SlideShare une entreprise Scribd logo

Healthcare Cyber Security Webinar

Télécharger en tant que PPTX, PDF
H
HealthCareManagement
Santé & Médecine
1  sur  20
Healthcare Cyber Security PRESENTED BY HEALTH CARE MANAGEMENT & ARTHUR J. GALLAGHER RISK MANAGEMENT SERVICES JANUARY 23, 2013
AJG & HCM Arthur J. Gallagher Health Care Management Arthur J. Gallagher & Co., one of the Health Care Management is a cutting world's largest insurance brokerage edge medical and technology and risk management services firms, consulting firm that specializes in provides a full range of retail and improving your practices efficiencies wholesale property/casualty (P/C) and cutting costs through outsourcing brokerage and alternative risk practice management, medical billing transfer services globally, as well as and technology services with the use employee benefit brokerage, of CCHIT Certified EMR software, consulting and actuarial services. network monitoring technologies and Gallagher also offers claims and highly trained specialists. information management, risk control consulting and appraisal services to clients around the world.
Speakers Joe Dylewski Jill Jordan Joe is a twenty-five year Information Technology veteran, with ten years Jill is a National Resource for Cyber Risk & Professional Liability spent exclusively in the Healthcare Industry. In addition to holding positions for Arthur J. Gallagher Risk Management Services, Inc. with focus as an Infrastructure Project Manager and Healthcare IT Infrastructure on the Midwest Region. Jill manages and produces a diverse book Specialist responsible for Local Area Network, Wide Area Network, and of Professional Liability accounts consisting of Technology Errors Telephony Services, Joseph has also served as a Healthcare IT Services & Omissions, Cyber Risk, and Media Liability. Practices Director and Account Manager. During that time, he led and his teams executed successful high-impact/large dollar projects for Electronic Jill has over 11 years experience as an insurance broker and has Medical Record and HIPAA Compliance implementations across multiple been with the Cyber Risk Group of Arthur J Gallagher for the last Healthcare Providers and Payers in Michigan. He leveraged that experience five and a half years. Jill began her career with Arthur J Gallagher to develop a cost-effective, time-efficient, and repeatable model to assist in in the Houston, TX office working on property and casualty middle the assessment and remediation of HIPAA compliance for Covered Entities market and risk management accounts with a focus on the Energy and Business Associates of all sizes. Industry. Joseph earned his Bachelor’s of Business Administration in Information Jill earned her BA in general studies from Louisiana State Technology and his Masters Degree in Mathematics from Eastern Michigan University. She is also a member of the Professional Liability University. He also holds the following certifications: Certified HIPPA Underwriters Society (PLUS) Professional, HIPAA Certified Security Specialist, and Information Technology Infrastructure Library Foundation. Joe is an Assistant Professor at Madonna University, is frequently invited as a subject matter expert in speaking engagements, and is viewed as a national thought leader in Physician Practice and Business Associate HIPAA compliance.
Environment HIPAA 101 • HIPAA – Health Insurance Portability and Accountability Act of 1996 • Insurance Portability • Fraud Prevention • Administrative Simplification • Privacy of Protected Health Information (PHI) • Security of Protected Health Information
HIPAA – Title II HIPAA Title II Administrative Simplification Electronic Data Interchange Security Rule Privacy Rule (Transaction and Code Sets) Administrative Physical Technical Safeguards Safeguards Safeguards
Security Rule  The HIPAA Security Rule focuses on the  Confidentiality  Integrity  Availability ...of Protected Health information
Where is the PHI? EMR Health Information Exchange Private Cloud / (HIE) Data Center DR Site Insurance Company IT Services Lab Document Destruction Physician Practice Health System © 2012 Health Care Management
The HITECH Act  HITECH - The Health Information Technology for Economic Recovery and Reinvestment Act of 2009  Began in 2004 with Bush Administration vision for Electronic Health Records by 2014  Signed into law February 17, 2009 as a portion of ARRA  Appropriated $44,000 to $63,000 to be provided as individual reimbursement to physicians who adopt and ―meaningfully use‖ Electronic Medical Records • The disbursement schedule for ARRA funds began in 2011 and is staggered across five years
HIPAA Enforcement  HIPAA Now Has Teeth  Fines and Enforcement • Maximum fines raised from $25K to $1.5M • Enforced by the Office of Civil Rights • Currently building HIPAA audit candidate target list • Fines collected fund and support the enforcement process • Funds appropriated within HITECH to develop enforcement efforts within the State’s Attorney General Office • Practitioners face maximum OCR fines of $50,000 for falsely attesting to M.U. Measure #15 • Ignorance no longer tolerated
Compliance Effort vs. Risk Increasing Degree of HIPAA Compliance Effort ―Due to ―Due to ―Due to ―By exercising Willful Willful Reasonable reasonable Neglect if the Neglect if the Cause and not diligence violation is violation is Willful would not not corrected‖ corrected‖ Neglect‖ have known‖ Decreasing Degree of HIPAA Compliance Risk
