.com/
Microsoft Business Solutions as part of a Connected Health Framework • Patient Encounters • CPG • HIPAA Direct Identifiers Clinical Workflow • EEOI • ePHI EHR Integration Intake Forms Unstructured Data • SharePoint 2010 • Dynamics CRM • Office365 R&D BPM
Microsoft Business Solutions as part of a Connected Health Framework Current example: multi-site resident treatment facility -Provider emails (nurse/contract doctors) -Word documents (patient notes) on file servers - unsecured -PDFs (scanned records/PHI) on file servers – unsecured -no encryption -no search -no IAM beyond Windows authentication -2011 EHR adoption Current example 2: ePHI data with SSN being exported as whatever file type -No control over what file type -No way to force encryption -No way to force a file save location (sharephi_encrypted_folder)
Enterprise Security Planning • PRIVACY IMPACT ASSESSMENT • 18 direct identifiers (HIPAA) • “content shielding” • Data architecture • Encryption of data at rest/data in motion • 2 factor authentication • Perimeter topologies • Segmentation and compartmentalization of PHI/PII (logical and physical) • Wireless (RFID/Bluetooth) • Business Continuity • Backup and Recovery • Mobile Device Management/BYOD World
Security Architecture – SPS2010 Business Connectivity Authorization Services Hardware UPM Authentication Permissions Data Level Endpoint Federated ID Security Security Security Classic/Claims Groups LOB Mobile Integration Remote IIS/STS ������ ������ ������ = (������ ∗ ������ )
Behavioral Factors: Security Architecture • #hcsm • User population challenges • clinicians • business associates • domain knowledge •“Prurient interest” • Mobile technologies ������ ������ ������ = (������ ∗ ������ )
“Can’t Do it Alone:” Security Ecosystem • Native ISV • Network • 20% • Governance • Data at Rest • UPM/IAM • 100% • 60% SP2010 ISV On Premise Cloud 12/14/2011 • Office365 HIPAA/EU compliance • BAA
Sample: Security Planning Checklist • Content types (PHI/PII) • ECM/OCR • Digital Rights Management (DRM) • Business Connectivity Services and Visio Services (external data sources) • Excel, lists, SQL, custom data providers • Integrated Windows with constrained Kerberos • Metadata and tagging (PHI/PII) • Blogs and wikis (PHI) • Plan permission levels and groups (least privileges) – providers and business associates • Plan site permissions • Fine-grained permissions (item-level) • Security groups (custom) • Contribute permissions
Best Practices: Preventative Model • Involve HIPAA specialists early in the planning process. (This is NOT an IT problem) • Privacy Impact Assessment: PHI, ePHI, PII (Compartmentalization and segregation) • Trust, but verify • Look to experts to help with existing implementations. (Domain expertise in healthcare and clinical workflow as well as HIPAA/HITECH privacy and security) • Use connected health framework reference model • Governance, governance, governance
Governance: Adapting the Joint Commission Continuous Process Improvement Model Plan • Technical, Physical, Administrative Safeguards Document • Joint Commission, Policies, Procedures, IT Governance Train • Clinical, Administrative and Business Associates Track • Training, Compliance, Incidents, Access…. everything Review • Flexibility, Agility, Architect for Change
• Unstructured Data – Scan – Quarantine PII – Tag • Compliance and Reporting – Enhance control of all ePHI and PII – In line with HIPAA and HITECH Act regulation © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Security – Easily set Rules and Permissions in bulk – Run scheduled reports on all SharePoint Activity – Safely archive inactive data for compliance • Workflow Management – Rearrange taxonomy to meet evolving business needs – Full fidelity backup and restoration of data – Improved performance, environment monitoring © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
References • AIS Case Study on Records Management and Compliance (SP2007): http://www.appliedis.com/pdfs/Military%20Grade%20Co mpliance%20for%20SharePoint%20WP.pdf • Good Data Means Good Government: http://gcn.com/Articles/2012/02/06/Good-metadata-and- good-government.aspx?Page=2 • 2012 Healthcare Data Trends: http://databreachinsurancequote.com/wp- content/uploads/2012/01/2012_trends_healthcare_data. pdf
Thank You! For more information… http://ideas.appliedis.com http://lifeincapslock.com

Recommandé

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 
E-discovery
E-discoveryE-discovery
E-discoveryProf. Jacques Folon (Ph.D)
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 

Recommandé

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
Digital documents & e-discovery
Digital documents & e-discovery Digital documents & e-discovery
Digital documents & e-discovery Prof. Jacques Folon (Ph.D)
 
E-discovery
E-discoveryE-discovery
E-discoveryProf. Jacques Folon (Ph.D)
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - finalOracleIDM
 
