1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

HIPAA Implementation. Basic HIPAA Requirements Designating a Privacy Officer Notifying patients about their privacy rights and how their information can.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

Westbrook Technologies from Document Management’s Role in HIPAA.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.

NAU HIPAA Awareness Training

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Information Security Policies Larry Conrad September 29, 2009.

Security Controls – What Works

VITA [Virginia Information Technologies Agency]

Developing a Records & Information Retention & Disposition Program:

Clinical Information System Implementation Project Prepared for Clinical Affairs Committee December 4, 2002.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Electronic Records Management: What Management Needs to Know May 2009.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

State of Iowa Enterprise HIPAA Compliance

Community Paramedic. Benchmark 101 We need a description of the epidemiology of the medical conditions targeted by the community paramedicine program.

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Eliza de Guzman HTM 520 Health Information Exchange.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Connecting the Dots A Practical Approach to Integrating Compliance, Risk and Quality Jody Ann Noon RN, JD Partner Health Care Regulatory Practice.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Working with HIT Systems

HIPAA Health Insurance Portability and Accountability Act of 1996.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Office of Human Research Protection Georgia Health Sciences University.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Chapter 8 Auditing in an E-commerce Environment

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.

Introduction to the Federal Defense Acquisition Regulation

NRC Cyber Security Regulatory Overview

Disability Services Agencies Briefing On HIPAA

Security Awareness Training: Data Owners

County HIPAA Review All Rights Reserved 2002.

CompTIA Security+ Study Guide (SY0-401)

Health Care: Privacy in a Digital Age

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

HIPAA Security Standards Final Rule

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Move this to online module slides 11-56

PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS

Presentation transcript:

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia Department of Health Cyber Security

2 VDH’s Cyber Security Program VDH defines Cyber Security as: measures taken to protect a computer or computer system against unauthorized access or attack Cyber attacks are the primary cause for data loss and inappropriate access Agencies are responsible for the overall security of data and information necessary to support the mission of the Agency. Infrastructure support is provided by the Virginia Information Technologies Agency

3 Data Repositories Within VDH VDH is responsible for managing information that spans the agency’s public health mission As a result VDH maintains systems containing a variety of data including: Grant/Financial data Regulatory reporting data: Environmental quality, Restaurants, Epidemiological Reporting & Drinking water Patient tracking and scheduling Personally identifiable information (PII) for employees, patients, and volunteers Protected Health Information (PHI) (including both healthcare and surveillance information) Vital records information Autopsy and investigation data on decedents for law enforcement and public health officials

4 Data Governance VDH uses & maintains data & information in compliance with federal & state laws, regulations & requirements. These include: Commonwealth Security Policies and Standards (Information Technology Resource Management (ITRM)) Health Information Portability and Accountability Act (HIPAA) Federal Educational Rights and Privacy Act (FERPA) The Code of Virginia: Including Virginia’s FOIA and the Records Management Program VDH Policies & Standards: Confidentiality & Information Security

5 VDH Information Security Increasingly agencies rely on electronic records & the utilization of information technology to effectively deliver government services VDH’s Information Security Program focuses on providing services that support the agency's mission through enhanced technology and is: Managed to address both business and technological requirements; Risk-based; Aligned to the VDH and Commonwealth policies, priorities and standards; and A balance between access to data and information security

6 VDH Information Security Program VDH Commissioner Chief Information Officer Information Security Officer Privacy Officer Business Owner System Owner Data Owner System / Database Administrator Users Partners/Stakeholders The Program requires collaboration between:

7 Protection of Business Functions & Systems The VDH Information Security Program protects VDH’s critical business functions and systems through the following components: Risk Management IT Contingency Planning IT Systems Security Logical Access Control Data Protection Facilities Security Personnel Security Threat Management IT Asset Management

8 Protection of Business Functions & Systems Oracle based security: Advanced security includes encryption at rest and during transactions System/user monitoring and audit logs Access controlled by user authentication Role based users tied to data and access Accessibility to authorized users IT Systems Security

9 Information Management Program VDH utilizes the Security Life Cycle Approach to manage it’s Information Management Program which consists of: Business Impact Analysis IT System and Data Sensitivity Classification Risk Assessment IT Security Audits IT Contingency Planning

10 Other Security Considerations VDH has governance responsibility for statewide systems such as: The Health Information Exchange and The All Payer Claims Database The collaboration between DMV & DVR The collaboration between Ancestry & Vital Records VDH requires that vendor contracts contain specific language which upholds the vendor to VDH security standards Contract language and other security documents are audited from both an internal and external perspective

11 Information Security Goals Balance the need for information access with the mandate to maintain confidentiality and ensure integrity Deliver the correct data in a secured environment when and where the information is needed Involve key stakeholders in the Security Program whenever possible Provide training and information to data owners so their role is understood