OCR Audits and Current Activity HIPAA Audits Audit Protocol Audit Identification and Rollout Audit Triggers Self-reported Breach Patient Complaint Random Audit
Cyber Security Trends 2012 2011 2010 2009 2008 2007 310 Publicized 414 Publicized 662 Publicized 498 Publicized 656 Publicized 448 Publicized Breaches Reported Breaches Reported Breaches Reported Breaches Reported Breaches Reported Breaches Reported Annually Annually Annually Annually Annually Annually 9,235,228 Records 22,945,773 Records 16,167,542 Records 222,477,043 Records 35,691,255 Records 127,000,000 Records Exposed Exposed Exposed Exposed Exposed Exposed (as of 9/25/12) (94 Million from TJX incident) 2012 Breaches by 2011 Breaches by 2010 Breaches by 2009 Breaches by 2008 Breaches by 2007 Breaches by Industry: Industry: Industry: Industry: Industry: Industry: Financial/ Banking: Financial/ Banking: Financial/ Banking: Financial/ Banking: Financial/ Banking: Financial/ Banking: 3.2% of Breaches 7.0% of Breaches 8.2% of Breaches 11.4% of Breaches 11.9% of Breaches 7% of Records 2.3% of Records 2.7% of Records 30% of Records 0% of Records 52.5% of Records 6.9% of Records Educational: Educational: Educational: Educational: Educational: Educational: 14.8% of Breaches 14.3% of Breaches 9.8% of Breaches 15.7% of Breaches 20% of Breaches 24.9% of Breaches 19.1% of Records 3.6% of Records 9.9% of Records 0.4% of Records 2.3% of Records 1% of Records Govt./Military: Govt./Military: Govt./Military: Govt./Military: Govt./Military: Govt./Military: 11% of Breaches 11.4% of Breaches 15.7% of Breaches 18.1% of Breaches 16.8% of Breaches 24.7% of Breaches 20.4% of Records 43.7% of Records 7.5% of Records 35.7% of Records 8.3% of Records 6.4% of Records Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: 34.2% of Breaches 16.3% of Breaches 24.2% of Breaches 13.7% of Breaches 14.8% of Breaches 14.5% of Breaches 20.5% of Records 20.5% of Records 11.6% of Records 5.1% of Records 20.5% of Records 3.1% of Records All Other Business: All Other Business: All Other Business: All Other Business: All Other Business: All Other Business: 36.8% of Breaches 46.9% of Breaches 42% of Breaches 41.2% of Breaches 36.6% of Breaches 28.9% of Breaches 37.7% of Records 33.7% of Records 41% of Records 58.9% of Records 16.5% of Records 82.6% of Records
Causes of a Breach 24% System Failure 39% Negligence 37% Malicious or Criminal Acts
Major Risk Concerns  Human Error  Hackers  Rogue Employees  Independent Contractors  Social Media  Mobile Devices  A Changing Regulatory Environment  Cloud Computing
Response Cost Per Record  $15 for Notification  $13 for Discovery / Forensics / Legal Expenses  $35 for Credit Monitoring and ID Theft Services
Estimated Total Cost of a Breach  $194 per record - estimated average cost of a security/privacy breach (includes response costs, defense and damages)  $5.5M total cost per breach  15% of total cost - average cost to defend a claim 12011 Annual Study: U.S. Cost of a Data Breach—by The Penomon Institute, LLC; Sponsored by Symantec
Cyber Liability – Coverage Descriptions  Security & Privacy Liability  Covers the defenses costs and damages arising from the failure to prevent:  Unauthorized access to the Insured’s computer system and use of data by outsider (hacker).  Unauthorized access and/or use of confidential information by an employee.  Theft or loss of data (electronic or paper).  Transmission of a malicious code.  Privacy Regulatory Action  Covers:  Investigative costs for civil demand or proceeding, arising from a security breach, brought by or on behalf of a governmental agency, including requests for information related thereto.  Fines & penalties where insurable by law.  Breach Response  Covers the expenses incurred within one year of a security breach for:  Investigation, including computer forensics, to determine cause of security breach.  Hiring a crisis management and/or public relations firm.  Notifying potential victims of the breach as required by state law.  Credit monitoring for potential victims.  Identity Theft services, including identity restoration.
Coverage Descriptions Cont.  Media Liability  Covers the defense costs and damages arising from an error or omission in the creation or distribution of content for:  Personal Injury – including defamation, slander, invasion of privacy and emotional distress.  Intellectual Property Infringement - including copyright, domain name, title, slogan, trademark and trade name (excludes patent infringement).  Cyber Extortion  Covers the investigation expenses and payments made to a party threatening to attack the Insured’s computer system or to release, use or destroy confidential information.  Network Interruption  Covers the expenses for lost income from an interruption to the Insured’s computer system as a result of a security breach.  Data Recovery/Restoration  Covers the expenses incurred to:  Restore, recreate or recollect electronic data damaged or lost by a security breach.
So What Can You Do?  Prevention  Having a proper risk assessment done  Following through with assessment recommendations  Being adamant about precautionary measures  Preparation  Having a Cyber policy put into effect  Having the right limits and coverage in place  Having a plan of action ready to go
Questions?