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...Adam Levithan
 
Oracle a TBIZ2011
Oracle a TBIZ2011Oracle a TBIZ2011
Oracle a TBIZ2011TechnologyBIZ
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCP®
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2Marie-Michelle Strah, PhD
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 
Big data and analytics
Big data and analytics Big data and analytics
Big data and analytics Freeform Dynamics
 
C24 Top 12 tips
C24 Top 12 tipsC24 Top 12 tips
C24 Top 12 tipsDavid Ricketts
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
Lessons in Information Governance
Lessons in Information GovernanceLessons in Information Governance
Lessons in Information GovernanceJohn Newton
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & SecurityBrian Ahier
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...Marie-Michelle Strah, PhD
 
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Marie-Michelle Strah, PhD
 

Contenu connexe

Tendances

IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference ArchitectureHannu Kasanen
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Systems, Inc.
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - finalOracleIDM
 
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...Adam Levithan
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2Marie-Michelle Strah, PhD
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinalAlan Hartman
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
Lessons in Information Governance
Lessons in Information GovernanceLessons in Information Governance
Lessons in Information GovernanceJohn Newton
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & SecurityBrian Ahier
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 

Tendances (20)

IdM Reference Architecture
IdM Reference ArchitectureIdM Reference Architecture
IdM Reference Architecture
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
 
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...
European SharePoint Community - Hybrid Dilemma: Using Infrastructure as Infor...
 
Oracle a TBIZ2011
Oracle a TBIZ2011Oracle a TBIZ2011
Oracle a TBIZ2011
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
SharePoint 2010 and Web Services: Extending Dynamics GP 2010 R2
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
 
Privacy audittalkfinal
Privacy audittalkfinalPrivacy audittalkfinal
Privacy audittalkfinal
 
Big data and analytics
Big data and analytics Big data and analytics
Big data and analytics
 
C24 Top 12 tips
C24 Top 12 tipsC24 Top 12 tips
C24 Top 12 tips
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Lessons in Information Governance
Lessons in Information GovernanceLessons in Information Governance
Lessons in Information Governance
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
 
NHIN Privacy & Security
NHIN Privacy & SecurityNHIN Privacy & Security
NHIN Privacy & Security
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 

En vedette

The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...Marie-Michelle Strah, PhD
 
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Marie-Michelle Strah, PhD
 
FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...
FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...
FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...WSPDC & FEDSPUG
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareMarie-Michelle Strah, PhD
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityMarie-Michelle Strah, PhD
 

En vedette (6)

The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
The Myth of the SharePoint Unicorn: Recruiting and Staffing SharePoint Teams ...
 
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...
 
FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...
FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...
FEDSPUG April 2014: Visual Studio 2013 for Application Lifecycle Management &...
 
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for HealthcareIt's About the Data, Stupid: Mobile Security and BYOD for Healthcare
It's About the Data, Stupid: Mobile Security and BYOD for Healthcare
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Consumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and SecurityConsumerization of IT: Mobile Infrastructure, Support and Security
Consumerization of IT: Mobile Infrastructure, Support and Security
 

Similaire à Securing Microsoft Technologies for HITECH Compliance

Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerContent Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerZia Consulting
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Edge Pereira
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...BigDataEverywhere
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarConcept Searching, Inc
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Securing and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industrySecuring and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industryDataWorks Summit
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)Danny Miller
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingAvtex
 
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...Stichting ePortfolio Support
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
 
Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...DataWorks Summit
 
KASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data VirtualizationKASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data VirtualizationDenodo
 
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthConnecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthProlifics
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieNCCOMMS
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 

Similaire à Securing Microsoft Technologies for HITECH Compliance (20)

Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) AnswerContent Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
Content Chaos: Why SharePoint and Office 365 Aren't the (only) Answer
 
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
 
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
Big Data Everywhere Chicago: The Big Data Imperative -- Discovering & Protect...
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
IAM
IAMIAM
IAM
 
Securing and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industrySecuring and governing a multi-tenant data lake within the financial industry
Securing and governing a multi-tenant data lake within the financial industry
 
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
 
TechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile ComputingTechFuse 2012: Cloud and Mobile Computing
TechFuse 2012: Cloud and Mobile Computing
 
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
10052012 luc vervenne synergetics van syntax portfolio naar semantische uitwi...
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...Balancing data democratization with comprehensive information governance: bui...
Balancing data democratization with comprehensive information governance: bui...
 
KASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data VirtualizationKASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
KASHTECH AND DENODO: ROI and Economic Value of Data Virtualization
 
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved HealthConnecting the Healthcare Ecosystem - An Architecture for Improved Health
Connecting the Healthcare Ecosystem - An Architecture for Improved Health
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Spca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackieSpca2014 navigating clouds sp_con14_mackie
Spca2014 navigating clouds sp_con14_mackie
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 

Plus de Marie-Michelle Strah, PhD

Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Marie-Michelle Strah, PhD
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Marie-Michelle Strah, PhD
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Marie-Michelle Strah, PhD
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointMarie-Michelle Strah, PhD
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandMarie-Michelle Strah, PhD
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Marie-Michelle Strah, PhD
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Marie-Michelle Strah, PhD
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesMarie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateMarie-Michelle Strah, PhD
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Marie-Michelle Strah, PhD
 

Plus de Marie-Michelle Strah, PhD (11)

Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
Enterprise Architecture Planning: 3 Things You Need to Know About SharePoint ...
 
Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011Relational Productivity Applications: SharePoint 2010 and CRM 2011
Relational Productivity Applications: SharePoint 2010 and CRM 2011
 
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
Microsoft Convergence DayOne: Leveraging SharePoint within Your Dynamics GP W...
 
Best Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePointBest Practices in Supply Chain Management: SharePoint
Best Practices in Supply Chain Management: SharePoint
 
Best Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical CommandBest Practices in SharePoint for Healthcare: US Army Medical Command
Best Practices in SharePoint for Healthcare: US Army Medical Command
 
Case Study for a SharePoint SDLC
Case Study for a SharePoint SDLCCase Study for a SharePoint SDLC
Case Study for a SharePoint SDLC
 
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...Microsoft Technologies and Work Management Success and Women in SharePoint: D...
Microsoft Technologies and Work Management Success and Women in SharePoint: D...
 
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...Change Management and User Adoption in Hierarchical Organizations: SharePoint...
Change Management and User Adoption in Hierarchical Organizations: SharePoint...
 
Business Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare OutcomesBusiness Process Re-Engineering and Improved Healthcare Outcomes
Business Process Re-Engineering and Improved Healthcare Outcomes
 
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 UpdateTricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
Tricky Fit: Knowledge Management and the DoD (Healthcare) - May 2010 Update
 
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)Tricky Fit: Knowledge Management and SharePoint (Healthcare)
Tricky Fit: Knowledge Management and SharePoint (Healthcare)
 

Dernier

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Dernier (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Securing Microsoft Technologies for HITECH Compliance

