SlideShare uma empresa Scribd logo

Avior Healthcare Security Compliance Webcast Final1

J
jhietala

Slides from Avior HIPAA compliance webcast

TecnologiaNotícias e política
1 de 26
Baixar para ler offline
Webcast: Complying with HIPAA Privacy and C l i ith Pi d Security Standards
Agenda: • Healthcare IT Trends  Jim Hietala, Compliance Research Group • Recovery Act of 2009, and HITECH Act, Security   and Compliance Implications  Karl Muenzinger, Janus Associates Karl Muenzinger Janus Associates • Overview of Avior Computing Solutions Bruce Beck, VP Business Development, Avior Bruce Beck, VP Business Development, Avior • Demonstration: Converged privacy/security  assessments for healthcare organizations g Jeri Teller‐Kanzler, President Risk‐ Jeri Teller‐Kanzler, President Risk‐Mapp • Q&A
Trends in IT and Healthcare Government: • Electronic Health Record adoption push Electronic Health Record adoption push • Health Information Networks (HIE’s, RHIN’s,  NHIN) IT Access and Network Changes: • Growth in wireless network adoption, mobility Growth in wireless network adoption mobility • Guest network access • I te i i of IT a d li i al de i e i Intermixing of IT and clinical devices in  healthcare networks
2009 Stimulus Bill  Brings New HIPAA Requirements The Health Information Technology for Economic  and Clinical Health (HITECH) Act • I l d d i th A Included in the American Recovery and Reinvestment Act of 2009 (ARRA) i R dR i t t A t f 2009 (ARRA) Data Breach Protections • Prevent Data Breaches of Protected Health Records (PHR) Prevent Data Breaches of Protected Health Records (PHR) • Increase penalties August 2009:  Guidance from HHS and FTC • HHS Office of Civil Rights takes over HIPAA enforcement • Interim final rule for Breach Notification for Unsecured Protected Health  Information (45 CFR Parts 160 and 164) • The Federal Trade Commission Health Breach Notification Rule: (16 CFR Part  ( 318) and Notice of Breach of Health Information (procedure)
The Impact on HIPAA Compliance An increase in SCOPE ‐ More organizations are subject to HIPAA An Increase in DEPTH ‐ HIPAA compliance programs require greater due‐diligence HIPAA compliance programs require greater due‐ An increase in ENFORCEMENT: A i An increase in ENFORCEMENT: i ENFORCEMENT ‐ More government oversight, higher penalties PENALTIES FOR HIPAA VIOLATIONS Prior  ARRA / HITECH penalties Amount per violation $100 $100 ‐ $50,000 Maximum per year $25,000 $5,000,000
Data Breach “the unauthorized acquisition, access, use or disclosure of PHI” “the unauthorized acquisition access use or disclosure of PHI” Data Breach Notification Law: Protect PHI  ‐ Encryption during Transmission ‐ Encryption during Storage ‐ Secure Disposal of PHI on paper, film, or disk Public Notification of Data Breaches  starting in September 2009  ‐ Covered Entities and Business Associates will be required to Covered Entities and Business Associates will be required to  notify the public ‐ HHS will post a public list of major data breaches: increase in  reputational risk p ‐ The FTC must be notified, for organizations not otherwise  covered by HIPAA
The Increased Oversight of Business  Associates Business Associates must comply with HIPAA  Business Associates must comply with HIPAA Privacy and Security rules (sec 13401.(a)) ‐ Civil and criminal penalties (sec 13401) ‐ Data Transmission Service Providers are included (sec 13408) Data Transmission Service Providers are included (sec 13408) Covered Entities are accountable for their  Business Associates ‐ Data Breach Notification rules for Covered Entities include data  breaches of their Business Associates (sec 13402) ‐ Business Associate Agreements must be revised by February 17,  2010 ‐ Best Practices: require Business Associates to agree to  independent inspection of security controls
Compliance and Risk Assessments of Business Associates of Bu i e A o iate Locate and document all PHI sent to third parties Assign the controls required for each Business Associate • Specify all data‐handling requirements in Business Associate Agreements Specify all data‐ Collect Evidence of Controls for each Business Associate Assess the evidence identify risks take action Assess the evidence, identify risks, take action   
Strategies for Covered Entities and  Business Associates Business Associates Covered Entities: • Used a Tiered Approach: Categorize your Business Associates ‐ based on the PHI being handled, and other risk factors • Tailor the Assessment methodology for each Tier  ‐ Efficiently expending resources on the tiers of highest risk. • Use Risk Assessments to Reduce Business Associate risks  ‐ Leverage the results during negotiations for future outsourced services Business Associates: • Establish a HIPAA Compliance Program:  p g ‐ Conduct a HIPAA Risk Assessment and Gap Analysis • Coordinate with the Compliance teams of your customers ‐ Align your policies and procedures proactively Both: Your customers will be asking more about your security B th Y t ill b ki b t it • Honesty Builds Trust – Trust Leads to Investment   Honesty Builds Trust –
