Privacy security in the age of meaningful use
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

Privacy & Security in the Age of Meaningful Use PowerPoint PPT Presentation


  • 66 Views
  • Uploaded on
  • Presentation posted in: General

Privacy & Security in the Age of Meaningful Use. David S. Finn. Health Information Technology Officer, Symantec Corp. By way of Introduction. 1. We Don’t Really Do a Very Good Job at This. 2. What’s Different and Why the Paradigm Shift. 3.

Download Presentation

Privacy & Security in the Age of Meaningful Use

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Privacy security in the age of meaningful use

Privacy & Security in the Age of Meaningful Use

David S. Finn

Health Information Technology Officer, Symantec Corp.

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

By way of Introduction

1

We Don’t Really Do a Very Good Job at This

2

What’s Different and Why the Paradigm Shift

3

Changing Threat Landscape + Evolving Infrastructure

4

= Complexity

5

It’s About the Data

6

Q & A

7

Privacy & Security in the Age of Meaningful Use


Who is that man and why is he talking

Who is that man and why is he talking?

  • Recovering healthcare CIO

  • Unable to hold a job (treasurer for theatrical production company; real estate controller; world’s oldest entry level programmer; systems audit; IS manager; audit director; healthcare IT consultant; operational/system risk consultant; EVP Operations - healthcare consultancy; privacy & information security officer; VP-IS; CIO; Health IT Officer)

  • CISA, CISM, CRISC

  • 2 degrees in Theatre

Privacy & Security in the Age of Meaningful Use


Top ten things that would be different if we actually did privacy and security right

Top Ten Things that Would be Different if We Actually Did Privacy and Security Right . . .

  • Wiki Leaks wouldn’t.

    9.Rupert Murdoch would still have all of his newspapers.

    8.The HHS “Wall of Shame” website could be leased out for advertising.

    7.A “bot net” would be a net for catching runaway robots instead of a term used to describe millions of runaway computers.

    6.A worm would be used as fishing bait rather than to infiltrate computer systems.

Privacy & Security in the Age of Meaningful Use


Top ten things that would be different if we actually did privacy and security right1

Top Ten Things that Would be Different if We Actually Did Privacy and Security Right . . .

5.We wouldn’t have to see or hear the word “cyber crime” 300 times/day in every book, magazine, newspaper or newscast.

4.A cloud would be a soft, fluffy thing, even to IT people . . . not a place of terror.

3.The word “virus” could be returned to the medical world - - where it came from.

  • I could be talking about core business functions rather than the security you need to have in place just to conduct your core business functions.

    1.A hacker would just be someone who had a bad cough.

Privacy & Security in the Age of Meaningful Use


Seriously though if we actually took this seriously

Seriously, though, if we actually took this seriously . . .

  • Security would be designed into systems, not added after the fact

  • Security would not be the first thing cut as scope creep began because it is easier to cut than explain cutting functionality (no matter how obscure or arcane)

  • Security and Privacy would be part of the business mission, not a compliance requirement that you do everything you can do to minimize

  • Security wouldn’t be a small group in IT, it would be embedded in all the operational functions of IT

  • Security and Privacy would part of every employees job description (not just in IT)

  • Security would mean something and not be another card IT played to get head count, OpEx or CapEx budget

Privacy & Security in the Age of Meaningful Use


Security has changed and it

Security has changed . . . And IT

  • Security . . .

  • Proliferation of intelligent devices with embedded and downloaded software

  • The Threat landscape

  • More automation, more data, more access

  • As a result:

    • Growing dependency on a highly complex ecosystem of devices

    • But: these systems are now attracting the attention of the “underground economy”

  • And not just security but how we do IT . . .

  • Mobile

  • Anytime, anywhere, any device

  • Separation between traditional IT infrastructure and consumer devices is disappearing – infrastructures as well as data are merging

    • Virtualization leading to Cloud

  • Cloud for internal IT service delivery and for delivery of IT services.

  • Legislation & Regulation are raising the security and privacy bar – legal exposure

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

Key Security Trends

CHALLENGING

THREAT LANDSCAPE

WELL_MEANING &MALICIOUS INSIDERS

TARGETED ATTACKS

INCREASING

COMPLEXITY

EVOLVING

INFRASTRUCTURE

INCREASING FINANCIALAND COMPLIANCE RISK

MORE DATA:HIGHER RISK &SWEETER TARGET

COMPLIANCE REQUIREMENTS

MOBILE

VIRTUALIZATION

VENDOR COMPLEXITY

CLOUD

Privacy & Security in the Age of Meaningful Use


The current approach is not working

The Current Approach Is Not Working

Spending More

Stopping Less

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

IT Must Evolve to Meet New Demands

System-Centric

Information-Centric

  • Data: Centralized, structured

  • Infrastructure: Physical

  • IT focus: Systems tasks

  • Data: Distributed, unstructured

  • Infrastructure: Physical, virtual, cloud, mobile outsourced

  • IT Focus: Information

Privacy & Security in the Age of Meaningful Use


The information centric model

The Information-Centric Model

It’s about the data.

Remediation

Discovery

Policy

Compliance

Reporting

Classification

Threats

Ownership

Identity

Encryption

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

  • When It is About the Data.

