Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Group: GTR ver M  Grace Chen  Taru Singhal  Robert Szymanek  Michael Parker.

Published byColten Heustis Modified over 9 years ago

Similar presentations

Presentation on theme: " Group: GTR ver M  Grace Chen  Taru Singhal  Robert Szymanek  Michael Parker."— Presentation transcript:

1  Group: GTR ver M  Grace Chen  Taru Singhal  Robert Szymanek  Michael Parker

2  Identify the Problem  Compliance/Risk  Storage Options  Transmission Options  Feasibility Analysis  Final Recommendation

3  Deficiencies in the process of storage/backup ◦ Is the current data stored? ◦ Is there a secure backup currently performed? ◦ Is current data encrypted? ◦ Currently how is data archived?  Deficiencies in the process of transmission ◦ What is the best way to transmit data? ◦ What Is the best encryption ◦ Is E-mail safe? ftp/sftp?

4  Social Security numbers  Home addresses and telephone numbers  Personal and family health history  Bank accounts and credit card numbers

5  The HIPAA Privacy Rule applies to: ◦ Health plans ◦ Healthcare clearinghouses, part of an HIO ◦ Healthcare providers that conduct covered transactions  Healthcare Information Organization (HIO) performs certain functions or activities which require access to PHI  Healthcare clearinghouses collect data such as PHI and data-mine them

6  Federal Penalties ◦ The U.S. Department of Health & Human Services has the authority to impose penalties of $100 to $50,000 or more per violation.  Criminal Penalties ◦ The U.S. Department of Justice has the right to fine organizations and individuals who intentionally violate standards. The penalties range from $50,000 to $250,000, with various jail sentence lengths, depending on the offense.

7  Encrypt data on servers and email  Restrict use of file sharing applications and portable devices  Provide protection against malware and attacks  Use comprehensive security policies  Log data points for compliance audits

8 Storage of Protected Health Information Opt 1: Data Center/Iron Mountain Opt 2: Citrix Solution/Iron Mountain

9  SAN/Servers - $160,000  Cisco - $24,000  VMware/Failover - $26,000  Applications (VeriSign, sftp) - $10,500  Contractors - $9,400  Total - $229,900

10  Citrix Access Gateway protects data using standards-based encryption technologies (SSL/TLS).  Secure remote access.  Leading SSL VPN performance and scalability.  Protect intellectual property with corporate policies.  Lets users work from anywhere.

11 Data Center (1,000 users) - $229,900  Same expense as for both solutions.

12  Rapid recovery  Extremely high security  Reduce risk of server data loss and downtime  Continuous backup  Protection of open files and databases  Flexible retention periods  Access when and where you want it  http://www.ironmountain.com/health-information/health-server- backup.html http://www.ironmountain.com/health-information/health-server- backup.html

13  $2.15 per GB per month  HIPAA Retention Period is 7 years 1 TB2 TB2.5 TB3 TB Price/GB $ 2.15 Price/Mo $ 2,150.00 $ 4,300.00 $ 5,375.00 $ 6,450.00 Price/Yr $ 25,800.00 $ 51,600.00 $ 64,500.00 $ 77,400.00 Extended (3 yr) $ 77,400.00 $ 154,800.00 $ 193,500.00 $ 232,200.00 Operating expense, non-capital

14 Transmission of Protected Health Information

15  Secure FTP can be used as a technical mechanism, protecting data in motion within a distributed healthcare system.  Secure Shell password controls file access.  Secure Shell encryption controls confidentiality of the information.  Server Event logs facilitates a security audit.

16  The primary rule within HIPAA that affects e-mail is the Security Rule.  Many encryption technologies require the user to become familiar with the use of plug-ins and other specialized “client-side” encryption software  Another issue faced by organizations is a lack of technological standards  The solution to each of these issues is to move the encryption responsibility from the individual user to a specialized server.

17  The team is ready to implement a multi- layered system using the Data Center storage and Iron Mountain  Secure transmission using secure ftp and secure email for transmission of Protected Health Information.  Provision sufficient resources to implement a Citrix solution when needed, plan for FY 2012 or FY 2013.

18  New Deployments (No teardown) ◦ Storage/backup ◦ Secure Email ◦ Secure FTP  Maintenance Considerations for IT staff ◦ Ensuring complete backups (Iron Mountain) ◦ Enforcing Data Center SLA standards ◦ Checking secure local storage ◦ Maintaining VeriSign certificates for email and FTP  Processes invisible to end users!

19  Iron Mountain (2.5 TB) - $193,500  Iron Mountain is an annual operating expense at $64,500/year  Operating costs affect Income Statement  Data Center (Infrastructure required) - $229,900  A capital expense at depreciates at $45,980/year over 5 years  Capital expenses affect the Balance Sheet  Maintenance approx 10% of purchase price, capitalized  Total - $412,900

20 Thank You Questions?

Download ppt " Group: GTR ver M  Grace Chen  Taru Singhal  Robert Szymanek  Michael Parker."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA How It Is Affecting Information Systems Within Companies Around Us.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.

Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
 Group: GTR ver M  Grace Chen  Taru Singhal  Robert Szymanek  Michael Parker.

 Group: GTR ver M  Grace Chen  Taru Singhal  Robert Szymanek  Michael Parker.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Similar presentations

Ads by Google