About JANUS Associates: J Focused on Information Security and Business  Continuity consulting for two decades • St f d Alb Stamford, Albany, Boston, Baltimore, Silver Spring MD  B t B lti Sil S i MD • Privately held, independent, woman‐owned business Privately held, independent, woman‐ Consulting Services: • Information Security & Privacy Information Security & Privacy • Business Continuity/Pandemic/DR Planning • Regulatory Compliance, including PCI • Security Awareness Training • Breach Response and Computer Forensics • Electronic Discovery Avior business partner www.JANUSassociates.com 203‐251‐ 203‐251‐0200
Bruce Beck, VP Business Development Compliance… Know it Now! www.aviorcomputing.com
Risk & Compliance Process Risk Assessment Scope People Distribute Review and Assessment Remediation Questionnaires Process Technology Reporting Manage And Analysis Collection Process
Risk & Compliance Chaos
Adding to the Challenge Many overlapping compliance  requirements Fragmented compliance projects  F t d li j t spread over many regulations,  business units & third party  providers…silos  id il “70% of organizations are treating each compliance regulation 70% of organizations are treating each compliance regulation  as a silo; Inefficient, expensive, Can’t leverage common controls  and assessments, Annoying to business owners and vendors” – Compliance Marketing Group
Survey Fatigue “Assessment is the cornerstone of any GRC methodology; you  have to know where you are with risk to know where you need  h t k h ith i k t k h d to go. Avior provides a platform to make this process easy,  repeatable and sustain‐able across your entire enterprise.” repeatable and sustain‐ p y p ‐ Steve Katz, Fmr. CISO,  Citigroup and JP Morgan  Overlapping regulations & standards   create “survey fatigue” for business  y g owners and suppliers
Bring order to Chaos Optimize Control Framework  Pre‐ Pre‐configured, Dynamic  mapping of Regulations,  Standards, Frameworks and  Policies P li i Mappings & content are kept  current for you by Avior Advanced scoring and  weighting rubric Assess Once, comply many  times, to many things
Avior’s Solution Dynamic Assessment & Remediation Executive Dashboards Reporting  Repurposing   • Visibility,  Reporting & Analysis • Managing Assessment and Remediation Managing Assessment and Remediation  Process • Creating, Weighting & Scoring Assessments Assessment Designer Associator  ‐ Associator  ‐ Avior ClearView
Map & Associate • Subscription Based Offering • Updated quarterly Updated quarterly  • Custom Configured  authoritative sources authoritative sources • Easily integrate your policies  and corporate objectives p j
Enhanced Assessment Experience • Easy to use assess e t edito Easy to use assessment editor • Incorporate notes and attachments • Weight the response to questions Weight the response to questions • User Friendly Workflow • Intuitive responder interface Intuitive responder interface 
Remediation • Classifying & Tracking  the  Remediation  Process • Full Reporting Capabilities • Allocate Remediation Resources
Visibility ‐ Visibility ‐ Reporting & Dashboards  • Executive Level User Interface • D Dynamic Data Rendering  i D t R d i • Standard Suite of Reports • Role Based Reporting Role Based Reporting  • PDF, excel & Graphical
Avior automated risk & compliance workflow Risk Assessment • Develop assessments • Set Frequency Scope • Determine scoring Risk process lifecycle support Linked to remediation management Prebuilt assessment library Dynamic mapping • Ensure completion Distribute • Determine risks to Review and Assessment •Determine business owners remediate Remediation R di ti Questionnaires •Manage • Manage remediation distribution workflow Automated review, scoring, and reporting Workflow management Forced evidence collection Response weighting Reporting Manage • Score results • Manage Reminders And Analysis Collection Process • Escalate as necessary • Determine key risks • Report to management • Review for completeness
Achieve better results • Significant reduction in governance,  p risk and compliance costs  • Improve control of risk management  and compliance  p = Improved • Increase  executive visibility of  management enterprise  risks  p • Organize compliance with a  repeatable and sustainable process p p
Risk & Compliance ‐ Risk & Compliance  Know it Now! Risk & Compliance ‐ Know it Now!
Jeri Teller‐ Jeri Teller‐Kanzler President of Risk‐ President of Risk President of Risk‐Mapp Demonstration of ClearView and Demonstration of ClearView and  BenchMark H lh Healthcare assessment addressing HIPAA,  dd i HIPAA and new healthcare guidance Mapping of HIPAA, NIST 800‐ Mapping of HIPAA, NIST 800‐66, and other  standards and regulations
Questions & Answers Questions & Answers For Additional Information: For Additional Information: Avior Computing • Bruce Beck Bruce Beck BBeck@Aviorcomputing.com 603‐964‐ 603‐964‐8040 Janus Associates • James Adams jamesa@janusassociates.com ja e a@ja u a o iate o 203‐251‐ 203‐251‐0200 26

