CAM Cloud Assisted Privacy Preserving Mobile Health Monitoring PDF
The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and...
Transcript of The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and...
![Page 1: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/1.jpg)
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te a
nd
Co
nfi
den
tial
An Information Technology and Information Security Perspective
December 11, 2014
The State of Patient Privacy Monitoring and its Future – Part 2
Watch the Replay
![Page 2: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/2.jpg)
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te a
nd
Co
nfi
den
tial
Today’s FairWarning® Moderators
Kurt J. Long
Founder
FairWarning, Inc.
Shane Whitlatch
Executive Vice President, Customer Value Creation
FairWarning, Inc.
Chris Arnold
Vice President of Product Management & Engineering
FairWarning, Inc.
Mike Lyons
Director Product Development
FairWarning, Inc.
![Page 3: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/3.jpg)
Agenda
• Emerging Threats
• FairWarning Ready®
– Audit data availability and use
– Identity management and privacy monitoring
– Cloud Security
• Ethics & Integrity
• Privacy Excellence Awards
![Page 4: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/4.jpg)
Guest Panelists
Dena Boggan
HIPAA Privacy & Security Officer
St. Dominic’s Jackson Memorial Hospital
Doug Clarkston
Privacy Officer
Beaumont Health System
Charles Fletcher
Chief Compliance Officer
Maury Regional Medical Center
Patricia Henrikson
Chief Privacy Officer
Banner Health
Tara McKibben
Privacy Officer
Susquehanna Health System
Deborah Reif
Corporate Responsibility Officer & Privacy Officer
Mercy Health – Springfield
Tina Tolliver
Corporate Compliance Director, Privacy Officer
Cookeville Regional Medical
Dena Boggan
HIPAA Privacy & Security Officer
St. Dominic’s Jackson Memorial Hospital
Jerry Burgess
Vice President of Corporate Responsibility
Alexian Brothers Health System
John Houston
Vice President, Information Security and Privacy, Associate Counsel
UPMC
Christopher Paidhrin
IST Security Administration Manager
PeaceHealth
Deborah Reif
Corporate Responsibility Officer & Privacy Officer
Mercy Health – Springfield
December 10th, 2014Compliance & Privacy
December 11th, 2014Information & Security
![Page 5: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/5.jpg)
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te a
nd
Co
nfi
den
tial
Emerging Threats
![Page 6: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/6.jpg)
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te a
nd
Co
nfi
den
tial
Emerging Threats
´1
Lost laptops, media, paper records
Patient Complaints
Snooping
Medical & Financial ID Theft
201420122010
IRS Tax Fraud
2011 2013Pre-2010
Sale of Patient Data
to Crime Rings
Sale of Physician Data
to Crime Rings
Sale of Employee Data
to Crime Rings
• Stolen Medical Identity with sensitive & confidential information increased from $188 to $201.
• Source: Ponemon Institute, May 2014 www.ibm.com/services/costofbreach
• The FBI and DHS assess that disgruntled and former employees pose a significant cyber threat to US
businesses• Source: FBI & DHS Report September 23, 2014
http://www.ic3.gov/media/2014/140923.aspx
![Page 7: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/7.jpg)
Emerging Threats
The Insider Threat – Reality and Response
• Unauthorized access by authorized users – 87% On-site, not IT, snooping or money motivated
• Expanding landscape for misuse, abuse, fraud, - Trends – Mobile, Cloud, Social Media, Disruptive Change
• Behavior driven challenges, difficult to detect – 32 months – Minimal collusion, Leadership losses are double
• Audits, Monitoring, Awareness – Benevolent monitoring, automated alerts – eyes on Christopher Paidhrin
IST Security Administration Manager
PeaceHealth
![Page 8: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/8.jpg)
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te a
nd
Co
nfi
den
tial
FairWarning Ready®
![Page 9: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/9.jpg)
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te a
nd
Co
nfi
den
tial
FairWarning Ready®
• All major EHR and 250+ Healthcare Applications
• Enterprise security
• Industry benefits– Data consistency
– Cost & complexity reduction
– Speed to value increase
![Page 10: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/10.jpg)
Audit data availability and use
• Leveraged system upgrade and incompatibility of existing tool with new system
• FairWarning® was positioned to meet our compliance needs of monitoring all key systems
• Experienced barriers getting vendors to produce access data with the desired fields
• Leveraged the financial interests of other initiatives to engage with application vendors to dedicate resources
• Recommend educating key stakeholders early and consistently about risks and regulations Jerry Burgess
Vice President of Corporate Responsibility
Alexian Brothers Health System
![Page 11: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/11.jpg)
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te a
nd
Co
nfi
den
tial
Identity Management
![Page 12: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/12.jpg)
Power of Identity on Patient Privacy Monitoring
Application 1 Audit Log
Application N Audit Log
FairWarning® Patient Privacy Monitoring
FairWarning® for Identity Access Management
CERNER
MEDITECH
1 … through 250+
Private Service Cloud
![Page 13: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/13.jpg)
Automate HIPAA Access Control Reviewwith FairWarning® for IAM
Fill gaps in existing HIPAA Access Control Processes• Help to meet §164.312(a)(1)• Review and update user access
Benefits• Detection of access after termination• Discovery of unknown users• Discovery of orphaned accounts• Centralized Identity Report
Discover Identities
Correlate Identities
Cleanse Identities
Centralize Identities
Audit Identity
Processes
![Page 14: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/14.jpg)
Identity management and privacy monitoring
John Houston
Vice President, Information Security and Privacy, Associate Counsel
UPMC
Identity management (IdM) is the task of controlling information about
users on computers. Such information includes information that
authenticates the identity of a user, information that describes
information and actions they are authorized to access and/or perform.
