Presentation is loading. Please wait.

Presentation is loading. Please wait.

Contingency Planning Drew Hunt Network Security Officer Valley Medical Center.

Published byHilary James Modified over 8 years ago

Similar presentations

Presentation on theme: "Contingency Planning Drew Hunt Network Security Officer Valley Medical Center."— Presentation transcript:

1 Contingency Planning Drew Hunt Network Security Officer Valley Medical Center

2 About me M.Ed., CISSP, MCT M.Ed., CISSP, MCT Technical geek Technical geek HIPAA Advocate HIPAA Advocate Developed and taught Information Assurance courses for the Department of Defense Developed and taught Information Assurance courses for the Department of Defense Visited by Aliens in 1992 Visited by Aliens in 1992

3 Why a Contingency Plan? Types of Disasters Types of Disasters –Natural Disasters –Accidental Disasters –Intentional Disasters 65 % of businesses that cannot recover from a disaster within a week go out of business permanently 65 % of businesses that cannot recover from a disaster within a week go out of business permanently Garner Group expects that 1/3 of US businesses are not prepared for major disaster. Garner Group expects that 1/3 of US businesses are not prepared for major disaster.

4 Natural Disasters Seattle Earthquake in 2000 cost 2.0 billion dollars Seattle Earthquake in 2000 cost 2.0 billion dollars Hurricane Andrew (FL, LA) in 1992 cost $1.8 billion dollars Hurricane Andrew (FL, LA) in 1992 cost $1.8 billion dollars Midwest Floods (IL, IA, KS, MN, MO, NE, ND, SD, WI) in 1993 $1.1 billion dollars Midwest Floods (IL, IA, KS, MN, MO, NE, ND, SD, WI) in 1993 $1.1 billion dollars LA quake in 1994 caused $15.3billion dollars of damages. LA quake in 1994 caused $15.3billion dollars of damages.

5 Accidental Disaster Data losses cost businesses 11.8 billion dollars in 1998. Data losses cost businesses 11.8 billion dollars in 1998. Estimated that 3% of disasters were by natural causes while 32% disasters were caused by human error. Estimated that 3% of disasters were by natural causes while 32% disasters were caused by human error.

6 Intentional Disasters Viruses Viruses –Sobig.f fastest virus in history Grounded Air Canada, Lockheed Martin Grounded Air Canada, Lockheed Martin –Slammer Worm –SuperWorm? Theft Theft –Tri-West lost 550,000 medical records – Hacker gained access to UW Medical Center

7 HIPPA Contingency Plan Referenced in CFR 164308(a)(7) Referenced in CFR 164308(a)(7) Defined as polices and procedures for responding to an emergency or disaster Defined as polices and procedures for responding to an emergency or disaster

8 Contingency Plan Implementation Specifications Required Specifications: Required Specifications: –Data backup plan –Disaster recovery plan –Emergency mode operation plan Addressable Specifications: Addressable Specifications: –Testing and revision procedures –Applications and data criticality analysis

9 Data Backup Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information Test and practice restoring from backup Test and practice restoring from backup Consider off site storage Consider off site storage

10 Disaster Recovery Plan Primary goal of a disaster recovery plan is to minimize the effects of a disaster. Primary goal of a disaster recovery plan is to minimize the effects of a disaster. Establish procedures to restore any loss of data. Establish procedures to restore any loss of data.

11 Emergency mode operation plan Establish procedures to secure electronic protected health information while operating in emergency mode. Establish procedures to secure electronic protected health information while operating in emergency mode. Identify critical business processes Identify critical business processes

12 Testing and Revision Procedures Implement procedures for periodic testing and revision of contingency plans. Implement procedures for periodic testing and revision of contingency plans. Consider employee turnovers, infrastructure changes, hardware and software changes, etc… Consider employee turnovers, infrastructure changes, hardware and software changes, etc…

13 Applications and Data Criticality Analysis Assess the relative criticality of specific applications and data in support of other contingency plan components. Assess the relative criticality of specific applications and data in support of other contingency plan components. Identify resources and subsystems that support critical functions such as, patient scheduling, billing, payroll, and patient care services. Identify resources and subsystems that support critical functions such as, patient scheduling, billing, payroll, and patient care services.

14 Questions

Download ppt "Contingency Planning Drew Hunt Network Security Officer Valley Medical Center."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Washington State Archives Documenting Democracy Washington State Archives Presented by: May 2010 Leslie Koziara Electronic Records Management Consultant,

Washington State Archives Documenting Democracy Washington State Archives Presented by: May 2010 Leslie Koziara Electronic Records Management Consultant,
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Kate Rathbun, MD, MPH Concentra Medical Center 3235 Perkins Road Baton Rouge, LA 70808 225-387-3030

Kate Rathbun, MD, MPH Concentra Medical Center 3235 Perkins Road Baton Rouge, LA
GREEN Animation Studio Lewis, Rob, Richard. Introduction Where are the Copies of the Plan Stored? Who and How Do We Call A Disaster? What’s covered in.

GREEN Animation Studio Lewis, Rob, Richard. Introduction Where are the Copies of the Plan Stored? Who and How Do We Call A Disaster? What’s covered in.
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 15-1 Introduction to Information Technology.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Saving Your Business from a Data Loss Randy Clark.

Saving Your Business from a Data Loss Randy Clark.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.

Complete Data Protection from [INSERT SOFTWARE NAME] Insert logo.
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.
| Establishing a Contingency Plan.

| Establishing a Contingency Plan.
Disaster Recovery Plan: Do you have one? Neal Cross, Assistant Director of Instructional Technology Shelly Brown, Director of Web Services Southwest Baptist.

Disaster Recovery Plan: Do you have one? Neal Cross, Assistant Director of Instructional Technology Shelly Brown, Director of Web Services Southwest Baptist.

Similar presentations

Ads by Google