About Viruses
Download
Report
Transcript About Viruses
D
E
DATA ENSURE INC.
798 PARK AVE. NW
SUITE 204
NORTON, VA 24273
(276) 679-7900
WWW.DATAENSUREINC.COM
SECURITY
&
HIPAA
1
D
E
DATA ENSURE INC.
798 PARK AVE. NW
SUITE 204
NORTON, VA 24273
(276) 679-7900
WWW.DATAENSUREINC.COM
HIPAA Compliance
Complying with HIPAA is challenging
because this regulation affects so
many areas, including standards for
transactions, rules for data
privacy/security, standards for clinical
records and more.
2
HIPAA Background
In August of 1996, Congress enacted the Health
Insurance Portability and Accountability Act.
(HIPAA) The goals of the legislation are to
reduce the administrative costs of healthcare, to
develop standard transactions for consistency
industry wide, to require broad security and
disaster recovery protections for “individually
identifiable healthcare information”, to promote
confidentiality of patient records and to provide
an incentive for the healthcare companies to
communicate electronically.
3
HIPAA Background
Any health care provider organization,
office, or plan that electronically maintains
or transmits health information pertaining
to an individual must comply with HIPAA
regulations. These federally governed
regulations will require strict standards
for Security and Disaster Recovery.
4
Who Must Comply ?
Those who must comply with HIPAA fall
into two categories:
Covered Entities
Business Associates
.
5
HIPAA Overview
HIPAA consists of five parts:
Title1 - Health Insurance Portability - helps workers
maintain insurance coverage when they change jobs
Title 2 - Administrative Simplification - standardizes
electronic health care-related transactions, and the
privacy and security of health information
Title 3 - Medical Savings Accounts & Health Insurance
Tax Deductions
Title 4 - Enforcement of Group Health Plan provisions
Title 5 - Revenue Offset Provisions
6
The Security Rule
The Final Security Rule was published in
February 2003, and became effective on
April 21, 2003. Compliance with this Rule
has been required sense April 21, 2005.
7
The Security Rule
The Security Rule legislates the means
that should be used to protect ePHI
(electronic Protected Health Information).
It requires that covered entities have
appropriate Administrative Procedures,
Physical Safeguards, and Technical
Safeguards to protect access to ePHI.
8
Examples of Appropriate
Safeguards Include:
Establishment of clear Access Control policies,
procedures, and technology to restrict who has
authorized access to ePHI.
Establishment of restricted and locked areas
where ePHI is stored.
Establishment of appropriate Data Backup,
Disaster Recovery, and Emergency Mode
Operation planning.
Establishment of technical security mechanisms
such as encryption to protect data that is
transmitted via a network.
9
The Security Rule
Two Rules for Discussion are:
164.308(a)(7)(ii)(A)
Data Backup Plan (R)
164.308(a)(7)(ii)(B)
Disaster Recovery Plan (R)
10
Disaster Recovery Planning
Disaster recovery planning is a necessary
and vital part of any healthcare delivery
organization. How does an institution
recover from something as simple as a
hardware or software failure or as
catastrophic as the loss of a complete data
center? How long can data be unavailable
before it impacts patient care?
11
Disaster Recovery Planning
These are precisely the situations that the
Security Standard was intended to
address by ensuring confidentiality,
integrity and availability of patient
information. To that end, disaster recovery
planning should be viewed as a plan for
business continuity and, further, as an
opportunity to minimize the costs
associated with regulatory compliance.
12
What is Required for a Disaster
Recovery Plan?
What should be included in the disaster
recovery strategy? Considerations must
include the end-user’s specific needs, the
location and storage of the critical data,
and every component in-between. The
plan must allow a covered entity to recreate the entire infrastructure necessary
to guarantee information availability.
13
Why Backup?
It is an integral part of any Disaster
Recovery Plan. The amount of data
stored electronically is growing and your
practice relies on it to conduct efficient and
proper patient care.
What if you lost your scheduling software?
How long would it take to recreate it?
14
Who Performs Data Backups?
It is estimated that less than 30% of businesses,
properly protect their computer data.
Healthcare related businesses do better job.
Proper backups can ensure that your business /
practice survives computer related disasters no
matter how big or small.
15
How Often?
Backups should be done on a schedule. Daily would be
ideal. Most businesses don't do this for one reason or
other; they don't keep a regular backup regimen.
Usually it's because the person responsible for doing
backups (if there is one) is too busy doing something
else, or someone is using the computer when it's time for
a backup, or they simply forget.
It should be automated so as not to depend on any one
person.
16
Why Off-Site Backups?
Of the estimated ten percent of companies that
follow all the other rules for safe backups, only
five percent follow this one. This is where
almost every business makes its biggest
mistake.
Even if you do everything else perfectly, your
backups are of little use if your building burns or
you are unable to physically recover your data
backup media.
17
Redundancy!
Why?
The general definition of "proper" backups
requires redundancy. That is, one must keep
multiple copies of the same files at different
points in their development, called versions.
Part of the reason for doing backups is to be
able to revert to the previous version of a file in
case a virus, hardware failure, or human error
damages the current version.
18
Redundancy!
Why?
If you copy new files over old ones you may lose
your only backup by inadvertently copying a
damaged file over it. This is much too important
to overlook.
19
What Data is Backed Up?
Most hard drives contain thousands of files, but
only a small percentage of them contain your
Critical Data. Find out which ones, and be sure
you are backing them up.
Ordinary backup software is often installed with
a list of files to be backed up. This set of files
usually represents the state of the system when
the software was installed, and often misses
critical files.
20
What about Security?
Of the very small percentage of companies that take
their backups off-site regularly, an even smaller
percentage encrypts their backups for security.
Most of those send backups home with an employee
who might make a few stops on the way. If backups are
stolen or lost, your ePHI data could easily end up in the
hands of ?????????????.
21
What about Security?
Would you want someone to be able to
slip one of your backup tapes into a pocket
and take it to ??????? It happens. Tape
backups are not generally encrypted, so
anyone can read them and gain access to
your patient database, billing records,
payroll, tax info, and everything else on
your computer.
22
What about Security?
Jane Doe
Birth date
Address
Condition
Medications
Treatments
Insurance
23
Data Encryption
è &
(
(
@
€
€ €
€€ € € € €€ €€€ ÀÀÀ ÿ ÿ ÿÿ ÿ ÿ ÿ ÿÿ ÿÿÿ
wwwwwwwwwwwwwwp DDDDDDDDDDDDDDp ÿÿÿÿÿÿÿÿÿÿÿÿ
ÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿ
ÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿ
ÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿô
p ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿ
ÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿÿÿÿôp ÿÿÿÿÿÿÿÿÿÿ
ÿÿÿôpˆˆˆˆˆˆˆˆˆˆˆˆˆ„pDDDDDDDDDDDDDDpLLLLLLLLLNÎÎItpÌÌÌÌ
ÌÌÌÌÌÌÌÌÌÄ DDDDDDDDDDDDD@
ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÀ €
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
€
À ÿÿÿÿÿÿÿÿÿÿÿÿ(
À
€ € €€ € € €
€€ €€€ ÀÀÀ ÿ ÿ ÿÿ ÿ ÿ ÿ ÿÿ ÿÿÿ
wwwwwwwDDDDDDDGOÿÿÿÿÿøGOÿÿÿÿÿøGOÿÿÿÿÿøGOÿÿÿÿÿø
GOÿÿÿÿÿøGOÿÿÿÿÿøGOÿÿÿÿÿøGOÿÿÿÿÿøGHˆˆˆˆˆˆGLÌÌÌÌÌÌGÄDDD
DDDÀ
ÿÿ €
ÿÿ ÿÿ
24
What is RDB?
Remote Data Backup works basically like
regular tape backups, with one important
difference.
Instead of sending backups to a tape drive
or other media, Remote Data Backup
sends it over the internet to another
computer safely off-site.
25
What is RDB?
It does this (usually) at night while the practice is
closed and nobody is using the computers. And
it's completely automatic.
Remote Data Backup encrypts its backups for
complete security so nobody can read them.
Only Remote Data Backup has such an easy to
use version control system. Further, you should
be able to easily restore any of your files up to
any given point in time.
26
Remote Data Backup
From Data Ensure, Inc.
Can be your data backup solution. It
provides you with secure encrypted data
storage and recovery and automatic
backups. It meets HIPAA compliance
standards for electronic transactions
through the use of encryption and
passwords in a secure environment.
27
THANK YOU FOR ATTENDING!!!
E
DATA ENSURE INC.
798 PARK AVE. NW, SUITE 204
NORTON, VA 24273
(276) 679-7900
WWW.DATAENSUREINC.COM
28