Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Medicine

Published byTeodor Gajewski Modified over 6 years ago

Similar presentations

Presentation on theme: "Department of Medicine"— Presentation transcript:

1 Department of Medicine
December 16, 2016 HAPPY HOLIDAYS

2 Congratulations UVMMG Awards: Senior Investigator: Anne Dixon Junior Investigator: Michael LaMantia CME Teacher: Patty O’Brien Education grants: Mark Levine Laurie Leclair

3 Diagnosing Information Security in Healthcare
Heather I. Roszkowski Network CISO

4 Information Security Team
What we do: Ensure users have access to the information and applications appropriate for their job function Protect our electronic information Protected Health Information (PHI) Personally Identifiable Information (PII) Sensitive Information (financial, etc.) Why we do it: Patient safety Patient / community trust Regulatory requirements HIPAA, HITECH, PCI-DSS, NIST What is Protected Health Information? - Names - All geographic subdivisions smaller than a State - All elements of dates directly related to an individual (e.g. DOB, admission date, date of death, etc.) - Telephone Numbers - Fax Numbers - addresses - SSN’s - Medical record numbers - Health plan beneficiary numbers - Account numbers - Certificate/license numbers - Vehicle identifiers and serial numbers, including license plate numbers - Device identifiers and serial numbers - URL’s - IP Address numbers - Biometric Identifiers - Full Face photographic images - or any other unique identifying number

5 Information Security Team
Organized into 5 key domain areas: Engineering Identity and Access Auditing and Monitoring Vulnerability and Threat Incident Response

6 Information Security Team
The formation of the team addresses the three main functions of Information Security: Prevention Detection Response PREVENTION DETECTION RESPONSE

7 Information Security Team
The formation of the team addresses both proactive and reactive security PROACTIVE REACTIVE

8 Cyber Vulnerabilities & Threats

9 Cyber Vulnerabilities - Healthcare
PHI PII PCI Protected Health Information Personally Identifiable Information Payment Card Industry (Credit Card Data) Multiple types of sensitive data give hackers more motivation Healthcare Industry is known as lacking in security – “soft target” More incidents in the news brings more attention to the problem Legacy and specialized apps lead to complex and vast landscape Multiple Vulnerabilities Medical devices University networks Cloud data Contractors

10 Threats in Healthcare Theft Unmanaged Devices Printers PHI Snooping
Medical Mobile Printers PHI Snooping Ransomware Widespread workforce

11 Theft of Devices Devices Unencrypted storage Smart Phones Laptops
Portable USB drives Unencrypted storage Medical images Smart phone photos attachments Countermeasures to discuss: Increased physical security Encrypt data at rest User education and awareness encryption/DLP: block, send, encrypt Policies to smart phones forcing device encryption

12 Unmanaged Medical Devices
Devices necessary for life saving procedures Often only 1 or 2 of it’s kind Manufacturers often don’t allow hospitals to change or add security software Often built on old, unsupported, unpatched Oses Many have propriety communications back to manufacturers and partners(VPNs) Countermeasures to discuss: Consistent vulnerability scans – evaluating and prioritizing process Monitoring of traffic. IDS/IPS Governance around medical device intake, understand manufacturer security practices and build SLA security into contracts

13 Printers Majority of printers are now nodes on networks
Patching and mitigations are often focused on workstation endpoints and not printers Printers can be used as a stepping stone to workstations Printers leverage SNMP which is commonly used as a means to compromise “Default on” URLs for management with simple or no authentication required Countermeasures to discuss: Changing community SNMP string Change default passwords Vulnerability management Software kits to delete data after scan/copy Disable SNMP if not needed

14 PHI Snooping Breaches committed by employees or contractors
Some breaches are VIPs, but not all 35% snooped records of fellow employees 27% snooped records of friends or relatives HIPAA requires that all access to patient information be logged and auditable Countermeasures to discuss: Patient privacy monitoring Aggregation of all application access logs Correlate this data with DLP logs Privileged account management for apps and assets Employee behavior modeling

15 Widespread Workforce Geographically spread practices
Vendor support all over country (and globe) Dozens of various devices authenticating to network Perimeter is no longer firewalls, identity in the new perimeter Countermeasures to discuss:

16 Cyber Incidents

17 (Identity Theft Resource Center, 2016)

18 Incidents: Industry 4M medical records maintained on four workstations
Physician loses laptop with psychiatric patients records Neurologic institute accidentally s 10,000 patient records to 200 patients Phishing/hacking nets nearly $3M from six healthcare entities University reports laptop with patient information stolen out of student’s car Printers returned to leasing company compromise thousands of patient records Portable electronic device with patient data stolen from hospital 2200 physicians victims of ID theft/tax fraud Vendor sends 800 letters with patient information to the wrong addresses Vendor sells hospital’s X-rays (films) to third party 400 hospitals’ billings delayed as clearinghouse hit with ransomware Resident loses track of USB with over 500 orthopedic patients’ information APT causes major breach, 4.5M patient records stolen Physician robbed at gunpoint, threatened for passwords State Sponsored Foreign Hackers attack, 80M identifies stolen (McMillian, M, 2015)

19 Ransomware

20 The Ransom

21

22 The Cost of Ransomware

23 Ransomware in the Industry
Becker's Health IT & CIO Review reports hospitals are hit with 88% of all ransomware attacks. Hollywood Presbyterian Medical Center down for 10 days. Paid attackers $17,000 in ransom. MedStar Washington Hospital Center turns away patients. Down for two days. Kansas Heart Hospital pays ransom, does not get all files back.

