Security of ehealth information hipaa compliance at hra
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Security of eHealth Information HIPAA Compliance at HRA PowerPoint PPT Presentation


  • 54 Views
  • Uploaded on
  • Presentation posted in: General

Security of eHealth Information HIPAA Compliance at HRA. Group: GTR ver M Grace Chen Taru Singhal Robert Szymanek Michael Parker. Agenda. Identify the Problem Compliance/Risk Storage Options Transmission Options Feasibility Analysis Final Recommendation. Identify the Problem.

Download Presentation

Security of eHealth Information HIPAA Compliance at HRA

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Security of ehealth information hipaa compliance at hra

Security of eHealth InformationHIPAA Compliance at HRA

  • Group: GTR ver M

    • Grace Chen

    • Taru Singhal

    • Robert Szymanek

    • Michael Parker


Agenda

Agenda

  • Identify the Problem

  • Compliance/Risk

  • Storage Options

  • Transmission Options

  • Feasibility Analysis

  • Final Recommendation


Identify the problem

Identify the Problem

  • Deficiencies in the process of storage/backup

    • Is the current data stored?

    • Is there a secure backup currently performed?

    • Is current data encrypted?

    • Currently how is data archived?

  • Deficiencies in the process of transmission

    • What is the best way to transmit data?

    • What Is the best encryption

    • Is E-mail safe? ftp/sftp?


Types of sensitive information

Types of Sensitive Information

  • Social Security numbers

  • Home addresses and telephone numbers

  • Personal and family health history

  • Bank accounts and credit card numbers


Why compliance

Why Compliance?

  • The HIPAA Privacy Rule applies to:

    • Health plans

    • Healthcare clearinghouses, part of an HIO

    • Healthcare providers that conduct covered transactions

  • Healthcare Information Organization (HIO) performs certain functions or activities which require access to PHI

  • Healthcare clearinghouses collect data such as PHI and data-mine them


Risk of non compliance

Risk of Non-Compliance

  • Federal Penalties

    • The U.S. Department of Health & Human Services has the authority to impose penalties of $100 to $50,000 or more per violation.

  • Criminal Penalties

    • The U.S. Department of Justice has the right to fine organizations and individuals who intentionally violate standards. The penalties range from $50,000 to $250,000, with various jail sentence lengths, depending on the offense.


Protect the organization

Protect the organization!

  • Encrypt data on servers and email

  • Restrict use of file sharing applications and portable devices

  • Provide protection against malware and attacks

  • Use comprehensive security policies

  • Log data points for compliance audits


Security of ehealth information hipaa compliance at hra

Storage of

Protected Health Information

Opt 1: Data Center/Iron Mountain

Opt 2: Citrix Solution/Iron Mountain


Opt 1 data center infrastructure

Opt 1: Data Center Infrastructure

  • SAN/Servers - $160,000

  • Cisco - $24,000

  • VMware/Failover - $26,000

  • Applications (VeriSign, sftp) - $10,500

  • Contractors - $9,400

  • Total - $229,900


Opt 2 citrix solution

Opt 2: Citrix Solution

  • Citrix Access Gateway protects data using standards-based encryption technologies (SSL/TLS).

  • Secure remote access.

  • Leading SSL VPN performance and scalability.

  • Protect intellectual property with corporate policies.

  • Lets users work from anywhere.


Citrix solution estimate

Citrix Solution Estimate

  • Data Center (1,000 users) - $229,900

    • Same expense as for both solutions.


Opt 1 2 iron mountain services

Opt 1/2: Iron Mountain Services

  • Rapid recovery

  • Extremely high security

  • Reduce risk of server data loss and downtime

  • Continuous backup

  • Protection of open files and databases

  • Flexible retention periods

  • Access when and where you want it

    • http://www.ironmountain.com/health-information/health-server-backup.html


Opt 1 2 iron mountain expenses

Opt 1/2: Iron Mountain Expenses

  • $2.15 per GB per month

  • HIPAA Retention Period is 7 years

Operating expense, non-capital


Security of ehealth information hipaa compliance at hra

Transmission of

Protected Health Information


Data transmission secure ftp

Data Transmission - Secure FTP

  • Secure FTP can be used as a technical mechanism, protecting data in motion within a distributed healthcare system.

  • Secure Shell password controls file access.

  • Secure Shell encryption controls confidentiality of the information.

  • Server Event logs facilitates a security audit.


Data transmission secure email

Data Transmission - Secure Email

  • The primary rule within HIPAA that affects e-mail is the Security Rule.

  • Many encryption technologies require the user to become familiar with the use of plug-ins and other specialized “client-side” encryption software

  • Another issue faced by organizations is a lack of technological standards

  • The solution to each of these issues is to move the encryption responsibility from the individual user to a specialized server.


Solution implementation

Solution Implementation

  • The team is ready to implement a multi-layered system using the Data Center storage and Iron Mountain

  • Secure transmission using secure ftp and secure email for transmission of Protected Health Information.

  • Provision sufficient resources to implement a Citrix solution when needed, plan for FY 2012 or FY 2013.


Feasibility analysis

Feasibility Analysis

  • New Deployments (No teardown)

    • Storage/backup

    • Secure Email

    • Secure FTP

  • Maintenance Considerations for IT staff

    • Ensuring complete backups (Iron Mountain)

    • Enforcing Data Center SLA standards

    • Checking secure local storage

    • Maintaining VeriSign certificates for email and FTP

  • Processes invisible to end users!


The solution data center infrastructure iron mountain secure backup

The SolutionData Center – InfrastructureIron Mountain – Secure Backup

  • Iron Mountain (2.5 TB) - $193,500

    • Iron Mountain is an annual operating expense at $64,500/year

    • Operating costs affect Income Statement

  • Data Center (Infrastructure required) - $229,900

    • A capital expense at depreciates at $45,980/year over 5 years

    • Capital expenses affect the Balance Sheet

    • Maintenance approx 10% of purchase price, capitalized

  • Total - $412,900


  • Security of ehealth information hipaa compliance at hra

    Thank You

    Questions?


  • Login