Securing NPI Mary Schuster Mike Murphy.  Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Computer Fraud Chapter 5.
Computer Fraud Chapter 5.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Privacy, Security, Confidentiality, and Legal Issues
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Protecting Personal Information Guidance for Business.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Safe Computing Dave Carter, CISSP Michigan State University College of Agriculture and Natural Resources.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
The CFPB and the Rules Affecting the Way we Do Business! Presented by Dawn Enoch Moore Texas Land Title Association President.
Factors to be taken into account when designing ICT Security Policies
Steps to Compliance: Risk Assessment PRESENTED BY.
ICT School Policies 6 th November Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR TJX Video.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Elite Networking & Consulting Presents: Everything You Wanted To Know About Data Insurance* * But Were Afraid To Ask Elite Networking & Consulting, LLC,
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Data Stewardship May 13, 2010 Tom Barton R.L. Morgan Ron Kraemer.
HIPAA PRIVACY AND SECURITY AWARENESS.
Accounting Electronic Records Management Process Your Company Name Here. Confidential. Revision # ___. Date: _____ By: _______________ 1 1. Full Access.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
Security and Privacy Strategic Global Partners, LLC.
Best Practices for Protecting Data. Section Overview Mobile Computing Devices Technical Procedures Data Access and Permissions Verbal Communication Paper.
1 SECURITY & HIPAA DATA ENSURE INC. 798 PARK AVE. NW SUITE 204 NORTON, VA (276) D E.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Privacy and Information Management ICT Guidelines.
Preventing Common Causes of loss. Common Causes of Loss of Data Accidental Erasure – close a file and don’t save it, – write over the original file when.
Cyber Security & Fraud – The impact on small businesses.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Incident Security & Confidentiality Integrity Availability.
ICT in Healthcare. Electronic prescription service GPs and nurses can send electronic prescriptions to a dispenser (pharmacy) of the patients choice.
1 st Choice Document Destruction th Avenue, Milaca, Minnesota Office: Cell:
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
HIPAA Health Insurance Portability and Accountability Act of 1996.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Incident Security & Confidentiality Integrity Availability.
TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.
Computer Security Sample security policy Dr Alexei Vernitski.
Managed IT Services JND Consulting Group LLC
Welcome to the ICT Department Unit 3_5 Security Policies.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Payment Card Industry (PCI) Rules and Standards
Protection of CONSUMER information
Data Security Policies
Privacy of Client Data.
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
Chapter 3: IRS and FTC Data Security Rules
Protecting Personal Information Guidance for Business.
General Counsel and Chief Privacy Officer
IS4680 Security Auditing for Compliance
Introduction to the PACS Security
Presentation transcript:

Securing NPI Mary Schuster Mike Murphy

 Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information of individuals consisting of three sections: o The Financial Privacy Rule, which regulates the collection and disclosure of private information o The Safeguards Rule, which stipulates that financial institutions must implement security program to protect private information o The Pretexting Rule, which prohibits accessing private information using false pretenses

 The CFPB Responsible for consumer protection in the financial sector Authorized by the Dodd-Frank Act in 2010 in response to the financial crisis of Service Provider Memo of 4/13/12 extends some GLB service providers of the lender Has developed new rules and forms related to the closing of a real estate transaction

 ALTA Advocacy on behalf of title agents related to proposed CFPB regulations o Educated the CFPB on the value of the title industry and title agent o Formed a task force that worked with the CFPB related to changes o Created Best Practices as industry-wide proactive offering of Standards – as opposed to waiting for each lender to set individual standards o Worked with title agents to review and comment on the proposed CFPB changes

 But what does the coming together of these parts really mean? Lenders have a greater responsibility than ever before o Responsible for title agents and their processes, practices and procedures used in transactions o Ultimately responsible for title agency 3 rd party vendors Notaries Cleaning staff IT service providers That’s 4 th party level responsibility and that got the Lender’s attention!