Recommandé

Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 

Recommandé

Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Information security
Information securityInformation security
Information securityLJ PROJECTS
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Cybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataStephen Cobb
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with securityStephen Cobb
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Information security
Information security Information security
Information security razendar79
 
The red book
The red book The red book
The red book habiba Elmasry
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)
อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)
อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)โสภณ ศุภวิริยากร
 
What is music and its objectives?
What is music and its objectives?What is music and its objectives?
What is music and its objectives?PRECY REGALADO
 

Contenu connexe

Tendances

Cybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataStephen Cobb
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with securityStephen Cobb
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Information security
Information security Information security
Information security razendar79
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 

Tendances (20)

Cybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient DataCybercrime and the Hidden Perils of Patient Data
Cybercrime and the Hidden Perils of Patient Data
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with security
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
Incident response process
Incident response processIncident response process
Incident response process
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
 
Information security
Information security Information security
Information security
 
The red book
The red book The red book
The red book
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
Information security
Information securityInformation security
Information security
 
12 security policies
12 security policies12 security policies
12 security policies
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 

En vedette

อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)
อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)
อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)โสภณ ศุภวิริยากร
 
What is music and its objectives?
What is music and its objectives?What is music and its objectives?
What is music and its objectives?PRECY REGALADO
 
Business Associate HIPAA Compliance Impact on the Business Associate and Co...
Business Associate HIPAA Compliance Impact on the Business Associate and Co...Business Associate HIPAA Compliance Impact on the Business Associate and Co...
Business Associate HIPAA Compliance Impact on the Business Associate and Co...HealthCareManagement
 
Παρουσίαση του νέου εξεταστικού συστήματος (v.3)
Παρουσίαση του νέου εξεταστικού συστήματος (v.3)Παρουσίαση του νέου εξεταστικού συστήματος (v.3)
Παρουσίαση του νέου εξεταστικού συστήματος (v.3)Manos Nikiforakis
 
Pphg waled ayad
Pphg waled ayadPphg waled ayad
Pphg waled ayadWaled Ayad
 
Yahoo! Messenger Images On BlackBerry 10
Yahoo! Messenger Images On BlackBerry 10Yahoo! Messenger Images On BlackBerry 10
Yahoo! Messenger Images On BlackBerry 10Huynh Tinh
 
Yahoo! messenger images on black berry 10
Yahoo! messenger images on black berry 10Yahoo! messenger images on black berry 10
Yahoo! messenger images on black berry 10Huynh Tinh
 
