Security of ehealth information hipaa compliance at hra
1 / 20

Security of eHealth Information HIPAA Compliance at HRA - PowerPoint PPT Presentation

  • Uploaded on

Security of eHealth Information HIPAA Compliance at HRA. Group: GTR ver M Grace Chen Taru Singhal Robert Szymanek Michael Parker. Agenda. Identify the Problem Compliance/Risk Storage Options Transmission Options Feasibility Analysis Final Recommendation. Identify the Problem.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Security of eHealth Information HIPAA Compliance at HRA' - oihane

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Security of ehealth information hipaa compliance at hra
Security of eHealth InformationHIPAA Compliance at HRA

  • Group: GTR ver M

    • Grace Chen

    • Taru Singhal

    • Robert Szymanek

    • Michael Parker


  • Identify the Problem

  • Compliance/Risk

  • Storage Options

  • Transmission Options

  • Feasibility Analysis

  • Final Recommendation

Identify the problem
Identify the Problem

  • Deficiencies in the process of storage/backup

    • Is the current data stored?

    • Is there a secure backup currently performed?

    • Is current data encrypted?

    • Currently how is data archived?

  • Deficiencies in the process of transmission

    • What is the best way to transmit data?

    • What Is the best encryption

    • Is E-mail safe? ftp/sftp?

Types of sensitive information
Types of Sensitive Information

  • Social Security numbers

  • Home addresses and telephone numbers

  • Personal and family health history

  • Bank accounts and credit card numbers

Why compliance
Why Compliance?

  • The HIPAA Privacy Rule applies to:

    • Health plans

    • Healthcare clearinghouses, part of an HIO

    • Healthcare providers that conduct covered transactions

  • Healthcare Information Organization (HIO) performs certain functions or activities which require access to PHI

  • Healthcare clearinghouses collect data such as PHI and data-mine them

Risk of non compliance
Risk of Non-Compliance

  • Federal Penalties

    • The U.S. Department of Health & Human Services has the authority to impose penalties of $100 to $50,000 or more per violation.

  • Criminal Penalties

    • The U.S. Department of Justice has the right to fine organizations and individuals who intentionally violate standards. The penalties range from $50,000 to $250,000, with various jail sentence lengths, depending on the offense.

Protect the organization
Protect the organization!

  • Encrypt data on servers and email

  • Restrict use of file sharing applications and portable devices

  • Provide protection against malware and attacks

  • Use comprehensive security policies

  • Log data points for compliance audits

Storage of

Protected Health Information

Opt 1: Data Center/Iron Mountain

Opt 2: Citrix Solution/Iron Mountain

Opt 1 data center infrastructure
Opt 1: Data Center Infrastructure

  • SAN/Servers - $160,000

  • Cisco - $24,000

  • VMware/Failover - $26,000

  • Applications (VeriSign, sftp) - $10,500

  • Contractors - $9,400

  • Total - $229,900

Opt 2 citrix solution
Opt 2: Citrix Solution

  • Citrix Access Gateway protects data using standards-based encryption technologies (SSL/TLS).

  • Secure remote access.

  • Leading SSL VPN performance and scalability.

  • Protect intellectual property with corporate policies.

  • Lets users work from anywhere.

Citrix solution estimate
Citrix Solution Estimate

  • Data Center (1,000 users) - $229,900

    • Same expense as for both solutions.

Opt 1 2 iron mountain services
Opt 1/2: Iron Mountain Services

  • Rapid recovery

  • Extremely high security

  • Reduce risk of server data loss and downtime

  • Continuous backup

  • Protection of open files and databases

  • Flexible retention periods

  • Access when and where you want it


Opt 1 2 iron mountain expenses
Opt 1/2: Iron Mountain Expenses

  • $2.15 per GB per month

  • HIPAA Retention Period is 7 years

Operating expense, non-capital

Transmission of

Protected Health Information

Data transmission secure ftp
Data Transmission - Secure FTP

  • Secure FTP can be used as a technical mechanism, protecting data in motion within a distributed healthcare system.

  • Secure Shell password controls file access.

  • Secure Shell encryption controls confidentiality of the information.

  • Server Event logs facilitates a security audit.

Data transmission secure email
Data Transmission - Secure Email

  • The primary rule within HIPAA that affects e-mail is the Security Rule.

  • Many encryption technologies require the user to become familiar with the use of plug-ins and other specialized “client-side” encryption software

  • Another issue faced by organizations is a lack of technological standards

  • The solution to each of these issues is to move the encryption responsibility from the individual user to a specialized server.

Solution implementation
Solution Implementation

  • The team is ready to implement a multi-layered system using the Data Center storage and Iron Mountain

  • Secure transmission using secure ftp and secure email for transmission of Protected Health Information.

  • Provision sufficient resources to implement a Citrix solution when needed, plan for FY 2012 or FY 2013.

Feasibility analysis
Feasibility Analysis

  • New Deployments (No teardown)

    • Storage/backup

    • Secure Email

    • Secure FTP

  • Maintenance Considerations for IT staff

    • Ensuring complete backups (Iron Mountain)

    • Enforcing Data Center SLA standards

    • Checking secure local storage

    • Maintaining VeriSign certificates for email and FTP

  • Processes invisible to end users!

The solution data center infrastructure iron mountain secure backup
The SolutionData Center – InfrastructureIron Mountain – Secure Backup

  • Iron Mountain (2.5 TB) - $193,500

    • Iron Mountain is an annual operating expense at $64,500/year

    • Operating costs affect Income Statement

  • Data Center (Infrastructure required) - $229,900

    • A capital expense at depreciates at $45,980/year over 5 years

    • Capital expenses affect the Balance Sheet

    • Maintenance approx 10% of purchase price, capitalized

  • Total - $412,900

  • Thank You