Recomendados

Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?Redspin, Inc.
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 

Recomendados

Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?Redspin, Inc.
 
RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™RiskWatch for HIPAA Compliance™
RiskWatch for HIPAA Compliance™CPaschal
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcementsupportc2go
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeMedSafe
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1Bryan Cline, Ph.D.
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MassEHealth
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 

Mais conteúdo relacionado

Mais procurados

Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcementsupportc2go
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeMedSafe
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1Bryan Cline, Ph.D.
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MassEHealth
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannFrank Siepmann
 

Mais procurados (20)

Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafe
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
Medical device security presentation - Frank Siepmann
Medical device security presentation - Frank SiepmannMedical device security presentation - Frank Siepmann
Medical device security presentation - Frank Siepmann
 

Semelhante a Avior Healthcare Security Compliance Webcast Final1

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 
OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?ID Experts
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due DiligenceResilient Systems
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)Tuan Phan
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planninggoreankush1
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceCompliancy Group
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 
CUAS Data Journey V3
CUAS Data Journey V3CUAS Data Journey V3
CUAS Data Journey V3Naveen Jain
 
Internal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approachInternal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approachsubbusai82
 
TrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc
 
Compliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdfCompliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdfAmyPoblete3
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S proaxissolutions
 

Semelhante a Avior Healthcare Security Compliance Webcast Final1 (20)

TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?OCR HIPAA Audits…Will You Be Prepared?
OCR HIPAA Audits…Will You Be Prepared?
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)TrustedAgent and Defense Industrial Base (DIB)
TrustedAgent and Defense Industrial Base (DIB)
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
Vendor Management Buyers Guide
Vendor Management Buyers GuideVendor Management Buyers Guide
Vendor Management Buyers Guide
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
 
CUAS Data Journey V3
CUAS Data Journey V3CUAS Data Journey V3
CUAS Data Journey V3
 
Internal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approachInternal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approach
 
TrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA ComplianceTrustArc Webinar: DPIA Compliance
TrustArc Webinar: DPIA Compliance
 
Compliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdfCompliance 101 HITRUST Update.pdf
Compliance 101 HITRUST Update.pdf
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Avior Healthcare Security Compliance Webcast Final1

