energize your workflow! ©2006 merge emed. all rights reserved. 2006 user group meeting “energize...

Energize Your Workflow!Energize Your Workflow!

www.merge-emed.com©2006 Merge eMed. All Rights Reserved.

2006 User Group Meeting“Energize Your Workflow”

May 7-9, 2006

1

Security & Privacy Agenda• Security & Privacy Concepts

• Security & Privacy Awareness

• Security & Privacy Cycle

• Security & Privacy References




May 7-9, 2006

2

Security & Privacy Concepts- Security Policy - Corporation

- Digital Signature Act - Business

- Sarbanes/Oxley – Financial

• HIPAA - HealthCare




May 7-9, 2006

3

Security & Privacy ConceptsHIPAA GOAL

Protecting individuals patient data without compromising personal safety

Quality of Care Information Security

Patient Safety




May 7-9, 2006

4

Security & Privacy ConceptsPrivacy: Access, Use of, and disclose of Confidential

Information

Security: Safeguard in place to protect Confidential Information

PRIVACY - What to protected

SECURITY How it is protected




May 7-9, 2006

5

Security & Privacy AwarenessSecurity Categories:

• Administrative– Policies, procedures and practices

• Physical– Doors, Locks, Badge Access

• Technical– Software Electronic Access, Audits




May 7-9, 2006

6

Security & Privacy ConceptsSecurity Mission

- Confidentiality – Insures proper authorization to Information

- Availability – Information is Accessible

- Integrity – Accurate and Reliable

- Authentication - Proof of Identity

- Non Repudiation – legally bound




May 7-9, 2006

7

Security & Privacy AwarenessSecurity is a continuous Cycle of:

• Assessment - Identify or follow up to changes to environment?

• Plan - Suggest solutions to mitigate risk where appropriate

• Implement - Implement corrective action based on plan

• Report - Success or Failure of corrective actions




May 7-9, 2006

8

Security & Privacy Cycle

Assessment Tasks for Security

• Identify ThreatsWhat is being protected?

Who is it being protected from?

What are the threats?

Where are the Assets?

• Identify probability of Risk

• Identify Impact of Risk

• Identify acceptability of Risk




May 7-9, 2006

9


Plan Tasks for Security • Mitigate those High Risks

• Verify security planned is reasonable for:

Authentication, Non Repudiation

Confidentiality, Availability,Integrity

• Establish Cost of Solutions– Physical, administrative, technical costs




May 7-9, 2006

10


Implement Tasks for Security • Document Plan

• Verify Benchmarks

• Verify contingencies are available and ready

• Initiate changes

• Test initial success

• Complete documentation




May 7-9, 2006

11


Report for Security • Review with end users

• Report availability of system

• Initiate any additional training

• Identify and report breaches




May 7-9, 2006

12

Security & Privacy References

References Used:

http://www.HIPAAdvisory.com

http://aspe.hhs.gov/

http://www.nema.org/medical/spc

http://snip.wedi.org

http://www.sans.org




May 7-9, 2006

13

Security & Privacy

Albert Allen Klumpp

Email: [email protected]

Phone: 1-414-977-4000

Location: Milwaukee

energize your workflow! ©2006 merge emed. all rights reserved. 2006 user group meeting “energize...

Documents