RDC Sourcing Made Easy from China Presentation
RDC Sourcing Made Easy from China PresentationRDC Sourcing Made Easy from China Presentation
RDC Sourcing Made Easy from China Presentationraydoyle133
 
La competencia digital: las TIC en la clase de ELE
La competencia digital: las TIC en la clase de ELELa competencia digital: las TIC en la clase de ELE
La competencia digital: las TIC en la clase de ELELuis Enrique Elias Ruiz
 
สรุปรายงานโครงการอบรมผ้ามัดย้อม
สรุปรายงานโครงการอบรมผ้ามัดย้อมสรุปรายงานโครงการอบรมผ้ามัดย้อม
สรุปรายงานโครงการอบรมผ้ามัดย้อมโสภณ ศุภวิริยากร
 
Mapeh what is music and its objectives
Mapeh what is music and its objectivesMapeh what is music and its objectives
Mapeh what is music and its objectivesPRECY REGALADO
 

En vedette (16)

อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)
อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)
อบรมค่ายศิลปะ คุณธรรม และสิ่งแวดล้อม(Power point)
 
What is music and its objectives?
What is music and its objectives?What is music and its objectives?
What is music and its objectives?
 
Business Associate HIPAA Compliance Impact on the Business Associate and Co...
Business Associate HIPAA Compliance Impact on the Business Associate and Co...Business Associate HIPAA Compliance Impact on the Business Associate and Co...
Business Associate HIPAA Compliance Impact on the Business Associate and Co...
 
Παρουσίαση του νέου εξεταστικού συστήματος (v.3)
Παρουσίαση του νέου εξεταστικού συστήματος (v.3)Παρουσίαση του νέου εξεταστικού συστήματος (v.3)
Παρουσίαση του νέου εξεταστικού συστήματος (v.3)
 
Pphg waled ayad
Pphg waled ayadPphg waled ayad
Pphg waled ayad
 
Winter weather
Winter weatherWinter weather
Winter weather
 
Yahoo! Messenger Images On BlackBerry 10
Yahoo! Messenger Images On BlackBerry 10Yahoo! Messenger Images On BlackBerry 10
Yahoo! Messenger Images On BlackBerry 10
 
TaraLaneMAT
TaraLaneMATTaraLaneMAT
TaraLaneMAT
 
Yahoo! messenger images on black berry 10
Yahoo! messenger images on black berry 10Yahoo! messenger images on black berry 10
Yahoo! messenger images on black berry 10
 
PhotoEditor
PhotoEditorPhotoEditor
PhotoEditor
 
RDC Sourcing Made Easy from China Presentation
RDC Sourcing Made Easy from China PresentationRDC Sourcing Made Easy from China Presentation
RDC Sourcing Made Easy from China Presentation
 
Group 5
Group 5Group 5
Group 5
 
La competencia digital: las TIC en la clase de ELE
La competencia digital: las TIC en la clase de ELELa competencia digital: las TIC en la clase de ELE
La competencia digital: las TIC en la clase de ELE
 
สรุปรายงานโครงการอบรมผ้ามัดย้อม
สรุปรายงานโครงการอบรมผ้ามัดย้อมสรุปรายงานโครงการอบรมผ้ามัดย้อม
สรุปรายงานโครงการอบรมผ้ามัดย้อม
 
Kualiti kepimpinan
Kualiti kepimpinanKualiti kepimpinan
Kualiti kepimpinan
 
Mapeh what is music and its objectives
Mapeh what is music and its objectivesMapeh what is music and its objectives
Mapeh what is music and its objectives
 

Similaire à Healthcare Cyber Security Webinar

Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeMedSafe
 
Modernizing Patient Records
Modernizing Patient RecordsModernizing Patient Records
Modernizing Patient RecordsBob Larrivee
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentationProvider Resources Group
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
Data file.technical drs.hipaa presentation may 2011
Data file.technical drs.hipaa presentation may 2011Data file.technical drs.hipaa presentation may 2011
Data file.technical drs.hipaa presentation may 2011Technical Doctors
 
Deconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data BreachDeconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data Breachhgoodnight
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...Health IT Conference – iHT2
 
