ebook img

Privacy & security: coordinating activities within amcs PDF

34 Pages·2017·1.7 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Privacy & security: coordinating activities within amcs

PRIVACY & SECURITY: COORDINATING ACTIVITIES WITHIN ACADEMIC MEDICAL CENTERS SPEAKERS & HEALTH SYSTEMS / AMCS David Behinfar, JD, LLM, CHC, CHRC, CCEP, HCISPP, CIPP/US Chief Privacy Officer UNC Health Care System Colleen Ebel, Chief Information Security Officer UNC Health Care System SPEAKERS & HEALTH SYSTEMS / AMCS  Terry Ziemniak Assistant Vice President and Chief Information Security Officer Carolinas Healthcare System WWW.LINKEDIN.COM/IN/TERRYZIEMNIAK SPEAKERS & HEALTH SYSTEMS / AMCS • The University of Arizona is the leading public research university in the American Southwest. • University of Arizona Health Sciences (UAHS) is comprised of five academic colleges:  College of Medicine-Tucson  College of Medicine-Phoenix  College of Nursing  College of Pharmacy Katherine Georger, JD, CHC, CHRC, CIPP/US  College of Public Health HIPAA Privacy Officer • Affiliation agreements with two The University of Arizona healthcare partners: • Banner Health (Banner University Medicine) • Dignity Health d/b/a St. Joseph’s Hospital & Medical Center (UA Cancer Center) THE IMPORTANCE OF BUILDING A COLLABORATIVE RELATIONSHIP BETWEEN INFORMATION SECURITY AND PRIVACY IN AN ACADEMIC MEDICAL CENTER OVERVIEW  Recent Breaches and Implications for AMCs  AMCs: Big Data Research and Quality Improvement Activities  Unique challenges for Privacy and Security Offices  Importance of Shared Core Values  Case Examples NON HEALTHCARE ENTITY AND HEALTHCARE ENTITY BREACHES  Yahoo (500 million accounts) possible state sponsored attack lead to data theft of names, email address, contact information and security questions/answers (Sept 2016)  America’s JobLink (4.8 million users) ‘code misconfiguration’ lead to unauthorized access to full name, birth dates and Social Security number (3/12/2017)  Internal Revenue Services (700,00 records) “Get Transcript” online application was hacked. IRS thinks “identities were stolen to file fraudulent tax returns in the future.” (2/29,2016)  Banner Health (3.7 million individuals) was breached by attacker by means of their point of sales devices (7/13/2016).  Newkirk (3.3 million BCBS customers) attacker gained access by means of an administrative portal on third party application (8/5/2016)  21st Century Oncology (2.2 million records) cyber intruder accessed database (3/4/2016)  HHS/OCR Wall of Shame May 1 – May 9 2017.  16 reported breaches  31,250 records ACADEMIC MEDICAL CENTERS/UNIVERSITY BREACHES IN THE NEWS…  Feinstein Institute for Medical Research (stolen unencrypted laptop 13,000 subjects) failed to conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI $3.9 million (3/17/16)  UMass Amherst (malware infected workstation impacted1,670 individuals) UMass failed to designate all of its Health Care Components when hybridizing, incorrectly determining that SLH Center where the breach of ePHI occurred, were not covered components. $650,000 (11/22/2016)  University of Mississippi Medical Center (password protected computer stolen from ICU 10,000 individuals) OCR found that UMMC was aware of risks & vulnerabilities dating back to 2005, but no significant risk management activity occurred until after breach. $2.75 million (7/25/2016)  Oregon Health & Science University (unencrypted laptop (4,022) , unencrypted thumb drive or cloud (3,044)) Found widespread vulnerabilities in HIPAA compliance program. Students/residents used unencrypted thumb drives or cloud-based solution without a BAA. Plus 2 large breaches 2009 & 2012 (unencrypted laptop, unencrypted thumb drive impacting 15,000 patients). $2.7 million (7/18/2016)  University of Washington Medicine Failure to implement policies to prevent, detect, contain, and correct security violations. Employee downloaded email containing malware – affecting 90,000 individuals/patients who had their ePHI accessed. Underscores need for organization-wide risk analysis. $750,000 (12/14/2015)  New York Presbyterian/Columbia University (disclosure of ePHI of 6,800). NYP & CU are separate covered entities participating in an affiliation $4.8 million (5/7/2014) Two years later, NYP paid another $2.2 million (4/21/2016) for the unauthorized filming of two patients.  UCLA Health Between 2005-2008, unauthorized employees repeatedly access patient PHI. $865,000 (7/11/2011). July 2015 announced breach impacting approximately 4.5 million patients; November 2016, UCLA investigating similar claims of staff snooping in Kanye West’s records. RECENT DATA BREACH STATISTICS – HEALTHCARE • “The healthcare industry is being hunted and hacked by the elite financial criminal syndicates that had been targeting large financial institutions until they realized health-care databases are more valuable,” said Tom Kellermann, chief cybersecurity officer at Trend Micro Inc. http://www.bloomberg.com/news/articles/2015-05-07/rising- cyber-attacks-costing-health-system-6-billion-annually • Medical records, which often contain Social Security numbers, insurance IDs, addresses and medical details, sell for as much as 20 times the price of a stolen credit-card number, according to Dell SecureWorks, a unit of Dell Inc. http://www.experian.com/assets/data-breach/white- papers/2015-industry-forecast-experian.pdf https://www.forbes.com/sites/danmunro/2015/12/31/data-breaches-in-healthcare-total- over-112-million-records-in-2015/#47a9cabd7b07 DATA BREACH STATISTICS

Description:
America's JobLink (4.8 million users) 'code misconfiguration' lead to unauthorized Stolen patient health records can earn as much as $363 per record https://www.healthcare-informatics.com/news-item/population-health/ Knowledge-seeking is integral to ongoing management Center (PTC).
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.