HIPAA Data Security PCF Data Security Update May 1 st, 2015.

Slides:

Advertisements

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Advertisements

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.

Introduction to Office 365

© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415)

Division of Information Resources Collaborating with Office 365 Storage Options and Classifications.

Impact of the Recent UC Denver Remote Computing Audit May, 2010.

Secure Transit & Storage HOW TO SECURELY STORE & SEND CONFIDENTIAL DATA by The UTHSC Information Security Team.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Steps to Compliance: Bring Your Own Device PRESENTED BY.

Fòmasyon Itilizatè Ayiti Office 365 Fòmasyon. Why the Change? Partners in Health's new hosted Microsoft Office 365 solution allows users to access their.

Mobile Data Management (MDM) July 24, 2013 Lance M. Calisch.

Beyond WiFi: Securing Your Mobile Devices Thomas Kuhn Information Technology Assistance Center (iTAC) Kansas State University.

IT’s Gone Mobile: How to do your Job Anywhere Jason Hand IT Specialist, Central NM Electric Cooperative Jason Hand Cell:

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Introduction to Office 365

IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.

Presentation by Neil Schmidt. Before You Start, Get Organized! On your old computer: Create “Music”, “Pictures” & “Videos” folders (if they don’t already.

1 of 13 Back to Start Working Remotely Your company’s Windows SBS computer network makes it easy for you and your coworkers to work remotely—and to stay.

1 Integrating ISA Server and Exchange Server. 2 How works.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.

Information Security Information Technology and Computing Services Information Technology and Computing Services

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Unified. Simplified. Unified Communications Launch 2007.

Your storage on the ground; Your files in the cloud.

For CCRI Students.

2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives ing Patient Information.

CPS Acceptable Use Policy Day 2 – Technology Session.

Chapter 7: Using Windows Servers to Share Information.

1 Secure Services. 2 Secure is a hosted application that provides users with enterprise-grade business features including calendaring, contacts.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

IT:Network:Applications.  How messaging servers work  Initial tips for success Exchange management  Server roles  Exchange Server Management  Message.

ESCCO Data Security Training David Dixon September 2014.

Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.

PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.

Prepared By Ben Smyrlian Zix Encryption Network Protects Every .

University Health Care Computer Systems Fellows, Residents, & Interns.

Mobile Device Management Overview Information Security Office.

SPH Information Security Update September 10, 2010.

Instructional Technology & Design Office or Box at U of I: Cloud Services Presented by Kate Rojas.

Offer highly configurable and scalable services Maintain an evergreen service Provide a platform built on security, privacy, and trust.

Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.

Module 12 Integrating Exchange Server 2010 with Other Messaging Systems.

Module 7 Planning and Deploying Messaging Compliance.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Implementing Microsoft Exchange Online with Microsoft Office 365

Prerequisite Office 2013 has OneDrive already installed, no action required If still on Office 2010, you will need OneDrive installed on your machine.

Riva – Sync GoldMine to Exchange and Office 365 Server-side sync | No plug-ins required Neil Graham Riva Specialist Riva CRM Integration ext.

TRUENORTH TECHNOLOGY POLICIES OVERVIEW. This includes but is not limited to : – Games – Non-work related software – Streaming media applications – Mobile.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

LO2 Understand the key components used in networking.

ITS Lunch & Learn November 13, What is Office 365? Office 365 is Microsoft’s software as a service offering. It includes hosted and calendaring.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Secure Services Shared Hosted MS Exchange 2010.

Outlook / Exchange Training. Outlook / Exchange: Agenda What Can Microsoft Exchange Do / How works at UST? and Inbox Mailbox Quota Archiving.

Introduction to Office 365. Topics Covered What is Office 365? Office 365 Infrastructure Office 365 Components Outlook Web App & Logon Process Training.

Fourth ICT Security Conference 2017

DATA SECURITY FOR MEDICAL RESEARCH

Encrypted from CDS Office Technologies

Introduction to Soonr by ….

COM Orientation The template can be used to create presentations for community, civic, advocacy and government relations groups. It is also appropriate.