  • 1. Securing Microsoft Technologies for HITECH Compliance: Update 2/13/2012 Marie-Michelle Strah, PhD SharePoint Saturday Philadelphia 2/4/2012
  • 2. Introductions http://ideas.appliedis.com http://lifeincapslock.com
  • 3. Objectives Introduction: Why Microsoft Business Solutions for healthcare? •Context: ARRA/HITECH: INFOSEC and connected health information •Reference models: security, enterprise architecture and compliance for healthcare •Best Practices: privacy and security in Microsoft SharePoint Server 2010, Microsoft Dynamics CRM and Office365 Panel: Q&A
  • 4. What keeps a CMIO up at night? Excerpted from John D. Halamka, MD Life as a Healthcare CIO Blog… • Unstructured data • Compliance • Security • Workforce recruitment http://geekdoctor.blogspot.com/2011/10/w hat-keeps-me-up-at-night-fy12-edition.html
  • 5. Planning for Security and the “Black Swan”
  • 6. 2012 = Year of Privacy and ECM Privacy • Data (opt in/out) • PHI • PII “Black Swans” • Consumer Engagement • Business Associates
  • 7. Enterprise Security Model ������ ������ ������ = (������ ∗ ������ ) Information Security (Collaborative Model) Equals People (all actors and agents) Times Architecture (technical, physical and administrative)
  • 8. 2012: From HIPAA to HITECH and “Meaningful Use” • Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub L 104–191, 110 Stat 1936) • The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted on February 17, 2009 • American Recovery and Reinvestment Act of 2009 (ARRA) (Pub L 111-5, 123 Stat 115)
  • 9. Complexity: RM, ECM and eDiscovery ������ ������ ������ = (������ ∗ ������ ) do the HITECH math… Application of HIPAA Security Standards to Business Associates “Business Associates”: 42 USC §17931 • Legal • Accounting New Security Breach • Administrative Requirements • Claims Processing 42 USC §17932(j) • Data Analysis • QA Electronic Access Mandatory for • Billing Patients 42 USC 17935(e) 45 CFR §160.103 Prohibited Sale of PHI without Consumer Engagement Patient Authorization 42 USC §17935(d)
  • 10. You Don’t Believe Me?: In the News Recent Cryptzone Survey Healthcare IT News Gothenburg, 19 January 2012 Sacramento, 23 November 2011 Survey finds almost half of The theft of a computer during a SharePoint users disregard the break-in in October has spurred a security within SharePoint, and $1B class action lawsuit against copy sensitive or confidential Sutter Health, according to a documents to insecure hard report published today by the drives, USB keys or even email it to Sacramento Bee. The computer a third party. contained data on more than 4 million patients. Read more: SharePoint Users Develop Insecure Habits - See also: Room for improvement FierceContentManagement on security, HIMSS survey shows
  • 11. Complexity = Higher Risks and Costs
  • 12. SOA: Service-Oriented Architecture “Hub” Model reduces complexity and variability while maintaining collaboration and interoperability
  • 13. Challenge: connect, collaborate and compartmentalize Microsoft Connected Health Framework Business and Technical Framework (Joint Architecture) http://hce.codeplex.com/
  • 14. Microsoft Business Solutions as part of a Connected Health Framework • Patient Encounters • CPG • HIPAA Direct Identifiers Clinical Workflow • EEOI • ePHI EHR Integration Intake Forms Unstructured Data • SharePoint 2010 • Dynamics CRM • Office365 R&D BPM
  • 15. Microsoft Business Solutions as part of a Connected Health Framework Current example: multi-site resident treatment facility -Provider emails (nurse/contract doctors) -Word documents (patient notes) on file servers - unsecured -PDFs (scanned records/PHI) on file servers – unsecured -no encryption -no search -no IAM beyond Windows authentication -2011 EHR adoption Current example 2: ePHI data with SSN being exported as whatever file type -No control over what file type -No way to force encryption -No way to force a file save location (sharephi_encrypted_folder)
  • 16. Enterprise Security Planning • PRIVACY IMPACT ASSESSMENT • 18 direct identifiers (HIPAA) • “content shielding” • Data architecture • Encryption of data at rest/data in motion • 2 factor authentication • Perimeter topologies • Segmentation and compartmentalization of PHI/PII (logical and physical) • Wireless (RFID/Bluetooth) • Business Continuity • Backup and Recovery • Mobile Device Management/BYOD World
  • 17. Security Architecture – SPS2010 Business Connectivity Authorization Services Hardware UPM Authentication Permissions Data Level Endpoint Federated ID Security Security Security Classic/Claims Groups LOB Mobile Integration Remote IIS/STS ������ ������ ������ = (������ ∗ ������ )
  • 18. Behavioral Factors: Security Architecture • #hcsm • User population challenges • clinicians • business associates • domain knowledge •“Prurient interest” • Mobile technologies ������ ������ ������ = (������ ∗ ������ )
  • 19. “Can’t Do it Alone:” Security Ecosystem • Native ISV • Network • 20% • Governance • Data at Rest • UPM/IAM • 100% • 60% SP2010 ISV On Premise Cloud 12/14/2011 • Office365 HIPAA/EU compliance • BAA
  • 20. Sample: Security Planning Checklist • Content types (PHI/PII) • ECM/OCR • Digital Rights Management (DRM) • Business Connectivity Services and Visio Services (external data sources) • Excel, lists, SQL, custom data providers • Integrated Windows with constrained Kerberos • Metadata and tagging (PHI/PII) • Blogs and wikis (PHI) • Plan permission levels and groups (least privileges) – providers and business associates • Plan site permissions • Fine-grained permissions (item-level) • Security groups (custom) • Contribute permissions
  • 21. Best Practices: Preventative Model • Involve HIPAA specialists early in the planning process. (This is NOT an IT problem) • Privacy Impact Assessment: PHI, ePHI, PII (Compartmentalization and segregation) • Trust, but verify • Look to experts to help with existing implementations. (Domain expertise in healthcare and clinical workflow as well as HIPAA/HITECH privacy and security) • Use connected health framework reference model • Governance, governance, governance
  • 22. Governance: Adapting the Joint Commission Continuous Process Improvement Model Plan • Technical, Physical, Administrative Safeguards Document • Joint Commission, Policies, Procedures, IT Governance Train • Clinical, Administrative and Business Associates Track • Training, Compliance, Incidents, Access…. everything Review • Flexibility, Agility, Architect for Change
  • 23.
  • 24. • Unstructured Data – Scan – Quarantine PII – Tag • Compliance and Reporting – Enhance control of all ePHI and PII – In line with HIPAA and HITECH Act regulation © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
  • 25. • Security – Easily set Rules and Permissions in bulk – Run scheduled reports on all SharePoint Activity – Safely archive inactive data for compliance • Workflow Management – Rearrange taxonomy to meet evolving business needs – Full fidelity backup and restoration of data – Improved performance, environment monitoring © 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
  • 26. References • AIS Case Study on Records Management and Compliance (SP2007): http://www.appliedis.com/pdfs/Military%20Grade%20Co mpliance%20for%20SharePoint%20WP.pdf • Good Data Means Good Government: http://gcn.com/Articles/2012/02/06/Good-metadata-and- good-government.aspx?Page=2 • 2012 Healthcare Data Trends: http://databreachinsurancequote.com/wp- content/uploads/2012/01/2012_trends_healthcare_data. pdf
  • 27. Thank You! For more information… http://ideas.appliedis.com http://lifeincapslock.com