Gerald C.KaneHow DigitalTransformation IsMaking Health.docx
Gerald C.KaneHow DigitalTransformation IsMaking Health.docxGerald C.KaneHow DigitalTransformation IsMaking Health.docx
Gerald C.KaneHow DigitalTransformation IsMaking Health.docxhanneloremccaffery
 
Information+security rutgers(final)
Information+security rutgers(final)Information+security rutgers(final)
Information+security rutgers(final)Amy Stowers
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
HEALTHCARE IT: IS YOUR INFORMATION AT RISK?
HEALTHCARE IT: IS YOUR INFORMATION AT RISK? HEALTHCARE IT: IS YOUR INFORMATION AT RISK?
HEALTHCARE IT: IS YOUR INFORMATION AT RISK? IJNSA Journal
 

Similaire à Healthcare Cyber Security Webinar (20)

Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafe
 
CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717
 
CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717
 
CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717CYVA_EMA3PageVentureSummaryAngelAM020150717
CYVA_EMA3PageVentureSummaryAngelAM020150717
 
Modernizing Patient Records
Modernizing Patient RecordsModernizing Patient Records
Modernizing Patient Records
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
 
Data file.technical drs.hipaa presentation may 2011
Data file.technical drs.hipaa presentation may 2011Data file.technical drs.hipaa presentation may 2011
Data file.technical drs.hipaa presentation may 2011
 
Deconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data BreachDeconstructing The Cost Of A Data Breach
Deconstructing The Cost Of A Data Breach
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
 
Gerald C.KaneHow DigitalTransformation IsMaking Health.docx
Gerald C.KaneHow DigitalTransformation IsMaking Health.docxGerald C.KaneHow DigitalTransformation IsMaking Health.docx
Gerald C.KaneHow DigitalTransformation IsMaking Health.docx
 
Information+security rutgers(final)
Information+security rutgers(final)Information+security rutgers(final)
Information+security rutgers(final)
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
HEALTHCARE IT: IS YOUR INFORMATION AT RISK?
HEALTHCARE IT: IS YOUR INFORMATION AT RISK? HEALTHCARE IT: IS YOUR INFORMATION AT RISK?
HEALTHCARE IT: IS YOUR INFORMATION AT RISK?
 

Dernier

Giftedness: Understanding Everyday Neurobiology for Self-Knowledge
Giftedness: Understanding Everyday Neurobiology for Self-KnowledgeGiftedness: Understanding Everyday Neurobiology for Self-Knowledge
Giftedness: Understanding Everyday Neurobiology for Self-Knowledgeassessoriafabianodea
 
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptxSYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptxdrashraf369
 
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdfPNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdfDolisha Warbi
 
The next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptxThe next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptxTina Purnat
 
Primary headache and facial pain. (2024)
Primary headache and facial pain. (2024)Primary headache and facial pain. (2024)
Primary headache and facial pain. (2024)Mohamed Rizk Khodair
 
Clinical Pharmacotherapy of Scabies Disease
Clinical Pharmacotherapy of Scabies DiseaseClinical Pharmacotherapy of Scabies Disease
Clinical Pharmacotherapy of Scabies DiseaseSreenivasa Reddy Thalla
 
Measurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxMeasurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxDr. Dheeraj Kumar
 
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptxCOVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptxBibekananda shah
 
Nutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience ClassNutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience Classmanuelazg2001
 
Radiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptxRadiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptxDr. Dheeraj Kumar
 
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara RajendranMusic Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara RajendranTara Rajendran
 
Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.ANJALI
 
Apiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.pptApiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.pptkedirjemalharun
 
PULMONARY EMBOLISM AND ITS MANAGEMENTS.pdf
PULMONARY EMBOLISM AND ITS MANAGEMENTS.pdfPULMONARY EMBOLISM AND ITS MANAGEMENTS.pdf
PULMONARY EMBOLISM AND ITS MANAGEMENTS.pdfDolisha Warbi
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsMedicoseAcademics
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxSasikiranMarri
 
Presentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptx
Presentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptxPresentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptx
Presentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptxpdamico1
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfPULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfDolisha Warbi
 
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic AnalysisVarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic AnalysisGolden Helix
 
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROApril 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROKanhu Charan
 

Dernier (20)

