Threats From Within Are Now the #1 Concern for Most Healthcare Organizations

Similar documents
FairWarning Helps Northeastern Academic Health System Stay in Compliance with HIPAA Regulations

FairWarning Lightens Burdens, Increases Efficiency of Hospital CIO / Security Officer

Privacy Auditing in a Mixed McKesson Application Environment

Now you re ready. Philips HeartStart AED Services

National Hockey League : Engaging Fans and Retaining Site Visitors 45% Longer by Partnering with SAP Hybris

Digital empowerment for the Olympic Games

SALARY SURVEY OF SCRUM PROFESSIONALS sponsored by scrum alliance

Advanced SOC. Key Technologies for Security Operations. RSA Security Summit 2014 Advanced SOC. RSA Security Summit, 24 april 2014 Marcel Knippen

Accelerate Your Riverbed SteelHead Deployment and Time to Value

Practical Guide to ICD 10:

WHITE PAPER A Framework for Cyber Threat Hunting

Intelligent Ventilation solution from ICU to MRI

HAMILTON-C2 HAMILTON-C2. The universal ventilation solution

DIGITAL SOLUTIONS TRAINING CATALOGUE. QRA and CFD simulation. Phast, Safeti and KFX SAFER, SMARTER, GREENER

C O R P O R AT E B R O C H U R E

Supporting you in saving lives!

UNIVERSITY OF TENNESSEE GRADUATE SCHOOL OF MEDICINE INSTITUTIONAL REVIEW BOARD CONTINUING REVIEW AND REAPPROVAL OF RESEARCH

RESEARCH PROTECTIONS OFFICE

Operating Committee Strategic Plan

Minor Hockey Development Guide

section four The Value of Salt Lake 2002 Olympic Sponsorship The Salt Lake 2002 sponsorship overview

Case Study. PayPal s Sparkline Case Study. About Sparkline

Raise Your Hand If. Todays Cybersecurity Risks. June 14, WBA BOLT Summer Leadership Summit 1. May 4, 2018

GE Healthcare. Centiva/5 Critical Care Ventilator. Meet a new level of expectations

GUIDE TO RUNNING A BIKE SHARE. h o w t o p l a n a n d o p e r a t e a s u c c e s s f u l b i k e s h a r e p r o g r a m

Understanding safety life cycles

WINDS OF CHANGE GLOBAL FLEET & MRO MARKET FORECAST

Value - FIBA AML Certifications o FIBA AMLCA Certification o FIBA CPAML Certification

Best Practices of Basic Skills. The best practices of successful Basic Skills programs are comprised of four key ingredients:

Commercial/ Central IRB An independent organization that provides IRB review services

TRAINING and POLICIES FOR USE of AEROSOL DEFENSIVE DEVICES

Resource Sharing Protocol

Handicapping Process Series

The Kanban Guide for Scrum Teams

Strategic Plan

Valve Replacement: Using Non-Intrusive Isolation Technology to Minimize Production Downtime

Vendor Risk Management

WEALTH MANAGEMENT: ON YOUR TERMS

Global Expansion Guided by Long-term Perspectives and the Made in Toray * Spirit

P r o j e c t M a n a g e M e n t f o r I n t e r a c t I v e D I g I t a l M e D I a

Research Involving Human Subjects: AA 110.7

Lane Management System Team 1 Adam Pruim - Project Manager Curtis Notarantonio - Security/Safety Engineer Jake Heisey - Domain Expert/Customer

Business Plan Presentation

Canadian Ski Patrol System Strategic Plan Canadian Ski Patrol System Mission, Vision and Focus

Provider ICD 10 Compliant Release A S K E S I S W E B I N A R F E B R U A R Y 1 9,

Wimbledon IBM Client Centre London

Sport Hedge Millionaire s Guide to a growing portfolio. Sports Hedge

SIERRA-SACRAMENTO VALLEY EMS AGENCY PROGRAM POLICY REFERENCE NO. 474

Revenue Cycle Management and EHRs

X-FACTOR THINKING CHANGING THE WAY YOU THINK ABOUT DR A SINGLE DETECTOR. A FAMILY OF SOLUTIONS. DRX Family of Products

IN-PLANT TRAINING PROGRAM KNOWLEDGE BASED TRAINING DEVELOPMENT OF PRACTICAL SKILLSL SKILLS COMPREHENSIVE REFERENCE MATERIALS

Your Roadmap to Single IRB Review Serving as a Reviewing IRB

MDB Road Safety Initiative: A Development Priority

Corporate Overview and Product Summary

STRUCTURE OF THE IIHF

IDeA Competition Report. Electronic Swimming Coach (ESC) for. Athletes who are Visually Impaired

Panther 5 Acute Care Ventilator

SAFETY TRAINING and SERVICES CONFINED SPACE FALL PROTECTION EXCAVATION FORKLIFTS SCAFFOLD. Rescue. Spring D2000 Safety: Key Facts

Quick Reference Guide. Safety & Risk Management Committee Job Descriptions Hockey Canada Safety Program (HCSP) Guidelines 4.

