what keeps you up at night
play

What Keeps You Up at Night? Issues of Fraud and Abuse Compliance - PowerPoint PPT Presentation

Dec 23, 2023 •160 likes •562 views

What Keeps You Up at Night? Issues of Fraud and Abuse Compliance Series My Datas Been Stolen: Now What? Part II November 21, 2013 39 Offices in 19 Countries Todays Hosts Thomas E. Zeno Of Counsel, Squire Sanders T +1 513 361 1202

  1. What Keeps You Up at Night? Issues of Fraud and Abuse Compliance Series My Data’s Been Stolen: Now What? Part II November 21, 2013 39 Offices in 19 Countries

  2. Today’s Hosts Thomas E. Zeno Of Counsel, Squire Sanders T +1 513 361 1202 thomas.zeno@squiresanders.com Emily E. Root Senior Associate, Squire Sanders T +1 614 365 2803 emily.root@squiresanders.com 2

  3. Review of Part I – September 19 • How to know a breach has occurred • Insider and outsider threats • Should you notify law enforcement? • What does HIPAA require about Business Associates? PowerPoint link: http://www.squiresanders.com/files/Event/14e2e0c3-5769- 48e6-b68d- f87ef7d1ccff/Presentation/EventAttachment/2d7a653a-eb4a- 4f27-bffd-0147fcdbecc4/My-Data's-Been-Stolen-Now-What- Part-I.pdf Recording link: https://cc.readytalk.com/cc/playback/Playback.do?id=9466ij 3

  4. Today’s Speakers Scott A. Edelstein Partner, Squire Sanders T +1 202 626 6602 scott.edelstein@squiresanders.com Thomas J. Hibarger Managing Director, Stroz Friedberg T +1 202 464 5803 thibarger@strozfriedberg.com 4

  5. Today’s Agenda • What more does HIPAA require? • Data breach remediation • Tips to prevent a breach • Pre-planning for a breach 5

  6. HIPAA has Teeth • HHS Office for Civil Rights (OCR) • U.S. Department of Justice (DOJ) • State Attorneys General • Expanded role of FTC 6

  7. HIPAA Penalties and Enforcement • Civil Penalties  $100 per violation up to a maximum of $1.5 million per year • Criminal Penalties  Up to $50,000; one year jail for wrongful disclosure  Up to $250,000; ten years jail if intent to sell, transfer or use PHI for commercial advantage • Applies to both Covered Entities and Business Associates 7

  8. State Patient Privacy Lawsuits • No HIPAA private right of action  Patients still can sue under state common law principles – e.g., invasion of privacy • HIPAA as standard of reasonableness? 8

  9. State Data Breach Notification Laws 9

  10. Other HIPAA Obligations • Duty to mitigate • Accounting of disclosures • Review administrative, technical and physical safeguards 10

  11. Federal Data Breach Notification – General Rule After discovering a breach of unsecured PHI , a Covered Entity must notify each individual whose information was, or reasonably is believed to have been, accessed, acquired, used, disclosed as a result 11

  12. Federal Data Breach Notification - Definitions • “Unsecured PHI”  Not rendered unusable, unreadable or indecipherable – Encryption or destruction encouraged but not required • “Breach”  Unauthorized acquisition, access, use or disclosure of PHI – Compromises the security or privacy of PHI . – Elimination of subjective standard (“significant risk of financial, reputational, or other harm”) – New objective standard creates presumption of breach unless CE/BA demonstrate low probability that PHI has been compromised.  Exceptions – Certain unintentional or inadvertent disclosures – Good faith belief recipient reasonably would not retain data 12

  13. Federal Breach Notification – Risk Assessment to Determine Low Probability • Nature and extent of PHI involved (e.g., types of identifiers and likelihood of re-identification) • The unauthorized person who used PHI or to whom PHI was disclosed • Whether PHI was actually acquired or viewed • Extent to which the risk to PHI has been mitigated 13