RISK

Policy

Identify

Compliance

Remediate

Governance

Manage Risk

Store

Manage

INFORMATION

Protect

Recover

Infrastructure

Intelligence

COST

VALUE

Classify

Discover

Ownership

Assess

Privacy & Security in the Age of Meaningful Use

PHYSICAL

12

VIRTUAL

CLOUD

MOBILE


Privacy security in the age of meaningful use

Addressing Security Challenges at Each Layer

GOVERNANCE

Policy Driven and

Risk Based

INTELLIGENCE

Information and Identity Centric

INFRASTRUCTURE

Well Managed and Secure

  • Protect against customized targeted attacks

  • Secure virtual and cloud-based environments

  • Manage and secure data on mobile devices

  • Classify critical data

  • Discover where data is

  • Apply encryption

  • Monitor threats to data

  • Develop and enforce policies

  • Identify and authenticate

  • Assess against policies

  • Prioritize remediation based on risk

  • Deliver multi-level reports to manage IT risks

Privacy & Security in the Age of Meaningful Use


Compliance and security solutions

Compliance and Security Solutions

GOVERNANCE

Develop Policies, Manage Risk

Policy & Procedure; On-going Risk Management

Authenticate Identities

Domains; 2FA

INTELLIGENCE

Protect the Information

Data Loss Prevention & Encryption

Identity Threats

Managed Security Services

INFRASTRUCTURE

Manage Systems

IT Life Cycle Management

Protect the Infrastructure

Layered Protection

Cloud

Cloud (SLA, network performance, processes)

Privacy & Security in the Age of Meaningful Use


Meaningful use and provider business impacts

“Meaningful Use” and Provider Business Impacts

Privacy & Security in the Age of Meaningful Use


Meaningful use and provider it impacts

“Meaningful Use” and Provider IT Impacts

Privacy & Security in the Age of Meaningful Use


Providers under pressure

Providers under Pressure

HIPAA

Data Retention

Enforcement

Security & Privacy

Rules

HIPAA Health Insurance Portability and Accountability Act

HITECHHealth Information Technology for Economic and Clinical Health Act

ARRAAmerican Recovery and Reinvestment Act

P4PPay for Performance

ICDInternational Classification of Diseases (used for insurance billing)

CMSCenter for Medicare and Medicaid Services

JCAHOJoint Commission on Accreditation of Healthcare Organizations = “The Joint Commission”

HITECH

State Regulations

Funding & Laws

Security & Privacy

Mandates

ARRA

JCAHO

Incentives& Grants

Accreditation

$-Cuts

Quality

Reporting

CMS

MoreReporting

New Billing Rules

Outcomes-basedReimbursement

Disease Registries

ICD-10

P4P

Privacy & Security in the Age of Meaningful Use


Budgets are under pressure but the need doesn t go away

Budgets are under Pressure but the Need doesn’t go Away

Critical Infrastructure Security

  • Automate security processes

  • Efficiently guard PHI (Protected Health Information)

  • Comprehensive protection of entire enterprise infrastructure

  • Outsource security management

Managing Storage Complexity

  • Standardize management and backup tools across platforms

  • Discover unutilized capacity

  • Manage storage across clinical departments (Radiology, Cardiology, etc).

  • Postpone costly HW investments and avoid standardization “the HW way”

Automating IT Regulatory Compliance

  • Automate compliance processes

  • Minimize risk of non-compliance

  • Integrate compliance processes and centralize management of security logs

  • Minimize risk of breach and exposure

Managing Electronic Messaging

  • Avoid email system upgrades, mitigate storage growth

  • Reduce cost through file system storage tiering

  • Increase user productivity, eliminate doctors’ (and other users’) mailbox quota

  • Automate legal processes

IT Lifecycle Management

  • Automate deployment of new systems and upgrades

  • Reduce application conflicts and enable better HW utilization

  • Accurately account for licenses and leases

  • Automate help desk processes and reduce help desk tickets

Desktop and Application Virtualization

  • Extend client HW life

  • Bridge during system transitions and (potentially delayed) project roll-outs

  • Benefit from inherent security & performance increase of a server-based computing model

  • Increase clinician productivity by enabling roaming and remote access

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

Develop and Enforce IT Policies

Remediateproblems

Assess infrastructureand processes

Define riskand developIT policies

Report,monitor anddemonstratedue care

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

Protect the Information

Discover sensitiveinformation

Define ownership and access rights

Remediate process and policy deficiencies

Enforce acceptable use

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

Authenticate Identities

Validate identities of users, sites and devices

Control access

Provide trusted connections

Authenticate transactions

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

Manage Systems

Monitor system status

Implementsecureoperatingenvironments

Enforcepatch levels

AutomateIT processes

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

Protect The Infrastructure

Protectagainst email& web-based threats

Backup & recover criticaldata

Secure& harden endpoints & critical servers

Visibilityinto cross- infrastructure attacks

Privacy & Security in the Age of Meaningful Use


Privacy security in the age of meaningful use

Presentation Identifier Goes Here


Questions

Questions?

Unless someone like you cares a whole awful lot, nothing is going to get better. It's not.Dr. Seuss

David S. Finn

Health IT Officer

[email protected]

832.816.2206

Privacy & Security in the Age of Meaningful Use

25


  • Login