County of Henrico Verification Originator Revised Issued Human Resources Initials Risk

New Zealand Thoroughbred Racing (NZTR) Job Description

CLEANSPACE PRODUCT LIST

Items 1, 2, 3, and 4: Origination, CHC-A details, Tracking status, Administrative details

Training Fees 3,400 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch.

Doppelmayr Connect: Welcome to the future

Better security for everyone!

Characteristics of a Professional Lifeguard

Resource Guide. Copyright 2017 Institute of Certified Management Accountants. Updated 8/30/17

INCREASING SCHOOL-YEAR ROAD SAFETY: PROVEN STRATEGIES YOU CAN USE NOW

2011 ScheduALL FOXTEL

STRATEGIC PLANNING FOR DEVELOPMENT OF THE OREGON SHORT LINE TERMINUS HISTORIC DISTRICT

SUBMITTED BY SIR CRAIG REEDIE, WADA PRESIDENT

Hazardous Waste Training Plan. Supersedes: 02/15/16 (Rev.02) Preparer: Owner: Approver: EHS Team Member EHS Team Member EHS Manager

CURRENT STATE OF U.S. AED LAWS

Data Mining Data is logged every 3 hours 11 parameters : 1. Number of call 2. Correspondents and calls pattern 3. Call duration 4. Circle of friend 5.

Click IRB Resources Frequently Asked Questions

NACTO Design Guides Training Program

High usability and simple configuration or extensive additional functions the choice between Airlock Login or Airlock IAM is yours!

HAMILTON-C3 HAMILTON-C3. The compact high-end ventilator

HEALTH CARE SYSTEMS RESEARCH NETWORK

METHODOLOGY. Signalized Intersection Average Control Delay (sec/veh)

Even Better Support For. Professional Rescuers

A Simple Visualization Tool for NBA Statistics

Supporting your patients every breath

CLINGING TO THE PAST APRIL 25, David A. Marcontell General Manager. AVIATION, AEROSPACE & DEFENSE Oliver Wyman

COACH PROGRAM The First Tee Master Coach

Agile Development with Scrum V 2.1ITC

INSPIRATIONAL SPEAKER ~ EXECUTIVE LIFE COACH

IRB COMPOSITION AND IRB MEMBER ROLES AND RESPONSIBILITIES

Company A Company A. Company A Board Meeting Presentation 12 th May 20XX

Hawai'i Rural Water Association Water Course Listing updated 10/4/18 HRWA COURSE TITLE COURE LENGTH (HRS) WBOC APPROVED CEU'S

Brevard County (Florida) Administrative Procedures

Job Description. Pool Supervisor (Seasonal) 4/3/2019 Page 1

Florida State University IRB Standard Operational Procedures

Required Courses. Total Hours 39

PRESS RELEASE FOR RELEASE AFTER SEPTEMBER 1, 2012

Progress with the Road Investment Strategy

FIBA AMLCA Tuesday October 11 and Wednesday October 12, 2011 George Town, Grand Cayman

RACING & WAGERING PERFORMANCE OVERVIEW

Advanced PMA Capabilities for MCM

Transcription:

Helen Blake, Executive Director, HIPAA Privacy and Security Office Client Profile The University of Miami Miller School of Medicine is comprised of three hospitals and a clinic system, serving more than 5 million patients in Florida, South America, and the Caribbean. It s a prestigious organization that has earned international acclaim for its advanced patient care capabilities, and for its accomplishments in the field of medical research. Challenge Healthcare is targeted by cybercriminals more than any other industry. Nearly every healthcare organization has suffered at least one recent data breach, with many experiencing multiple breaches. But internal threats from employees now represent the single greatest concern for most healthcare organizations. The UM School of Medicine sought help in countering those threats. Solution FairWarning Patient Privacy Intelligence and Managed Privacy Services Results Automated reports and trend-based visualization help the team stay on top of user activity in accessing medical records Communications and employee education about compliance has been enhanced Threats From Within Are Now the #1 Concern for Most Healthcare Organizations The University of Miami Miller School of Medicine is a large, widespread healthcare organization, with 10,000 employees serving more than 5 million patients. Recently, the executive director of the school s HIPAA Privacy and Security office was looking for some help in keeping the organization s EHRs safe.