24 (Scott, J. & Spaniel, D., 2016)

25 Incidents in Healthcare
Becoming more prevalent Healthcare is a target More impactful Not if, but when All about response and resilience

26 Cyber Defense

27 Defensive Strategy: Defense in Depth
(Managed Computer Services, 2015)

28 Incident Response

29 Incident Response Health Network IS Incident Response
Hospital Operations Incident Command Hospital IS Incident Command Computer Security Incident Response Team (CSIRT)

30 So what? Why is this important?
Conclusion So what? Why is this important?

31 Questions?

32 References GIAC. (2003). Global Information Assurance Certification Paper. Retrieved from Glasenbergen, R. (2015). Published with written permission. Retrieved from Identity Theft Resource Center, (2016). Itrc data breach report. Retrieved from pdf Managed Computer Services (2015). Layered Security Graphic. Retrieved from McMillian,M (2015). Selecting the Right CISO. HIMSS Annual Conference. Chicago, IL Ponemon Institute LLC. (2015) Cost of data breach study: global analysis. Traverse City. Ponemon Institute LLC.

33 References Scott, J. & Spaniel, D. (2016). Your life, repackaged and resold; the deep web exploitation of health sector breach victims. Retrieved from Exploitation-of-Health-Sector-Breach-Victims2.pdf Symantec Corp (2016). ISTR: Internet Security Threat Report. Vol. 21. Mountain View. Symantec Corporation

34 Medicine Health Care Services Rules and Regulations Approved by: Medicine Health Care Service Rules, Regulations and Credentials Committee 8/22/2016 HCS Medical Staff September 12, 2016 Bylaws Medical Executive Committee Approved by: BOT: EXCERPT from Article III, Section 1.B: B. Members on the Medicine HCS include Board Certified and Board Eligible Providers including General Internal Medicine, Hospitalists, and Medical Subspecialists in Allergy/Immunology, Cardiology, Dermatology, Endocrinology, Gastroenterology, Geriatrics, Hematology, Oncology, Hepatology, Infectious Disease, Nephrology, Pulmonary Medicine, Critical Care Medicine, Nephrology, and Rheumatology

35 Internal Medicine Residency Update
Mark E. Pasanen, MD, FACP December 16, 2016

36 Congratulations! Board pass rate: Fellowship Match:
2016 graduates: 100% 3-year: 93% Fellowship Match: Caitlyn Baran– Palliative Medicine at Harvard Trace Barrett – Cardiology at UVM Steve Jarzembowski – Pulmonary/Critical Care at Tufts Lakshmi Nambiar – Cardiology at UVM Jackie O’Toole – Pulmonary/Critical Care at Hopkins Javaneh Tamiji – Rheumatology at UVM Susanna Thach – Palliative Medicine at Univ of North Carolina Kaitlyn Vennard – Endocrinology at UVM

37 ACP Poster Winners October 2016
ACP Clinical Vignette Winners: Acquired Brugada from a Fentanyl Variant? Vishal Shah MD MS, Jacqueline O’Toole DO, Elizabeth Hall MD, Charlotte Teneback, MD ACP Research Winner: ACLS Team leadership curriculum to improve team leader confidence and adherence to AHA ACLS time lines Umer Syed, MD; Amy Lynn Teleron, MD

38 Residency Expansion Increase to 15 residents in each class
Welcoming Kara Landry in January as R2 Full expansion in June 2017 Inpatient Hematolgy/Oncology Will split into two services as of January 9, 2017 Malignant Hematology Medical Oncology Dave Rand, Naomi Hodde, Maria Burnett Each service will have one R2/R3 and one R1 Expanded VA experience Residents will have continuity experience at VA outpatient clinic for all 3 years (currently just R1 year)

39 Current Wards Schedule
Mon Tues Wed Thur Fri 7-8am Sign-out Pre-round 8-9am MR Grand Rounds 9-10am Rounds 10-12am 12-1pm Lecture Resident talks/ Journal Club Sub-speciality Rounds IR/ Board Review 1-5pm Work

40 Issues with current system
Attendance fair (at best) Numerous distractions Compressed work-day Leads to service/education imbalance Not learner level specific Difficult to prepare content Unable to build on previous educational sessions