  • 1. Webcast: Complying with HIPAA Privacy and C l i ith Pi d Security Standards
  • 2. Agenda: • Healthcare IT Trends  Jim Hietala, Compliance Research Group • Recovery Act of 2009, and HITECH Act, Security   and Compliance Implications  Karl Muenzinger, Janus Associates Karl Muenzinger Janus Associates • Overview of Avior Computing Solutions Bruce Beck, VP Business Development, Avior Bruce Beck, VP Business Development, Avior • Demonstration: Converged privacy/security  assessments for healthcare organizations g Jeri Teller‐Kanzler, President Risk‐ Jeri Teller‐Kanzler, President Risk‐Mapp • Q&A
  • 3. Trends in IT and Healthcare Government: • Electronic Health Record adoption push Electronic Health Record adoption push • Health Information Networks (HIE’s, RHIN’s,  NHIN) IT Access and Network Changes: • Growth in wireless network adoption, mobility Growth in wireless network adoption mobility • Guest network access • I te i i of IT a d li i al de i e i Intermixing of IT and clinical devices in  healthcare networks
  • 4. 2009 Stimulus Bill  Brings New HIPAA Requirements The Health Information Technology for Economic  and Clinical Health (HITECH) Act • I l d d i th A Included in the American Recovery and Reinvestment Act of 2009 (ARRA) i R dR i t t A t f 2009 (ARRA) Data Breach Protections • Prevent Data Breaches of Protected Health Records (PHR) Prevent Data Breaches of Protected Health Records (PHR) • Increase penalties August 2009:  Guidance from HHS and FTC • HHS Office of Civil Rights takes over HIPAA enforcement • Interim final rule for Breach Notification for Unsecured Protected Health  Information (45 CFR Parts 160 and 164) • The Federal Trade Commission Health Breach Notification Rule: (16 CFR Part  ( 318) and Notice of Breach of Health Information (procedure)
  • 5. The Impact on HIPAA Compliance An increase in SCOPE ‐ More organizations are subject to HIPAA An Increase in DEPTH ‐ HIPAA compliance programs require greater due‐diligence HIPAA compliance programs require greater due‐ An increase in ENFORCEMENT: A i An increase in ENFORCEMENT: i ENFORCEMENT ‐ More government oversight, higher penalties PENALTIES FOR HIPAA VIOLATIONS Prior  ARRA / HITECH penalties Amount per violation $100 $100 ‐ $50,000 Maximum per year $25,000 $5,000,000
  • 6. Data Breach “the unauthorized acquisition, access, use or disclosure of PHI” “the unauthorized acquisition access use or disclosure of PHI” Data Breach Notification Law: Protect PHI  ‐ Encryption during Transmission ‐ Encryption during Storage ‐ Secure Disposal of PHI on paper, film, or disk Public Notification of Data Breaches  starting in September 2009  ‐ Covered Entities and Business Associates will be required to Covered Entities and Business Associates will be required to  notify the public ‐ HHS will post a public list of major data breaches: increase in  reputational risk p ‐ The FTC must be notified, for organizations not otherwise  covered by HIPAA
  • 7. The Increased Oversight of Business  Associates Business Associates must comply with HIPAA  Business Associates must comply with HIPAA Privacy and Security rules (sec 13401.(a)) ‐ Civil and criminal penalties (sec 13401) ‐ Data Transmission Service Providers are included (sec 13408) Data Transmission Service Providers are included (sec 13408) Covered Entities are accountable for their  Business Associates ‐ Data Breach Notification rules for Covered Entities include data  breaches of their Business Associates (sec 13402) ‐ Business Associate Agreements must be revised by February 17,  2010 ‐ Best Practices: require Business Associates to agree to  independent inspection of security controls
  • 8. Compliance and Risk Assessments of Business Associates of Bu i e A o iate Locate and document all PHI sent to third parties Assign the controls required for each Business Associate • Specify all data‐handling requirements in Business Associate Agreements Specify all data‐ Collect Evidence of Controls for each Business Associate Assess the evidence identify risks take action Assess the evidence, identify risks, take action   
  • 9. Strategies for Covered Entities and  Business Associates Business Associates Covered Entities: • Used a Tiered Approach: Categorize your Business Associates ‐ based on the PHI being handled, and other risk factors • Tailor the Assessment methodology for each Tier  ‐ Efficiently expending resources on the tiers of highest risk. • Use Risk Assessments to Reduce Business Associate risks  ‐ Leverage the results during negotiations for future outsourced services Business Associates: • Establish a HIPAA Compliance Program:  p g ‐ Conduct a HIPAA Risk Assessment and Gap Analysis • Coordinate with the Compliance teams of your customers ‐ Align your policies and procedures proactively Both: Your customers will be asking more about your security B th Y t ill b ki b t it • Honesty Builds Trust – Trust Leads to Investment   Honesty Builds Trust –