It also includes the management of descriptive information about the
user and how and by whom that information can be accessed and
modified. Managed entities typically include users, hardware and
network resources and even applications.From:
2014 Privacy Excellence Award Winner
![Page 15: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/15.jpg)
Identity management and privacy monitoring
Automated
• Enables regulatory compliance
• Supports meaningful use
• Improves organizational efficiency
• Improves access controls, resulting in a
reduced risk “footprint”
• Supports emerging requirements /
technologies, including the accelerating
adoption of smartphones & tablet devices
• Improves controls over cloud-based
services
Manual
• Hospitals struggle to adequately manage user account or demonstrate HIPAA compliance
• Hospitals that attest to meaningful use are at risk of having incentive payments questioned due to lack of HIPAA compliance
• OCR reported that 2 of the top 5 most prevalent security issues identified through its audits were “grant, modify user access” and “authentication /integrity”
• Internal auditors are concerned about inappropriate access to information
![Page 16: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/16.jpg)
MGR
HR
PO
MGR
HR
PO
MGR
HR
PO
MGR
HR
PO
· Delegating the review ofpotential privacy incidents basedon the user’s manager, campus,facility, or other criteria
· Escalating only inappropriateaccess incidents to corporate
compliance team
… Dozens ofHospitals
….……Hundreds ofClinics & PhysicianPractices
Identity management and privacy monitoring
![Page 17: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/17.jpg)
Monitoring your cloud applications
![Page 18: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/18.jpg)
New Tools in 2015
![Page 19: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/19.jpg)
FairWarning®For Your Healthcare Applications and Cloud Security
User Activity Reports
Proactive Breach Detection Analytics and Alerts
Investigationsand Legal Defense
Automated Monthly
Effectiveness Reports
Governance & Compliance Effectiveness
Risk and Audit Dashboards
![Page 20: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/20.jpg)
Drivers
– Protection against data theft
– Utilize highly sensitive information in Salesforce
– HIPAA, EU Data Protection Act,
UK Data Protection Act, SOX 404 IT controls,
PCI, PIPEDA, FFIEC
– User adoption
Fills an important gap in Salesforce Data Protection
Where FairWarning® Fits In
![Page 21: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/21.jpg)
The Basics of How it Works
28 Event Monitoring
Log Files
![Page 22: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/22.jpg)
Example Use Cases
• Forensic investigation of a user’s activities
• Monitoring & alerting on a departing
employee’s exports
• Monitoring of access to sensitive accounts
& contacts
• User access after termination
• User access trends & visualization
• Easy-to-interpret for a business user
• Ad-hoc reporting, monitoring & alerting
• Multi-criteria filtering
• Visualization, trending, graphing
• Standard and Custom Objects
• Multi-org support
![Page 23: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/23.jpg)
Ethics and Integrity
![Page 24: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/24.jpg)
Ethics and Integrity
• Ethical responsibility in using the FairWarning® data in a manner consistent with the intended purpose
• Ethical responsibility to scale for organizational size and risk analysis, in accordance with the regulations
• Clear and consistent in handling inappropriate uses/disclosures of PHI
Deborah Reif
Corporate Responsibility Officer & Privacy OfficerMercy Health – Springfield
![Page 25: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/25.jpg)
Privacy Excellence Awards
![Page 26: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/26.jpg)
2015 Privacy Excellence Awards
Pathway to Excellence• Recognition for privacy heroes
• Judged by a panel of experts
• Ultimate benchmark for patient privacy monitoring
• Winner recognized at 2015 HCCA Compliance Institute
![Page 27: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/27.jpg)
2015 Privacy Excellence Awards
• 2014 Winners’ Profiles– Best Overall & Best Medium - Small Healthcare
Provider, Eastern United States: St. Dominic’s Hospital
– Visionary of the Year & Best Large Healthcare Provider, Eastern United States: UPMC
– Best Large Healthcare Provider, Western United States: Banner Health
– Best Medium - Small Healthcare Provider, Western United States: The Everett Clinic
– Best Healthcare Provider, Canada: Health Information Technology Services – Nova Scotia
– Best Healthcare Provider, United Kingdom & Europe: NHS Lothian
![Page 28: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/28.jpg)
2015 Privacy Excellence Awards
Feb 1st Mar 1st Apr 20th
Application Begins Applications Due Winners Announced at HCCA Compliance
Institute
![Page 29: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/29.jpg)
See you in Orlando for the 2015 HCCA Compliance Institute
![Page 30: The State of Patient Privacy Monitoring and its Future Part 2€¦ · Identity management and privacy monitoring Automated • Enables regulatory compliance • Supports meaningful](https://reader030.fdocuments.in/reader030/viewer/2022040609/5ecb6b2dc757de52494be9fc/html5/thumbnails/30.jpg)
Questions