Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dino Tsibouris (614) 360-1160 Information Security – What’s New In the Law?

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Dino Tsibouris (614) 360-1160 Information Security – What’s New In the Law?"— Presentation transcript:

1 Dino Tsibouris (614) 360-1160 dino@tsibouris.com Information Security – What’s New In the Law?

2 Trends for 2010 Increased federal and state regulation of information security Increased enforcement Increased costs to resolve a breach Increased “compliance complexity” as technology changes

3 Examples HITECH Act - Amendments to HIPAA by the Stimulus Act Enforcement Actions under HITECH Medical Data in the Cloud Revisions to State Law Regarding PCI-DSS Anonymization Becoming Difficult Heartland and Countrywide Breaches

4 HITECH ACT Amends HIPAA New breach notification rules New penalties Increased levels of minimum security State AG enforcement

5 Connecticut Health Net Enforcement Connecticut Attorney General - HIPAA Lost portable computer disk drive Involves privacy of 446,000 Connecticut enrollees Health information, social security numbers, and bank account numbers Failed to notify on time

6 Connecticut Health Net Enforcement Health Net failed to Ensure the confidentiality and integrity of electronic protected health information Implement technical policies and procedures for electronic information systems Implement policies and procedures that govern the receipt and removal of hardware and electronic media

7 Connecticut Health Net Enforcement Health Net failed to Implement policies and procedures to prevent, detect, contain, and correct security violations Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents Effectively train all members of its workforce

8 Medical Data in the Cloud Data stored in the cloud more and more frequently Third-party contractors more and more common – Security and background checks for companies a necessity – Conduct audits or obtain results – Ownership of data – Prohibiting sales to others – Return in appropriate format

9 Anonymization Privacy laws provide exceptions for anonymized data It is now more difficult to anonymize data Examples: AOL search results release Netflix million dollar prize release MA health records release Unique ID 87% of the US with ZIP, DoB, Sex

10 Fallout from failed Anonymization AOL CTO resigns MA governor is embarrassed Netflix is sued in court for outing a lesbian mother DBs are permanently associated

11 HHS Research Current HHS regulations have detail on de- identification HHS realizes the difficulty in anonymizing personal data Funds research on technology to achieve anonymity while maintaining value to research Future laws will likely keep these difficulties in mind

12 HIPAA - Employee Snooping UCLA employee Accesses system 323 times in 3 weeks Snoops on celebrity medical records Similar incident in 2008 UCLA reveals that 165 employees improperly viewed files in 13 years 15 fired for viewing octuplet mom’s records

13 Massachusetts Data Security Regulations Creates duty to protect personal data Applies to the personal information of MA residents Sophistication of safeguards increases with size and scope of business Effective date delayed – March 1, 2010

14 Nevada PCI-DSS Effective Jan. 1, 2010 Requires encryption when electronically transmitting personal data Requires compliance with PCI-DSS Similar to Minnesota law

15 Heartland Payment Systems Breach 6 th Largest Payment Processor Involved 330 Financial Institutions Heartland was PCI-DSS certified SQL injection attack CC#s, expiration dates, stored magnetic stripe data Lost ~130 million card numbers

16 Heartland Payment Systems Breach Removed from VISA CISP list Reported $105 million in expenses – $90 million to Visa, MasterCard, Banks $60 million to card issuers – $3.5 million to AmEx Settles Cardholder Class Action for $2.4 million Stockholder Class Action in NJ Dismissed

17 Countrywide Breach Countrywide Financial Services Former employees Downloaded and sold customer data Every week for 2 years 19,000 individuals notified of breach Class action settles for over $10 million

18 Trends for 2010 Increased federal and state regulation of information security Increased enforcement Increased costs to resolve a breach Increased “compliance complexity” as technology changes

19 Dino Tsibouris (614) 360-1160 dino@tsibouris.com Questions & Answers

Download ppt "Dino Tsibouris (614) 360-1160 Information Security – What’s New In the Law?"

Similar presentations

Dino Tsibouris Mehmet Munur (614) 360-1160 (614) 360-1160 Information Security: Changes in the Law, Cost,

Dino Tsibouris Mehmet Munur (614) (614) Information Security: Changes in the Law, Cost,
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.
Dino Tsibouris (614) 360-1160 Information Security – Changes in the Law, Cost, and Complexity of Responding to Breaches.

Dino Tsibouris (614) Information Security – Changes in the Law, Cost, and Complexity of Responding to Breaches.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Similar presentations

Ads by Google