Giftedness: Understanding Everyday Neurobiology for Self-Knowledge
Giftedness: Understanding Everyday Neurobiology for Self-KnowledgeGiftedness: Understanding Everyday Neurobiology for Self-Knowledge
Giftedness: Understanding Everyday Neurobiology for Self-Knowledge
 
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptxSYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
SYNDESMOTIC INJURY- ANATOMICAL REPAIR.pptx
 
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdfPNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
 
The next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptxThe next social challenge to public health: the information environment.pptx
The next social challenge to public health: the information environment.pptx
 
Primary headache and facial pain. (2024)
Primary headache and facial pain. (2024)Primary headache and facial pain. (2024)
Primary headache and facial pain. (2024)
 
Clinical Pharmacotherapy of Scabies Disease
Clinical Pharmacotherapy of Scabies DiseaseClinical Pharmacotherapy of Scabies Disease
Clinical Pharmacotherapy of Scabies Disease
 
Measurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptxMeasurement of Radiation and Dosimetric Procedure.pptx
Measurement of Radiation and Dosimetric Procedure.pptx
 
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptxCOVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
 
Nutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience ClassNutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience Class
 
Radiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptxRadiation Dosimetry Parameters and Isodose Curves.pptx
Radiation Dosimetry Parameters and Isodose Curves.pptx
 
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara RajendranMusic Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
Music Therapy's Impact in Palliative Care| IAPCON2024| Dr. Tara Rajendran
 
Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.Statistical modeling in pharmaceutical research and development.
Statistical modeling in pharmaceutical research and development.
 
Apiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.pptApiculture Chapter 1. Introduction 2.ppt
Apiculture Chapter 1. Introduction 2.ppt
 
PULMONARY EMBOLISM AND ITS MANAGEMENTS.pdf
PULMONARY EMBOLISM AND ITS MANAGEMENTS.pdfPULMONARY EMBOLISM AND ITS MANAGEMENTS.pdf
PULMONARY EMBOLISM AND ITS MANAGEMENTS.pdf
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes Functions
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptx
 
Presentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptx
Presentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptxPresentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptx
Presentation for Bella Mahl 2024-03-28-24-MW-Overview-Bella.pptx
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfPULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
 
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic AnalysisVarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
VarSeq 2.6.0: Advancing Pharmacogenomics and Genomic Analysis
 
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATROApril 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
April 2024 ONCOLOGY CARTOON by DR KANHU CHARAN PATRO
 

