cloud, hipaa and the it healthcare revolution
Post on 22-Jan-2018
227 Views
Preview:
TRANSCRIPT
© 2013 VMware Inc. All rights reserved
Cloud, HIPAA and the IT Healthcare Revolution:HIPAA and HITECH -
Implications for Corporate Compliance
January 2016
Welcome and Introductions
2
Lilac Schoenbeck VP Product Marketing
Frank KriegerDirector of
Compliance
• Provides the ability to transfer and continue
health insurance coverage
• Reduces health care fraud and abuse
• Mandates industry-wide standards for health
care information on electronic billing and
other processes
• Requires the protection and confidential
handling of protected health information
Quick History of HIPAA
HIPAA was established in 1996
• HITECH Act addresses the privacy and
security concerns associated with the
electronic transmission of health information
• Provided guidance for use of 3rd party cloud
services through use of Business Agreements
Quick History of HITECH
HITECH Act was enacted in 2009
Overarching IT Requirements of HIPAA and HITECH
Compliance
Patient Privacy
Physical Security
Data Security
Oversight and Governance
Vendor Verification –
Procurement Management
Patient Privacy
Explanation of usage of patient
information
Notification of changes to privacy
policies and statements
Restrict access to those requiring it
Data Security
Access Control
• Role based
• Limited access
• Testing
Encryption
• At rest
• In transit
Breach Notifications
• Encryption is HUGE here
Oversight and Governance
Perform risk evaluations
Maintain system logs
Track changes and service requests
Show remediation activities through incident
and problem processes
Perform training
Vendor Verification – Procurement Management
Request 3rd Party Auditor Reports
Perform semi-annual audits of your
suppliers
Perform DR and other tests to check
readiness of suppliers
iland delivers a breadth of cloud services
Reserved & Pay-as-you-Go
IaaS
Isolated resources in a
hosted cloud
Fast and reliable DRaaSExternally-hosted backup
• Separate servers and/or
storage
• Control down to the
hypervisor level
• Included industry-leading
management portal
• Near-real time recovery
• Self-service testing
• Network and legacy system
flexibility
• Based on Veeam Cloud
Connect technology
• Stores data safely in your
choice of locations
• Low, archive storage
pricing
• Industry-leading
management portal
• Included extras like 7-
day backup and VPN
• Simplified and
transparent pricing
Enterprise
Cloud Services
Disaster Recovery
as a Service
Private Cloud Cloud Backup
Available with Advanced Security & Compliance
iland Enterprise Cloud Services Console
Straightforward, complete VM management, driven by Big Data back end for exceptional analytics
• Real-time & historical billing & performance statistics
• Network management - from firewalls to VPNs
• Integrated iland DRaaS Management
• Embedded security and compliance reporting
• 7-day back up, custom alerts & shareable graphs
• Ongoing innovation through quarterly updates
iland Embedded & Advanced Security Features
For all IaaS, DRaaS and Private Cloud users
• Console-based non-intrusive vulnerability
scanning
• Role-based access control
• Two-factor authentication
• ECS event & login event history
• Support ticket history
• Available VM encryption
Heightened security & compliance support
• Firewall event reporting & blocking
• OS and application integrity monitoring
• Web reputation reporting & blocking
• Deep Packet inspection for:
• Intrusion prevention & detection
• Web application protection
• Application control
• Anti-virus / anti-malware scanning and
quarantine
• Storage-based encryption
• Available VM encryption
Advanced SecurityECS Security
Encryption Options
Storage-based Encryption
• Included in the ECS-AS platform
• Protects physical disks in a physical data center breech
• Iland holds the encryption key at the datacenter level
VM Encryption with Hytrust
• Add-on feature for ECS and ECS-AS
• Protects VMs in a digital breech
• Customer holds encryption key
• Purchased on a per-VM basis
• Can integrate with on-premise Hytrust
iland’s compliance team can help
• Signed Business Associates Agreement (BAA)
• Support for responding to audits and interpreting reports
• Provide supporting documentation relating to HIPAA
specifications
HIPAA Compliance
Certified compliance experts available to answer your questions
• Review of regulatory requirements and audit reports
• Support in correlating reports with industry regulations
• Assistance in aligning you with industry regulation controls
utilizing the ITIL 2011 framework
Compliance
Ensuring HIPAA and HITECH Compliance
• # 1 item to remember – BE ABLE TO PROVE IT
• Start with an in-house review
• Confirm your 3rd Party Suppliers are meeting the
requirements you must operate under
• Work with your in-house Legal and/or Compliance
teams to ensure you can generate process output
“proof”
• Seek professional assistance if you do not have an
in-house Compliance or Legal team
Ask Frank about Safe Harbor or
other compliance requirements:
www.iland.com/contact
19
Learn More
top related