  14. Federal Data Breach Notification – Notification Obligations • Notification required within 60 days of discovery  Enforcement rule requires correction in 30 days  BA failing to notify CE can be penalized directly  State law may have shorter notice periods (e.g., Calif.) • Notification:  Briefly describe what happened and when  Describe types of unsecured PHI involved  Describe how individuals can protect themselves  Briefly describe investigation, mitigation and protection  Provide contact information 14

  15. Federal Data Breach Notification – Form of Notice • Plain language • Written  Via mail (or electronic if individual agrees)  If deceased, next of kin or personal representative  Also telephone or other means if urgent • Substitute notice if contact info insufficient  < 10, alternative written, telephone or other means  > 10, either 90-day website posting or media notice PLUS 90-day toll-free number 15

  16. Federal Data Breach Notification – Additional Required Notice • Media Notification  > 500 residents of State, notify prominent media outlets  Within 60 days of breach discovery  Same content as notice to individuals • HHS Notification  > 500, notify HHS at same time as individuals  < 500, maintain a breach log and notify HHS with 60 days after the end of calendar year – Hospice of North Idaho settlement Dec. 2012 16

  17. Lessons Learned • Encryption will prevent a lot of headaches • OCR will have access to everything • State AGs may become involved • Media attention • Enterprise embarrassment • Consider cyber insurance • May prompt litigation  Between covered entities and business associates – Who will pay costs associated with notification? – Security incident versus breach – Enforcement of agreements with offshore BAs  By affected individuals 17

  18. Key Steps • Organize your network data • Update Policies and Procedures • Develop a Response Plan • Perform a Risk Assessment 18

  19. Organize Your Network Data • Map your critical assets • Record backup schedules and inventories • Update user lists • Centralize logging functions 19

  20. Update Policies and Procedures • Conform them to HIPAA Security and Privacy Audit Protocols • Account for New Technology  Text Messaging  Social Media  BYOD  Cloud Computing 20

  21. BYOD – Bring Your Own Device http://blogs.wsj.com/riskandcompliance/2013/09/26/hospitals-allowing-byod-face-complications-with-new-hipaa-rule/ • Consider the risk implications of BYOD vs. convenience • Where is the perimeter of your network and who controls it? • ePHI transmitted via emails, texts, attached documents • ePHI must be secured in transit and at rest - container • iOS vs. Android 21

  22. Develop a Response Plan • Management endorsement • Contact lists • Legal analysis and timeline • Categories of adverse events • Facilities and equipment list • Outreach plan • An effective team 22

  23. The Cloud • OCR Guidance that Cloud providers are Business Associates 23

  24. Develop a Response Plan – Effective Team 24

  25. Communication Other Key Constituents •  Team Members − Outside & in-house counsel − Compliance, HR, IT − Business managers, public affairs − Experts  Board/CEO, Executives  Employees  Shareholders  Unaffected Patients, Providers, or Customers 25

  26. Perform a Risk Assessment • The HIPAA Security Rule requires it • HHS auditors report it as one of the most common compliance failures 26

  27. Preservation • Unhook infected machines  Do NOT poke around  Insert clean and patched machines • Call experts to image infected machines • Save off log files • Pull needed backup(s) out of rotation • Save keycard data and surveillance tapes • Start real-time packet capture • Force password changes 27

  28. Breach Timeline 28

  29. Mitigating Your Risks Simple steps to reduce risk of compromising your data and systems Encrypt data – in motion and at rest • Install software security patches • Train employees to avoid security threats • Robust passwords; changed; no default passwords • Use multi-factor authentication for remote access •  Employees from outside the office  Sensitive on-line accounts such as financial and cloud storage of patient data Terminate dormant user accounts • Use up-to-date virus scanning software • Periodically audit compliance with data security • 29 rules

  30. Mitigating Your Risks Simple steps to reduce the damage if/when a compromise occurs • Don’t store data you don’t need • Know where your data is • Use internal network walls to protect sensitive data • Train employees to spot and report anomalies • Monitor logs in your system to detect anomalies 30

  31. Mitigating Your Risks Steps for reducing insider cybercrime and data breach risk • Create written employee conduct policies  Include social media use policies • Restrict internet sites able to exfiltrate sensitive data • Create tiered access to sensitive information  Not everyone needs access to everything • Check background of employees with access to sensitive information • Restrict use of external storage devices 31