Healthcare Cyber Security Webinar

  • 1. Healthcare Cyber Security PRESENTED BY HEALTH CARE MANAGEMENT & ARTHUR J. GALLAGHER RISK MANAGEMENT SERVICES JANUARY 23, 2013
  • 2. AJG & HCM Arthur J. Gallagher Health Care Management Arthur J. Gallagher & Co., one of the Health Care Management is a cutting world's largest insurance brokerage edge medical and technology and risk management services firms, consulting firm that specializes in provides a full range of retail and improving your practices efficiencies wholesale property/casualty (P/C) and cutting costs through outsourcing brokerage and alternative risk practice management, medical billing transfer services globally, as well as and technology services with the use employee benefit brokerage, of CCHIT Certified EMR software, consulting and actuarial services. network monitoring technologies and Gallagher also offers claims and highly trained specialists. information management, risk control consulting and appraisal services to clients around the world.
  • 3. Speakers Joe Dylewski Jill Jordan Joe is a twenty-five year Information Technology veteran, with ten years Jill is a National Resource for Cyber Risk & Professional Liability spent exclusively in the Healthcare Industry. In addition to holding positions for Arthur J. Gallagher Risk Management Services, Inc. with focus as an Infrastructure Project Manager and Healthcare IT Infrastructure on the Midwest Region. Jill manages and produces a diverse book Specialist responsible for Local Area Network, Wide Area Network, and of Professional Liability accounts consisting of Technology Errors Telephony Services, Joseph has also served as a Healthcare IT Services & Omissions, Cyber Risk, and Media Liability. Practices Director and Account Manager. During that time, he led and his teams executed successful high-impact/large dollar projects for Electronic Jill has over 11 years experience as an insurance broker and has Medical Record and HIPAA Compliance implementations across multiple been with the Cyber Risk Group of Arthur J Gallagher for the last Healthcare Providers and Payers in Michigan. He leveraged that experience five and a half years. Jill began her career with Arthur J Gallagher to develop a cost-effective, time-efficient, and repeatable model to assist in in the Houston, TX office working on property and casualty middle the assessment and remediation of HIPAA compliance for Covered Entities market and risk management accounts with a focus on the Energy and Business Associates of all sizes. Industry. Joseph earned his Bachelor’s of Business Administration in Information Jill earned her BA in general studies from Louisiana State Technology and his Masters Degree in Mathematics from Eastern Michigan University. She is also a member of the Professional Liability University. He also holds the following certifications: Certified HIPPA Underwriters Society (PLUS) Professional, HIPAA Certified Security Specialist, and Information Technology Infrastructure Library Foundation. Joe is an Assistant Professor at Madonna University, is frequently invited as a subject matter expert in speaking engagements, and is viewed as a national thought leader in Physician Practice and Business Associate HIPAA compliance.
  • 4. Environment HIPAA 101 • HIPAA – Health Insurance Portability and Accountability Act of 1996 • Insurance Portability • Fraud Prevention • Administrative Simplification • Privacy of Protected Health Information (PHI) • Security of Protected Health Information
  • 5. HIPAA – Title II HIPAA Title II Administrative Simplification Electronic Data Interchange Security Rule Privacy Rule (Transaction and Code Sets) Administrative Physical Technical Safeguards Safeguards Safeguards
  • 6. Security Rule  The HIPAA Security Rule focuses on the  Confidentiality  Integrity  Availability ...of Protected Health information
  • 7. Where is the PHI? EMR Health Information Exchange Private Cloud / (HIE) Data Center DR Site Insurance Company IT Services Lab Document Destruction Physician Practice Health System © 2012 Health Care Management
  • 8. The HITECH Act  HITECH - The Health Information Technology for Economic Recovery and Reinvestment Act of 2009  Began in 2004 with Bush Administration vision for Electronic Health Records by 2014  Signed into law February 17, 2009 as a portion of ARRA  Appropriated $44,000 to $63,000 to be provided as individual reimbursement to physicians who adopt and ―meaningfully use‖ Electronic Medical Records • The disbursement schedule for ARRA funds began in 2011 and is staggered across five years
  • 9. HIPAA Enforcement  HIPAA Now Has Teeth  Fines and Enforcement • Maximum fines raised from $25K to $1.5M • Enforced by the Office of Civil Rights • Currently building HIPAA audit candidate target list • Fines collected fund and support the enforcement process • Funds appropriated within HITECH to develop enforcement efforts within the State’s Attorney General Office • Practitioners face maximum OCR fines of $50,000 for falsely attesting to M.U. Measure #15 • Ignorance no longer tolerated
  • 10. Compliance Effort vs. Risk Increasing Degree of HIPAA Compliance Effort ―Due to ―Due to ―Due to ―By exercising Willful Willful Reasonable reasonable Neglect if the Neglect if the Cause and not diligence violation is violation is Willful would not not corrected‖ corrected‖ Neglect‖ have known‖ Decreasing Degree of HIPAA Compliance Risk