2 Overview: The Greatest Danger Comes from Within We re living in a time of unprecedented danger for healthcare organizations. Technology has provided for the creation, storage, and management of electronic medical records, with capabilities that would have been virtually unimaginable only a few decades earlier. Along with those astounding capabilities comes extraordinary risks. Healthcare organizations are now targeted for data theft more than any other industry. According to the Ponemon Institute s Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data, nearly 90% of healthcare organizations have suffered data breaches in the past two years. Those breaches cost the industry more than $6 billion. 1 that nearly 70% of healthcare organizations are most worried about internal threats. Helen Blake, executive director of UM Miller School of Medicine s HIPAA Privacy and Security Office, certainly agrees. There s plenty to worry about from all of the sophisticated external threats. But what really keeps me up at night is the internal threat from employees whether it s an unintentional act of negligence, like losing a laptop, or an employee stealing information for nefarious purposes. But despite cybercriminals increasing focus upon healthcare, the Ponemon study shows What really keeps me up at night is the internal threat from employees. Helen Blake, Executive Director, HIPAA Privacy and Security Office

3 The Challenge: More Employees; More EHRs; More Problem Potential Miller employs thousands of people to staff its expansive healthcare system. And the system maintains hundreds of thousands of electronic health records. It's a combination that exposes organizations to a new level of risk. You need technology to monitor technology. How do you monitor in a tangible, demonstrable way such a large system that supports several hundred thousand records? That, in a nutshell, was the challenge faced by Helen s team before finding FairWarning. It s a challenge that s shared with countless healthcare organizations globally. And it s a relatively new challenge one that requires a far more proactive mindset than in times past. It s an outdated concept to think that you can just respond to complaints, Helen said. Storing, processing, and moving large volumes of electronic data is a relatively new thing. And the old reactionary compliance mindset should be a thing of the past. Helen noted that HHS is certainly taking proactive compliance very seriously. Electronic health records represent a massive asset for most healthcare organizations. They are very delicate assets that are quite vulnerable to breach or mishandling at most organizations. As technology and data become more important to our world, there s no way to monitor it effectively manually, Helen noted. You need technology to monitor technology. There s a certain amount of integrity that comes with having an objective third-party involved.

4 Solution: Visualization, Automation, and Third-Party Help How can healthcare organizations monitor and safeguard the massive amounts of data they re charged with protecting? Visualization and automation are key. Data Visualization One-click reporting Easy to read charts Multiple chart types Add to dashboards FairWarning provides the ability to visualize data in multiple ways. Spotting trends and monitoring user activity in health records are simple with visually intuitive reports and dashboards. FairWarning s customizable, proactive alerts serve to keep management informed of any issues that should trigger further investigation. But many healthcare organizations are trying to go it alone. They re attempting to build in-house systems for protecting and managing health records or, even worse, they re attempting to do it all manually. Helen understands that mindset, and even shares it to a degree: I m generally not a big believer in hiring consultants. I would rather do things locally, and build our own systems. So she experienced a little trepidation in getting started with FairWarning. But she recognized that it just didn t make sense to go at it alone in managing and monitoring their vast EHR system even with the considerable resources of an organization as large as the University of Miami. We have an unbelievably competent IT security team that I absolutely love. But at the end of the day, that s just not the best utilization of our resources, especially when something like FairWarning exists.