Encryption in Office 365 Shobhit Sahay Technical Product Manager

ONE® Mail Training Presentation

Data Security Awareness

IT Office hours – 1 Data Sharing 101

Presentation transcript:

HIPAA Data Security PCF Data Security Update May 1 st, 2015

Pediatrics PCF Understanding of the Data Transfer Requirements What are you trying to accomplish? Who do you need to share your data with? Do you need a BAA and is one already in place? More on this later… Some have requirements to share and/or exchange data with various agencies Internal Connections External Connections

Pediatrics PCF HIPAA Policies WUSM Security and Privacy Policies are located at: and Internet Usage Guideline  Policy # Storing Protected and/or confidential information on Internet Servers Sending s that contain Protected and/or Confidential Information Disclaimer – PCF automatically appends the disclaimer to all outbound Encryption – all containing protected information other than provider-to-patient communication should utilize an encryption mechanism to ensure the integrity and confidentiality of the protected information

Pediatrics PCF PCF Services Discussed the Disclaimer previously PCF and BJC environments route to each other through the GroupWise Connector Automatically routes addressed to respective recipients through the connector – no need to encrypt! Shared address books Free/Busy Calendar views – allows for better integration for areas that require hybrid (SLCH/Dept. of Pediatrics) Helps breakdown organizational barriers This tool will be extended to the other WUSM environments in the future

Pediatrics PCF Mobile Device Management (MDM) WUSM has implemented the AirWatch MDM product All mobile devices connecting to the WUSM-secure Wi-Fi network are required to use the AirWatch service Download the AirWatch client from the appropriate App store

Pediatrics PCF AirWatch notification from the PCF Helpdesk

Pediatrics PCF

Pediatrics PCF Who needs to install AirWatch Required to Install Connect your mobile device (iPhone, iPad, Android, etc.) to the secure wireless network WUSM-Secure Not required to Install Only connects your mobile device to or the Guest wireless network

Pediatrics PCF Box Cloud Services WUSTL Box may be used to manage the following content: Protected health information (HIPAA) Attorney/Client privileged information IT Security information Protected identifiable human subject research data (HIPAA & Common Rule) Student education records (FERPA) Student loan application information (GLBA)

Pediatrics PCF New SPAM Filters and [SECURE] Transport PCF recently launched a new SPAM filter appliance, ProofPoint Improved SPAM filtering With this, PCF launched the new [SECURE] outbound encryption service Simply type in [SECURE] in the subject line

Pediatrics PCF New SPAM and [SECURE] notification from the PCF Helpdesk

Pediatrics PCF Encryption Options 1.Put the EPHI in a file (Access, Excel, Word) and encrypt the file with a secure password and it (maximum of 32 GB file size) Send the recipient the password for the encrypted file in a separate ! 2.Put the EPHI in a file (Access, Excel, Word) and encrypt the file with a secure password and use the WUSTL Digital Dropbox service to transfer the file (maximum of 200 GB file size) Instructions for the WUSM Large File Transfer service are located on the site Send the recipient the password for the encrypted file in a separate !

Pediatrics PCF Encryption Options, cont. 3.Contact PCF to use the Tumbleweed Secure Transport product (capable of handling large file transfers > 700 GB) The Tumbleweed product can be set up as a point to point secure dropbox service for sites or businesses that you routinely transfer EPHI with. This is the preferred option to use when you have project requirements to regularly send documents with EPHI to businesses outside of the WUSM environment. Currently in place between agencies that Dept. of Pediatrics business relationships with that need this type of routine data exchange capabilities. 4.Use the [SECURE] transport service in your native Outlook or OWA client

Pediatrics PCF Tips on Data Exchange PCF has a policy to encrypt the hard drives on all PCF supported desktops and laptops o Older machines have not been encrypted and will be replaced via the annual bulk device replacement process Citrix is encrypted end to end, designed as a remote access tool to map your network drives. o Can map your local drive on your remote PC or laptop  file exchange VPN connection is encrypted end to end PCF Web based is encrypted end to end o Quick and dirty way to send a file to yourself Use encrypted USB drives Never send an that contains PHI to a non-WUSM service without encrypting the and/or the attachment!

Pediatrics PCF Business Associate Agreements New Business Associate Agreements (BAA) are required to comply with new HIPAA regulations New BAA form on the Purchasing web site List of all HIPAA BAA is on the site IPAA.aspx IPAA.aspx

Pediatrics PCF Questions/Comments Thanks for your time!

Pediatrics PCF E. Scott Rich, B.S., M.B.A. Director I.S. Campus Box Children’s Place St. Louis, MO (314) ©2010