  32. Mitigating Your Risks Steps for reducing insider cybercrime and data breach risk (con’t) • Implement employee exit procedures  Acknowledgement of post-employment obligations  Termination of account access • Dual controls for access to certain sensitive data 32

  33. Mitigating Your Risks Reducing the risk of employee negligence • Good risk management of malicious conduct • Encryption • Don’t store data unnecessarily • Encryption • Data security policies and audits • Encryption • Employee training • Audit compliance with data security rules 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Analog night vision devices April, 2020 ANALOG NIGHT VISION DEVICES Night vision devices

Analog night vision devices April, 2020 ANALOG NIGHT VISION DEVICES Night vision devices

Analog night vision devices April, 2020 ANALOG NIGHT VISION DEVICES Night vision devices amplify the rest light in the night so the user gets a brighter image for observing Night vision devices operate in the visible and also

378 views • 11 slides
THE EARTH CYCLES By: Chrissy What Causes Day and Night The sun causes day and night as the

THE EARTH CYCLES By: Chrissy What Causes Day and Night The sun causes day and night as the

THE EARTH CYCLES By: Chrissy What Causes Day and Night The sun causes day and night as the earth rotates around the sun. The sun 's rays hit different parts of the earth causing day and night. WHAT IS THE SUN The sun is a burning ball

418 views • 12 slides
TH THE E SU SUN N AND TH AND THE E EAR EARTH TH All Ab About out Day y and Night ght

TH THE E SU SUN N AND TH AND THE E EAR EARTH TH All Ab About out Day y and Night ght

TH THE E SU SUN N AND TH AND THE E EAR EARTH TH All Ab About out Day y and Night ght Ex Explaining laining Day an y and d Nigh ght Ancient cultures explained day and night The Egyptian sun god, Ra, traveled across the sky

207 views • 9 slides
Systems GENERAL FEATURES When the first night vision devices were developed, the military

Systems GENERAL FEATURES When the first night vision devices were developed, the military

Night Vision Clip-on May, 2020 Systems GENERAL FEATURES When the first night vision devices were developed, the military quickly needed a rifle-mounted version Night vision rifle scopes could be used only during the night For daytime

353 views • 10 slides
Night vision April, 2020 binoculars NIGHT VISION BINOCULARS Very popular among hunters

Night vision April, 2020 binoculars NIGHT VISION BINOCULARS Very popular among hunters

Night vision April, 2020 binoculars NIGHT VISION BINOCULARS Very popular among hunters Offer a magnified picture for night-time observations Available in different magnification Available as analog NV binoculars or digital NV

250 views • 8 slides
Surviving the First Night Surviving the First Night Surviving the First Night Surviving

Surviving the First Night Surviving the First Night Surviving the First Night Surviving

Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Duane Anderson,

631 views • 40 slides
PRESENTATION NIGHT POLICY As part of the Annual Presentation Night, a Committee will operate each

PRESENTATION NIGHT POLICY As part of the Annual Presentation Night, a Committee will operate each

PRESENTATION NIGHT POLICY As part of the Annual Presentation Night, a Committee will operate each year. It will consist of the Deputy Principal, Heads of Department, Sport Coordinator and Administration. The Committee and will be responsible

661 views • 11 slides
International Baccalaureate Programme Information Night IB Night Agenda What is IB? Why

International Baccalaureate Programme Information Night IB Night Agenda What is IB? Why

International Baccalaureate Programme Information Night IB Night Agenda What is IB? Why choose IB? What does the RICS IB experience look like? Is IB the right fit? What is the next step? The IB Mission The International

531 views • 24 slides
1 2 These are some of our reasons for hosting a game night. You may have other reasons that are

1 2 These are some of our reasons for hosting a game night. You may have other reasons that are

1 2 These are some of our reasons for hosting a game night. You may have other reasons that are just as valid. 3 Shared responsibility goes both ways- the library and Student Activities both benefit. Timing is important. Try and pick a night