  • 10. About JANUS Associates: J Focused on Information Security and Business  Continuity consulting for two decades • St f d Alb Stamford, Albany, Boston, Baltimore, Silver Spring MD  B t B lti Sil S i MD • Privately held, independent, woman‐owned business Privately held, independent, woman‐ Consulting Services: • Information Security & Privacy Information Security & Privacy • Business Continuity/Pandemic/DR Planning • Regulatory Compliance, including PCI • Security Awareness Training • Breach Response and Computer Forensics • Electronic Discovery Avior business partner www.JANUSassociates.com 203‐251‐ 203‐251‐0200
  • 11. Bruce Beck, VP Business Development Compliance… Know it Now! www.aviorcomputing.com
  • 12. Risk & Compliance Process Risk Assessment Scope People Distribute Review and Assessment Remediation Questionnaires Process Technology Reporting Manage And Analysis Collection Process
  • 14. Adding to the Challenge Many overlapping compliance  requirements Fragmented compliance projects  F t d li j t spread over many regulations,  business units & third party  providers…silos  id il “70% of organizations are treating each compliance regulation 70% of organizations are treating each compliance regulation  as a silo; Inefficient, expensive, Can’t leverage common controls  and assessments, Annoying to business owners and vendors” – Compliance Marketing Group
  • 15. Survey Fatigue “Assessment is the cornerstone of any GRC methodology; you  have to know where you are with risk to know where you need  h t k h ith i k t k h d to go. Avior provides a platform to make this process easy,  repeatable and sustain‐able across your entire enterprise.” repeatable and sustain‐ p y p ‐ Steve Katz, Fmr. CISO,  Citigroup and JP Morgan  Overlapping regulations & standards   create “survey fatigue” for business  y g owners and suppliers
  • 17. Avior’s Solution Dynamic Assessment & Remediation Executive Dashboards Reporting  Repurposing   • Visibility,  Reporting & Analysis • Managing Assessment and Remediation Managing Assessment and Remediation  Process • Creating, Weighting & Scoring Assessments Assessment Designer Associator  ‐ Associator  ‐ Avior ClearView
  • 18. Map & Associate • Subscription Based Offering • Updated quarterly Updated quarterly  • Custom Configured  authoritative sources authoritative sources • Easily integrate your policies  and corporate objectives p j
  • 19. Enhanced Assessment Experience • Easy to use assess e t edito Easy to use assessment editor • Incorporate notes and attachments • Weight the response to questions Weight the response to questions • User Friendly Workflow • Intuitive responder interface Intuitive responder interface 
  • 20. Remediation • Classifying & Tracking  the  Remediation  Process • Full Reporting Capabilities • Allocate Remediation Resources
  • 21. Visibility ‐ Visibility ‐ Reporting & Dashboards  • Executive Level User Interface • D Dynamic Data Rendering  i D t R d i • Standard Suite of Reports • Role Based Reporting Role Based Reporting  • PDF, excel & Graphical
  • 22. Avior automated risk & compliance workflow Risk Assessment • Develop assessments • Set Frequency Scope • Determine scoring Risk process lifecycle support Linked to remediation management Prebuilt assessment library Dynamic mapping • Ensure completion Distribute • Determine risks to Review and Assessment •Determine business owners remediate Remediation R di ti Questionnaires •Manage • Manage remediation distribution workflow Automated review, scoring, and reporting Workflow management Forced evidence collection Response weighting Reporting Manage • Score results • Manage Reminders And Analysis Collection Process • Escalate as necessary • Determine key risks • Report to management • Review for completeness
  • 23. Achieve better results • Significant reduction in governance,  p risk and compliance costs  • Improve control of risk management  and compliance  p = Improved • Increase  executive visibility of  management enterprise  risks  p • Organize compliance with a  repeatable and sustainable process p p
  • 24. Risk & Compliance ‐ Risk & Compliance  Know it Now! Risk & Compliance ‐ Know it Now!
  • 25. Jeri Teller‐ Jeri Teller‐Kanzler President of Risk‐ President of Risk President of Risk‐Mapp Demonstration of ClearView and Demonstration of ClearView and  BenchMark H lh Healthcare assessment addressing HIPAA,  dd i HIPAA and new healthcare guidance Mapping of HIPAA, NIST 800‐ Mapping of HIPAA, NIST 800‐66, and other  standards and regulations
  • 26. Questions & Answers Questions & Answers For Additional Information: For Additional Information: Avior Computing • Bruce Beck Bruce Beck BBeck@Aviorcomputing.com 603‐964‐ 603‐964‐8040 Janus Associates • James Adams jamesa@janusassociates.com ja e a@ja u a o iate o 203‐251‐ 203‐251‐0200 26