The Results: An Organization-Wide Impact 5 Is a picture really worth a thousand words? If it s the right picture, it s worth all of those words, and even more. Helen has found that FairWarning s visualization capabilities helps her team to consistently paint the right picture, enabling much more effective communications: FairWarning has helped me communicate more effectively with my various teams and with leadership. Perhaps more importantly, FairWarning s visualizations have made it possible to closely monitor employee activity. Highvolume activity reports are used to monitor employees that are accessing health records at unusually high rates, or at accelerating rates. Managers and supervisors shared that the reports are instrumental in identifying and tracking employees that are accessing high volumes of records. The reports also help HR representatives understand employee activities pertinent to investigations. And the school s HIPAA Privacy and Security Office is spreading the word about FairWarning and compliance protocols organization- wide (and that encompasses quite a large group: 10,000 employees). Helen s team wants to be certain that all employees understand what the team is monitoring, and how they re using FairWarning in the process. We do a lot of live training sessions with all of our hospitals and departments, Helen explained. We implement FairWarning into our educational sessions and our training modules, so they can better understand what our office does, and what is required by HHS. We re trying to reach out to all employees about HIPAA and FairWarning. Ultimately, FairWarning helps to build trust, both internally and externally. It shows that there is an established process, supported by an established tool, that reflects the organization s intent to handle their electronic health records and patient information responsibly, and with integrity, Helen said. And that goes a long way toward creating trust within a community and within a regulatory context. Key benefits that FairWarning provides to the UM Miller School of Medicine team includes: Advanced Visualization Capabilities How can large healthcare organizations like UM Miller School of Medicine protect the massive volumes of data that patients entrust to them? Visualization. FairWarning s advanced visualization capabilities provides a quick, intuitive interpretation of statistical analysis and user behavior trends. FairWarning s ability to present data visualizations in multiple, customizable chart and report formats assure that data is presented in ways best suited for each customer. And FairWarning s Managed Privacy Services team can help each customer set-up the visualizations that are most effective for their organization.

5 Statistical Analysis of User Behavior For many years, FairWarning has provided a library of scenarios and analytics that included capabilities such as sequential medical records access, threshold reporting, and many other important functionalities. Those foundational capabilities have been significantly expanded to include the statistical analysis of user behavior. This expanded functionality provides the ability to: Compare a user s behavior over time Compare users with their peers Analyze and visualize user behavioral trends! Condensing a 10-Minute Conversation Into a 5-Second Snapshot The leadership of any large organization is comprised of very busy people. When you get an audience with this group, it s not for long. And you d better make the most of it. Helen found that FairWarning helped her do just that. 6 Statistical analysis of user behavior can reveal indications that the user has begun to engage in nefarious activities. It can also provide warning that a user s credentials have been compromised through cyber- criminal activities such as phishing attacks. Ease-of-Use Enabling Optimized Workflows FairWarning recognizes that complexity is the enemy of operational excellence. That s why FairWarning s Patient Privacy Intelligence platform is designed to provide an easy-to-use experience. Advanced capabilities such as customizable user alerts, automated assignment of alerts, and delegated investigation management, assure that FairWarning eases administrative burdens rather than compounding them. Education and Training Tools Making the most of any application requires that users are educated about the capabilities of the application, and well-trained in the use of the application. FairWarning offers a broad range of training and educational tools that include: Interactive online instructor-led classes On-demand training sessions FairWarning s Certified Professionals Training Program FairWarning s visualizations helps me to communicate more effectively with my teams, and with leadership. I can reduce ten minutesworth of conversation into an intuitive visual depiction that delivers its message with just a five-minute glance. For us, FairWarning has been a highly effective communication tool. 1. Ponemon Institute. Nearly 90 Percent of Healthcare Organizations Suffer Data Breaches, New Ponemon Study Shows. http://www.ponemon.org/blog/sixth-annual-benchmark-study-on-privacy-security-of-healthcare-data (accessed April 13, 2017).

About Miller School of Medicine The University of Miami Miller School of Medicine is a massive healthcare system. The organization is comprised of three hospitals and a clinic system, serving more than 5 million patients in Florida, South America, and the Caribbean. It s a prestigious organization that has earned international acclaim for its advanced patient care capabilities, and for its accomplishments in the field of medical research. 7 About FairWarning FairWarning strives to protect the health, wealth, and personal information for every person on Earth. The company s industry-leading, affordable application security solutions provide data protection and governance for Electronic Health Records (EHRs), Salesforce, Office 365, and hundreds of other applications. FairWarning solutions protect organizations of all sizes against data theft and misuse through real-time and continuous user activity monitoring and improve compliance effectiveness with complex federal and state privacy laws such as HIPAA, PCI, FINRA, SOX, FISMA and EU Data Protection Act. FairWarning catches people stealing your data. 13535 Feather Sound Drive, Suite 600 Clearwater, Florida 33762 USA For more information, please visit www.fairwarning.com 727-576-6700 Solutions@FairWarning.com Copyright 2004-2019 FairWarning, Inc. All rights reserved. Various trademarks held by their respective owners.

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback