Unified SaaS Solution for Cybersecurity and Risk Curran Data - - PowerPoint PPT Presentation

unified saas solution for cybersecurity and risk
SMART_READER_LITE
LIVE PREVIEW

Unified SaaS Solution for Cybersecurity and Risk Curran Data - - PowerPoint PPT Presentation

Aug 21, 2022 475 likes •741 views

Unified SaaS Solution for Cybersecurity and Risk Curran Data Technologies 317-974-1009 www.currandata.com Solution Discover the effective simplicity of a unified RSC solution Discover Solution Diagnose Assess RSC Gaps Cure

slide-1
SLIDE 1

Unified SaaS Solution for Cybersecurity and Risk

Curran Data Technologies – 317-974-1009 www.currandata.com

slide-2
SLIDE 2

Solution

Discover the effective simplicity of a unified RSC solution

Discover

slide-3
SLIDE 3

Solution

Cloud-SaaS based Comprehensive Risk, Security and Compliance Management Platform. Unified and Integrated. Expert systems driven with Big Data Analytics

Diagnose

 Assess RSC Gaps

Cure

 Wizard driven RSC remediation

Protect

 Continuous monitoring

slide-4
SLIDE 4

Solution Portfolio

Assesses risk, prioritize and remediate exposures with continuous monitoring Discovers security threats and vulnerabilities, prioritizes and remediate exposures followed by continuous monitoring Provides an integrated and harmonized control set to assess compliance issues, prioritize gaps and remediate through policies, procedures and implementation guidance Continuous monitoring of contractual compliance and risk exposure of BA-Vendors / Employees / Contractors. Automated monitoring of sanctions / exclusions / licensure / credentials

slide-5
SLIDE 5

Aegify Integrity Manager

Minimizing the Risks Of Third Parties and Employees

Avoiding costly fines with real-time monitoring solutions

slide-6
SLIDE 6

Healthcare Organizations Have Compliance Requirements Under Health & Human Services

Office of Inspector General (OIG)

  • Requires that organizations work with vendors and individuals who are

not sanctioned or excluded from working with federal or state programs. Doing so can come with huge fines.

Office for Civil Rights (OCR)

  • Oversees HIPAA compliance requirements
  • Requires that any entity working with Protected Health Information (PHI)

have proper security and risk assessment programs in place to monitor any third party handling PHI data. Failure to do so can result in huge fines.OIG and OCR compliance requirements

THE DOUBLE WHAMMY

slide-7
SLIDE 7

Enforcement Efforts by Both OIG and OCR Continue to Ramp Up

“In 2015 over $3 Billion in investigative and audit receivables was collected by OIG-sanctions and exclusion violations” “Breaches in the healthcare industry total an exorbitant $ 6.2 billion annually, with the average cost of a single data breach across all industries now $ 4 million.“ - OCR continues to ramp up enforcement Source: 2016 Cost of a Data Breach Study: Global Analysis from IBM and Ponemon Institute

slide-8
SLIDE 8

Consequences of Poor Implementation

slide-9
SLIDE 9

OIG Civil Monetary Penalties - examples

Exclusions/Sanctions Monitoring CE: Alternative Consulting Enterprises, Inc. (ACE), PA Date: 12/22/2016 Event: After it self-disclosed conduct to OIG, ACE, agreed to pay $126,102.38 for allegedly violating Civil Monetary Penalties Law. OIG alleged that ACE employed an individual that it knew or should have known was excluded from participation in Federal health care programs. Penalty: $ 126,102.38 Licenses / Credentials Monitoring CE: Planned Parenthood Health System Inc., NC Date: 06/24/2016 Event: After it self-disclosed conduct to OIG, Planned Parenthood agreed to pay $1,572,752.80 for potentially violating the Civil Monetary Penalites

  • Law. Planned Parenthood submitted

claims to Medicaid programs in North Carolina, South Carolina, Virginia and West Virginia that included the following billing errors:

  • services billed under a provider

number different that the medical professional who provided the service

  • billed for services of non-physician

practitioners who were not properly enrolled in their state Medicaid Program Penalty: $ 1,572,752.80 Exclusions / Sanctions Monitoring CE: Antelope Valley Hospital (AVH), CA Date: 11./30/2016 Event: After it self-disclosed conduct to OIG, AVH agreed to pay $ 190,087.90 for allegedly violating the Civil Monetary Penalties Law. OIG alleged that AVH employed an individual that it knew or should have known was excluded from participation in Federal healthcare programs. Penalty: $ 190,087.90

slide-10
SLIDE 10

OCR Wall of Shame- examples

Vendor Risk CE: Dr. Q. Pain and Spine d/b/a Arkansas Spine and Pain Affected Individuals: 17,100 Event: A virus or malware was potentially installed on the information systems of Bizmatics

  • Inc. a business associate of the

CE, Arkansas Spine and Pain (CE). Approx. 17,100 individuals' electronic medical records were compromised, but the BA and CE were unable to determine whose records or what information, if nay, was accessed. OCR obtained a copy of the BA agreement in place between the CE and this BA. This review has been addressed by a separate review of the BA. Penalty: $ 4 Million HIPAA Violation | ePHI Breach CE: Advocate Medical Group Affected Individuals: 4 Million Event: Failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to all of its ePHI;

  • implement policies and procedures

and facility access controls to limit physical access to the electronic information systems housed within a large data support center

  • obtain satisfactory assurances in the

form of a written business associate contract that its business associate would appropriately safeguard all ePHI in its possession

  • and reasonably safeguard an

unencrypted laptop when left in an unlocked vehicle overnight Fines: $ 5.55 Million HIPAA Violation / PHI Breach CE: North Memorial Affected Individuals: 9,497 Event: Approx. 9,497 patient health records were compromised by Accretive Health Inc., a business associate of the covered entity. Accretive Health was given access to a hospital database containing the ePHI of 289,94

  • patients. Under HIPAA Rules,

covered entities must obtain a signed BAA from any vendor that provides functions, activities or services for or on behalf of a covered entity that requires access to patient ePHI. Penalty: $ 1.55 Million

slide-11
SLIDE 11

The Risk Perspective

slide-12
SLIDE 12

Risk Approaches

  • The vendor is just as much at risk of being found non-

compliant as the covered entity! Yes and No

  • People are honest! Should be, but aren’t always
  • They are supposed to be in compliance. Trust, but

verify

  • They don’t know what they are doing. I better do it for

them.

slide-13
SLIDE 13

Limited Strategies Seen Today

  • Excel spreadsheets
  • Manual or periodic spot checks
  • Siloed (one department doing sanctions checks and

another doing vendor risk management. No uniformity)

  • Very expensive and time consuming with many manual

labor processes

  • No real-time continuous monitoring of vendors
  • No real-time continuous monitoring of HIPAA

certification status for all BA’s/Vendors

slide-14
SLIDE 14

Results of Current Strategies

  • Financial risk is high
  • Too many spreadsheets
  • Too much time spent on manual checking and

verifying the integrity of business associates, contract workers, employees

  • Up to $11,000 fine per claim
  • Personal criminal fines and/or jail time
slide-15
SLIDE 15

The Solution

slide-16
SLIDE 16

Integrity Manager – Key Features

  • Real-time, Automated and Continuous Monitoring Across Multiple Databases
  • Regular monitoring of all federal and state exclusions databases
  • Configure, Deploy and Start Using in Less Than 30 days
  • Maintain a state of ever-readiness for compliance. Attestation of policies for staff.
  • Perform Integrity Checks on Vendors, Business Associates, Employees and

