Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.

Published byKolton Waldo Modified over 10 years ago

Similar presentations

Presentation on theme: "Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning."— Presentation transcript:

1 Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning

2 Department of Information Systems 2 Why encrypt laptops? Partners is requiring laptops to be encrypted for multiple reasons including, but not limited to: An ethical obligation to data subjects and individuals whose data is maintained by Partners, including patients, research participants, and employees; Compliance with multiple information security laws and regulations; An increasingly aggressive regulatory posture from governmental entities; and Minimizing organizational financial risk due to the costs associated with a security breach, including the loss of business due to bad public relations, research funding, etc.

3 Department of Information Systems 3 Legal requirements for compliance Multiple laws and regulations have established encryption as regulatory requirement, including: The Health Insurance and Portability Act (HIPAA) – modifications under ARRAs HITECH provisions that strengthened encryption requirements went into effect 09/23/09. MGL c.93H – Massachusetts law requiring breach notifications when unencrypted devices are lost or stolen. 201 CMR 17.00 – Massachusetts regulation requiring Partners and BWH to develop an information security program, including mandatory encryption for portable devices storing personal information, wireless encryption, etc. FTCs Red Flags Rules – Federal regulations that require Partners and BWH to establish identity theft protections programs, including the use of encryption (effective 06/01/10). Additionally, encryption is increasingly required by Partners and BWHs business partners and research funding sources as a contractual matter. As an example, the NHLBI requires data recipients to encrypt laptops that maintain individually identifiable data.

4 Department of Information Systems 4 Who is covered by this requirement? Any individual who connects to the Partners network with a laptop (directly or via VPN), or stores Confidential Data on their laptop. Confidential data is defined as: Confidential Data: includes electronic protected health information, financial records, personal information, intellectual property, non- public research information, and employee information. Confidential Data also includes any other non-public information that would subject Partners/BWH, the data owner, or the data subjects, to harm if the data was lost, stolen, or accessed by unauthorized individuals.

5 Department of Information Systems 5 What is the risk to the organization and individuals for non-compliance? The risks vary, and typically would be determined during an enforcement action or audit from a governmental entity, or after the loss or theft of an unencrypted laptop. As an example, the loss of individually identifiable data (from patients, research subjects, or employees) that is covered by information security laws regulations could subject Partners and BWH to potential civil monetary liability. Individuals could also face civil and criminal penalties. Loss of individually identifiable data would also require Partners and BWH to notify data subjects and federal and state regulators, and the press/media under breach reporting regulations. Potential civil litigation from data subjects could also result. Loss of intellectual property or certain non-public research data could also harm Partners or BWH and individual researchers. Grantors may rescind funding, competitors may gain access to intellectual property, research projects may encounter unexpected difficulties, and adverse public relations could also result.

6 Department of Information Systems 6 Laptop Encryption Support Partners offers two solutions for Laptop Encryption: Windows Laptops: SafeBoot® software Mac Laptops: PGP® Whole Disk Encryption software The primary advantage for using Safeboot® or PGP® is that the Help Desk will be able to provide support, including password resets. Individuals using other products will be responsible for providing their own support. For more information on how to install encryption software and FAQs, please see this link: http://helpdeskselfservice.partners.org/encryption.htm http://helpdeskselfservice.partners.org/encryption.htm Laptop Depots: Laptop depots started in March, and will run for next 5 – 6 weeks. To register to bring in your laptop, please contact the Helpdesk.

Download ppt "Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning."

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.

An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Health Insurance Portability & Accountability Act (HIPAA)

Health Insurance Portability & Accountability Act (HIPAA)
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Responding to a Data Security Breach

Responding to a Data Security Breach

Similar presentations

Ads by Google