41 Resident Satisfaction ACGME survey 2016
Appropriate balance for education: 43% vs 79% (3.4 vs 4.1) Education not compromised by service: 23% vs 69% (2.9 vs 3.9) Environment of Inquiry: 83% vs 79% (4.0 vs 4.1) Sufficient instruction: 80% vs 85% (4.0 vs 4.2) Faculty interest: 83% vs 85% (4.0 vs 4.2)

42 Proposed Schedule Mon Tues Wed Thur Fri 7-8 am Sign-out Pre-round
MR Grand Rounds 9-10 am Resident rounds 10-10:30 Resident/ Attending review 10:30-12pm Attending Rounds 12-1pm Housestaff meeting/possible other items Intern Report 1:30-4:30pm R1 Academic Half-day R2/R3 Academic Half-day

43 Academic Half Day Monthly “Immersion” Jan 11-Feb 9: Nephrology
Feb 15-March 16: Gastroenterology Case Based and Problem based learning with 2-3 cases per session Longitudinal Curriculum EBM/Journal Club, Resident Talks, Quality Improvement, Ultrasound, Teaching to Teach, Wellness, etc .. 1:50-2:30 2:30-2:40 2:40-3:10 3:15-3:45 3:45-4:30 Pretest questions or review questions from week prior (MKSAP, specialty question banks) Case session #1 Break Wild card activity: Lab, Simulation, procedures, Ultrasound, Micro, Imaging Case session #2 MKSAP wrap up

44 Evidence for AHD Cleveland Clinic transitioned in 2011
Looked at ITE scores/resident satisfaction AHD associated with higher ITE-3 score Increased learning satisfaction (3.4 vs 3.0) Transitioning from a Noon Conference to an Academic Half-day Curriculum: Efffect on Medical Knowledge Acquisition and Learning Satisfaction by Ha D, etal. JGME March 2014

45 Academic Half-Days Barriers: Benefits: Time/scheduling
Complete overhaul of our lecture curriculum Benefits: Protected teaching/learning time Level specific teaching Ability to introduce more novel/active teaching techniques TBL, PBL Incorporate QI/safety, EBM, wellness, Resident Teaching

46 Larner College of Medicine
Medical Education Initiatives

47 Near-Term Projects Capital Projects Curriculum
Reardon Classroom (August 2016) Learning Commons (June 2017) Brickyard (Fall 2016) Sim Lab (Fall 2017) Curriculum FoCS (August 2016) Major Retreat (February 2017) PoCUS (March 2017) Emergency Medicine (March 2017) LIC (March 2017) WCHN Campus (March 2018)

48 Reardon Classroom, 302, 303

49 Larner Learning Commons

50 Brickyard

51 Long-Term Planning Active Learning into Curriculum
Foundations (Rebecca Wilcox, Pathology) Clerkship (Jesse Moore, Surgery) Pathways in UME (Pat King, Medicine) Specialization opportunities in addition to core requirements? Tracks? Possibilities: Public health, global health, rural medicine, research Learning Environment/Well being (Stephanie Mann, Medicine) Physical Plant, infrastructure and cultural means to enhance learning

52 Teaching Academy by Department
Paid Faculty TA Members % of Department Anesthesiology 48 8 17% Biochemistry 20 2 10% Family Medicine 47 6 13% Medicine 185 19 Microbiology and Molecular Genetics 14 0% Molecular Physiology and Biophysics 13 1 8% Neurological Sciences 41 5% Ob/Gyn 25 3 12% Orthopaedics & Rehabilitation 31 6% Pathology & Laboratory Medicine 49 17 35% Pediatrics 66 26% Pharmacology Psychiatry 5 Radiology 43 4 9% Surgery 111 7% Total 761 96

53

Download ppt "Department of Medicine"

Similar presentations

The Profession of Medicine

The Profession of Medicine
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Informed Consent.

Informed Consent.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center

Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center
Security Controls – What Works

Security Controls – What Works
Curriculum Renewal MD Undergraduate Program. Why Change?

Curriculum Renewal MD Undergraduate Program. Why Change?
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Protecting Sensitive Information PA Turnpike Commission.

Protecting Sensitive Information PA Turnpike Commission.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.

Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
Program Administrator Certification

Program Administrator Certification
HIPAA Business Associates Leadership Group Meeting June 28, 2001.

HIPAA Business Associates Leadership Group Meeting June 28, 2001.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Component 2: The Culture of Health Care Unit 2: Health Professionals – the people in health care Lecture 1 This material was developed by Oregon Health.

Component 2: The Culture of Health Care Unit 2: Health Professionals – the people in health care Lecture 1 This material was developed by Oregon Health.
Medical Education Paul J. McDermott, Ph.D. Associate Dean for Faculty Affairs and Development Office: 789-6839.

Medical Education Paul J. McDermott, Ph.D. Associate Dean for Faculty Affairs and Development Office:
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Similar presentations

Ads by Google