Contract Workers

  • Be proactive and mitigate risk - easily and quickly check on current or past status of

vendors and employees with one comprehensive solution

  • Perform HIPAA Risk Assessments on Vendors handling PHI data
  • Provide a dashboard of risk profiles of all vendors
  • Get Strategic Insights from Reports and Comparative Analytics
  • A rich library of reports enables visibility into current vendor risk profile and

exposure from fines and penalties at the click of a mouse

slide-17
SLIDE 17

Integrity Manager Business Benefits

  • Increase productivity with easy to use simple

interface

  • Fast and easy reporting with a rich library of

reports

  • Accelerate trouble shooting and resolution time

with a web-based exceptions based dashboard = makes it easy to identify an issue and take immediate action

  • Be up and running in 30 days. Easy configuration

and fast deployment

  • Improve operational efficiencies with a

comprehensive automated workflow to manage all exclusions and sanctions

  • Mitigate risk and avoid costly fines while

maintaining regulatory compliance

slide-18
SLIDE 18

Why Choose Integrity Manager?

  • Improved and automated oversight for all Integrity Checking processes
  • Automates all of the manual processes in exclusions/sanctions and employee

background checking.

  • Eliminate/avoid costly fines and penalties from the OIG and OCR
  • Ability to proactively identify vendors, business associates and employees who are on

the excluded lists

  • Breakdown the silos - one comprehensive solution that can be

accessed anywhere at anytime by multiple staff members

  • Ability to be notified via a web-based dashboard of any infractions and

take immediate action remedy

slide-19
SLIDE 19

Establishing an Automated State of Continued Readiness

slide-20
SLIDE 20

Easy Access to Federal and State Databases and Exclusions Lists

slide-21
SLIDE 21

. …….. ……..

Data Loading and Data Synchronization processes are custom for each data source and will vary based on source update frequency, approach and content format Source Staging Source History Data Loading Data Synchronization OFAC LEIE NY NJ SAM

Source 1 History Source 2 History Source n History

Consolidated Source Database

Sanctions/Exclusions License / Credentials Master Database

Manual / review is done on duplicate groups and merger policies fine-tuned to automate the process.

Deduplication algorithms are run on the Consolidated Source Database

RE Matching Services

Query the Master DB Matching Entity / Individual Consolidated Source Database will have all the records from all the data sources. Unique record for every Individual / Entity.

Integrity Manager Automated Process

State-wise Exclusions

Source Data Preparation and Maintenance

Manage-by-Exception Dashboard

Practitioner Credentials DB Practitioner License DB

slide-22
SLIDE 22

R S C MANAGE ME NT

Actionable Analytics

RSC– With and Without Aegify

PROVIDER WITHOUT AEGIFY RSC

  • Siloed/Fragmented approach
  • Higher Total Cost of Ownership
  • Needless Complexity
  • Ineffective RSC analysis
  • Lack of Unification for RSC controls
  • Manual processes for monitoring

and oversight

PROVIDER WITH AEGIFY RSC

  • Unified and Integrated RSC with

single pane view

  • Simple to deploy with low TCO
  • Real-time Continuous monitoring
  • Comprehensive, integrated suite for

effective risk analysis using an unified control set

  • Significantly reduced risk exposure

DIAGNOSE I CURE I PROTECT

slide-23
SLIDE 23

Key Differentiators Today, Aegify is the only Comprehensive Cybersecurity vendor in the Healthcare marketplace that uniquely provides:

– A framework for enterprise-wide RSC unification with a unified console – A cloud-based remote deployment of security scanning and management – Automated and efficient oversight of all BA-Vendors – A harmonized regulatory control set with mappings to security threats and vulnerabilities – Automated asset discovery and management with role based access control – History of all organizational vulnerabilities and threats with remediation – Demonstration of “reasonable efforts” for legal defense

Selected as the only “Innovative Technology Provider” for Cybersecurity by Vizient

Summary

slide-24
SLIDE 24

Unified SaaS Solution for Cybersecurity and Risk

Curran Data Technologies – 317-974-1009 www.currandata.com