 ALTA’s answer…Best Practices 7 Pillars ALTA/Underwriter/Software Vendor Tools o Webinars o Readiness Assessments Certification o Pillars 1, 2, 4, 5, 6, 7 o Pillar 3

 Develop a security program to protect NPI – Electronic & Paper Identify where NPI exists in your organization o Data in use Active order data within Title Production Software Active order data in paper files Active order data in documents (Word, Excel, etc) Documents at the closing table o Data in motion Any order data moving along your network Any order data being shared with other parties o Data at rest Inactive order data within Title Production Software Inactive order data in data warehouse Offsite backups, tapes, etc.

 Develop a security program to protect NPI Examples of NPI o The obvious SSN/EIN Credit card numbers o The little less obvious Bank or credit card payoff statements Insurance, retirement, divorce or tax information Dates of birth o How about this one? Buyer/Seller names with property address on a HUD on an active order? Yep, that’s NPI until the data is recorded

 Develop a security program to protect NPI Ask questions about your operation o Do you have a clean desk policy? o Are you shredding sensitive documents? o If you use a shredding service are documents to be shredded secured? o Does you scanning solution have levels of security to limit access? o Are all files locked and secured? Common area stand-ups? o Do you conduct background checks of employees? How often?

 Develop a security program to protect NPI Ask questions about your operation o Are devices password protected and are they locked down at night? o Are your servers secure with limited access? o Do you destroy old hard drives of computers and copiers? o Are mobile devices secure and can they be remotely wiped clean? o How are paper files secured that leave the office or are with couriers? o Do you have oversight of service providers to be sure they secure NPI?

 Develop a security program to protect NPI Ask questions about your operation o Does your office and work areas have secured entry points with individual access codes or keyed access? o Do you control the use of removable media devices like flash drives? o Do you have Disaster Recovery and Business Continuity plans? o Do you have audit procedures to insure that staff comply with security measures and procedures? o Are and attachments containing NPI encrypted?

 Develop a security program to protect NPI Ask questions about your operation o Are you restricting personal accounts? o Does a training program for employees related to protecting NPI exist? o Do you have guidelines and controls for use of company technology that has access to NPI?

 Develop a security program to protect NPI Build company policies, educate staff and review regularly o Clean Desk Policy o Acceptable Use Policy o Password Policy o Information Technology Electronic Asset Disposition Policy o Security of Information and Records Policy o Privacy of Personal Information of Consumers and Customers Policies o Exception Standard o Firewall Policy o Vulnerability Scanning Policy

 Do continue to educate yourselves  Do take action – get started as this is a process. Compliance is a continuous journey, not a destination.  Do ask questions and get help  Do train your staff members about NPI  Do review your Security Program  Do become compliant – get certified

 Don’t be this title agent

 Business Continuity How we work when we can’t get to work or when equipment isn’t available Can Business Continuity be built into our systems?  Disaster Recovery What we do when resources are gone for good or gone for an extended period of time Recovery Point Objective Recovery Time Objective Developing the process to determine if/when to enable Disaster Recovery Testing

Nice 10 years ago – Today’s grade F Application Database Storage Web

Application Database Storage Web Nice 10 years ago – Today’s grade F

Application Database Storage Web

Database Storage Web Application Database Storage Web Application

Database Storage Web Application Getting better– Today’s grade C- Database Storage Web Application

Database Storage Web Applicatio n Database Storage Web Application Getting better– Today’s grade B Database Storage Web Application

Database Storage Web Application Database Storage Web Application

Database Storage Web Application Database Storage Web Application Database Storage Web Application This is it! – Today’s grade A+

Best Practices Lender Questionnaires Pressure on Lenders for not 3 rd Parties but 4 th Parties Build It or Lease It Cloud Basics

 State Land Title Associations  American Land Title Association Best Practices  Underwriters Webinars, White Papers, Checklists  Op2

Mary Schuster – RamQuest/op2 o o Mike Murphy – op2 o

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.