Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.

Published byDulcie Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO."— Presentation transcript:

1 Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO

2 Founded 2005 Alaskan Owned and Operated Information Security Consulting Consulting for Compliance and Best Practices Information Risk Assessment and Network Testing Security Research, Design & Testing Incident Response & Investigations Forensics & Network Investigations Court-proven, Certified Investigators Cutting-edge Online Investigative Techniques

3 THE WORD

4 Why should care about privacy in our business? “Because it’s the right thing to do. Nobody likes that feeling of violation when private information about them is no longer private. No one wants to visit a doctor who blabs about their health condition. Providers must protect electronic information as an extension of patient confidentiality.” - DigitalSecurus

5 REDACTED This slide has been redacted due to its proprietary or copyrighted work product.

6 REDACTED This slide has been redacted due to its proprietary or copyrighted work product.

7 “PAST practices does not mean BEST practices” - Glen Klinkhart

8 Top 10 Assessment Findings in Alaska 1.No risk analysis performed to date 2.No electronic security management plan 3.No physical security management plan 4.Insufficient policies for security best practice and compliance 5.Data at rest not encrypted, no compensating controls 6.Data not encrypted on high-risk ePHI assets (laptops, etc.) 7.Backups not encrypted 8.No security training program 9.No log collection, monitoring, alerting for appropriate usage and security events 10.No incident response or data breach reporting procedures

9 Best Practices is HIPAA (in some cases it’s better!) Don’t assume compliance runs contrary to profitability.

10 Risk Management Mitigating risk found in all three roles. The entire staff also plays a role. It is the culture of your business. Practitioner Owner Manager

11 What do we see? “The EMR was supposed to solve our problems.” Fragmented implementation Theft Security assessments are misperceived Major implementations facilitated by office staff with a full time job description Misconception that security is at the hands of your IT Administrator

12 What do we see? No proper policies and procedures in place No security management plan No security assessment No proper logging No log reviews No proper encryption Security is left up to the IT department

13 REDACTED This slide has been redacted due to its proprietary or copyrighted work product.

14 Security must be a culture It is NOT a check off list It is not I.T.’s job It is everyone’s responsibility, EVERY DAY Training and education must be ongoing Assessments must occur yearly New equipment/upgrade risks must be mitigated Vendors must be held to their “promises” Always preparing for the “worse case scenarios”

15 Bad stuff will happen You have fire insurance, don’t you? You have malpractice insurance, don’t you? How many of you have cyber insurance???

16 Areas of Planning Policies and procedures Employee training Log monitoring, alerting Proper EMR administration and privileges Security of hardware, software Frequency of security assessments Misconception you are secure because you have a web based application Incident response

17 It all starts with policies Policies and procedures are the basis for EVERYTHING They are also the “low hanging fruit”

18 Incident Response If you think meeting security requirements is expensive: Data loss is estimated at $210 per record Cost of lost patient confidence? Cost of bad publicity? Cost of incident response/investigation Legal costs Do you or your clients have cyber breach insurance?

19 High Level Security Assessment 3 part entry level assessment 250 question assessment External network scan Internal network analysis

20 What about Law firms? Do you handle medical clients??? Doctors Physicians assistants Nurses Administrators Hospitals or clinics

21 What about Law firms? Do you have any P.I.I. (Personally Identifiable Information ) at your practice??? At least two identifying kinds of information Name Address DOB SSN

22 Questions??? Mike Messick Glen Klinkhart (907) 334-9090 P.O. Box 242334, Anchorage, Alaska info@digitalsecurus.com

Download ppt "Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
EOC: Semi-Annual Review of DOH Survey Citations, The Top 10!

EOC: Semi-Annual Review of DOH Survey Citations, The Top 10!
Hipaa privacy and Security

Hipaa privacy and Security
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

Similar presentations

Ads by Google