  • 11. OCR Audits and Current Activity HIPAA Audits Audit Protocol Audit Identification and Rollout Audit Triggers Self-reported Breach Patient Complaint Random Audit
  • 12. Cyber Security Trends 2012 2011 2010 2009 2008 2007 310 Publicized 414 Publicized 662 Publicized 498 Publicized 656 Publicized 448 Publicized Breaches Reported Breaches Reported Breaches Reported Breaches Reported Breaches Reported Breaches Reported Annually Annually Annually Annually Annually Annually 9,235,228 Records 22,945,773 Records 16,167,542 Records 222,477,043 Records 35,691,255 Records 127,000,000 Records Exposed Exposed Exposed Exposed Exposed Exposed (as of 9/25/12) (94 Million from TJX incident) 2012 Breaches by 2011 Breaches by 2010 Breaches by 2009 Breaches by 2008 Breaches by 2007 Breaches by Industry: Industry: Industry: Industry: Industry: Industry: Financial/ Banking: Financial/ Banking: Financial/ Banking: Financial/ Banking: Financial/ Banking: Financial/ Banking: 3.2% of Breaches 7.0% of Breaches 8.2% of Breaches 11.4% of Breaches 11.9% of Breaches 7% of Records 2.3% of Records 2.7% of Records 30% of Records 0% of Records 52.5% of Records 6.9% of Records Educational: Educational: Educational: Educational: Educational: Educational: 14.8% of Breaches 14.3% of Breaches 9.8% of Breaches 15.7% of Breaches 20% of Breaches 24.9% of Breaches 19.1% of Records 3.6% of Records 9.9% of Records 0.4% of Records 2.3% of Records 1% of Records Govt./Military: Govt./Military: Govt./Military: Govt./Military: Govt./Military: Govt./Military: 11% of Breaches 11.4% of Breaches 15.7% of Breaches 18.1% of Breaches 16.8% of Breaches 24.7% of Breaches 20.4% of Records 43.7% of Records 7.5% of Records 35.7% of Records 8.3% of Records 6.4% of Records Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: Medical/Healthcare: 34.2% of Breaches 16.3% of Breaches 24.2% of Breaches 13.7% of Breaches 14.8% of Breaches 14.5% of Breaches 20.5% of Records 20.5% of Records 11.6% of Records 5.1% of Records 20.5% of Records 3.1% of Records All Other Business: All Other Business: All Other Business: All Other Business: All Other Business: All Other Business: 36.8% of Breaches 46.9% of Breaches 42% of Breaches 41.2% of Breaches 36.6% of Breaches 28.9% of Breaches 37.7% of Records 33.7% of Records 41% of Records 58.9% of Records 16.5% of Records 82.6% of Records
  • 13. Causes of a Breach 24% System Failure 39% Negligence 37% Malicious or Criminal Acts
  • 14. Major Risk Concerns  Human Error  Hackers  Rogue Employees  Independent Contractors  Social Media  Mobile Devices  A Changing Regulatory Environment  Cloud Computing
  • 15. Response Cost Per Record  $15 for Notification  $13 for Discovery / Forensics / Legal Expenses  $35 for Credit Monitoring and ID Theft Services
  • 16. Estimated Total Cost of a Breach  $194 per record - estimated average cost of a security/privacy breach (includes response costs, defense and damages)  $5.5M total cost per breach  15% of total cost - average cost to defend a claim 12011 Annual Study: U.S. Cost of a Data Breach—by The Penomon Institute, LLC; Sponsored by Symantec
  • 17. Cyber Liability – Coverage Descriptions  Security & Privacy Liability  Covers the defenses costs and damages arising from the failure to prevent:  Unauthorized access to the Insured’s computer system and use of data by outsider (hacker).  Unauthorized access and/or use of confidential information by an employee.  Theft or loss of data (electronic or paper).  Transmission of a malicious code.  Privacy Regulatory Action  Covers:  Investigative costs for civil demand or proceeding, arising from a security breach, brought by or on behalf of a governmental agency, including requests for information related thereto.  Fines & penalties where insurable by law.  Breach Response  Covers the expenses incurred within one year of a security breach for:  Investigation, including computer forensics, to determine cause of security breach.  Hiring a crisis management and/or public relations firm.  Notifying potential victims of the breach as required by state law.  Credit monitoring for potential victims.  Identity Theft services, including identity restoration.
  • 18. Coverage Descriptions Cont.  Media Liability  Covers the defense costs and damages arising from an error or omission in the creation or distribution of content for:  Personal Injury – including defamation, slander, invasion of privacy and emotional distress.  Intellectual Property Infringement - including copyright, domain name, title, slogan, trademark and trade name (excludes patent infringement).  Cyber Extortion  Covers the investigation expenses and payments made to a party threatening to attack the Insured’s computer system or to release, use or destroy confidential information.  Network Interruption  Covers the expenses for lost income from an interruption to the Insured’s computer system as a result of a security breach.  Data Recovery/Restoration  Covers the expenses incurred to:  Restore, recreate or recollect electronic data damaged or lost by a security breach.
  • 19. So What Can You Do?  Prevention  Having a proper risk assessment done  Following through with assessment recommendations  Being adamant about precautionary measures  Preparation  Having a Cyber policy put into effect  Having the right limits and coverage in place  Having a plan of action ready to go