1.3k views • 95 slides
Day and Night One of the most fundamental astronomical cycles. But what does it mean in

Day and Night One of the most fundamental astronomical cycles. But what does it mean in

Day and Night One of the most fundamental astronomical cycles. But what does it mean in astrology? Concept of sect recently recovered from ancient astrology. Posits a distinction between day and night charts. Interpretation of

923 views • 66 slides
August 19-25, 2016 New Orleans, LA Briefing Agenda Day by Day Overview Golf Tournament Event

August 19-25, 2016 New Orleans, LA Briefing Agenda Day by Day Overview Golf Tournament Event

August 19-25, 2016 New Orleans, LA Briefing Agenda Day by Day Overview Golf Tournament Event Maps Hotel Info / Transporta&lt;on from Airport Jackson Barracks Parking Events: Welcome Night / Open Night / Jr Enlisted Night / All Area Night /

485 views • 23 slides
Curriculum Night 2nd grade 2nd grade Communication Please check take home folder every night

Curriculum Night 2nd grade 2nd grade Communication Please check take home folder every night

Curriculum Night 2nd grade 2nd grade Communication Please check take home folder every night Send in note if dismissal plans are going to change Check in at the office and get visitors badge when entering the school Send lunch money in

233 views • 11 slides
WELCOME TO THE 2012-2013 PRESENTATION NIGHT WELCOME TO THE 2012-2013 PRESENTATION NIGHT

WELCOME TO THE 2012-2013 PRESENTATION NIGHT WELCOME TO THE 2012-2013 PRESENTATION NIGHT

WELCOME TO THE 2012-2013 PRESENTATION NIGHT WELCOME TO THE 2012-2013 PRESENTATION NIGHT THANK YOU TO OUR SPONSORS PRESIDENTS WELCOME CHRIS CLOHESY WELCOME TO THE 2012-2013 PRESENTATION NIGHT STATE CHAMPIONSHIP AWARDS State

681 views • 44 slides
Welcome! Lewiston High School Senior Information Night October 1, 2018 Senior Information Night

Welcome! Lewiston High School Senior Information Night October 1, 2018 Senior Information Night

Welcome! Lewiston High School Senior Information Night October 1, 2018 Senior Information Night Agenda Welcome Remarks Kevin Driskill, LHS Principal Senior Party Information Brenda Ross, Vice-Chairman, Parent Committee

771 views • 44 slides
Travilah Back to School Night Back to School Night Meeting Presentation Principals Welcome

Travilah Back to School Night Back to School Night Meeting Presentation Principals Welcome

Welcome Families! Travilah Back to School Night Back to School Night Meeting Presentation Principals Welcome Travilah Staff Highlights (Specialists &amp; non-classroom based) Message from the PTA President Our School Improvement Plan

674 views • 17 slides
A thousand and this night! Arabian Night 2014 8 th October 2014 Dear Readers, This year, on

A thousand and this night! Arabian Night 2014 8 th October 2014 Dear Readers, This year, on

A thousand and this night! Arabian Night 2014 8 th October 2014 Dear Readers, This year, on Wednesday 8 October 2014, we are organising a magical evening of Arabian Nights at Philippos Yiapanis Sculpture Park Small Salamina in

459 views • 13 slides
individuals and groups having a common interest W E ARE ALL INVOLVED IN NETWORKING ALL OF THE TIME

individuals and groups having a common interest W E ARE ALL INVOLVED IN NETWORKING ALL OF THE TIME

E FFECTIVE NETWORKING DEIS Conference May 15 th 2014 N ETWORKING AS A NOUN a supportive system of sharing information and services among individuals and groups having a common interest W E ARE ALL INVOLVED IN NETWORKING ALL OF THE

505 views • 11 slides
Facilitator: Catherine Cooper Facilitator Emergency procedures Details on how to

Facilitator: Catherine Cooper Facilitator Emergency procedures Details on how to

Facilitator: Catherine Cooper Facilitator Emergency procedures Details on how to claim for sitting fees, travel costs etc. will be provided at the end of the meeting Copies of documentation available Industry members

767 views • 43 slides
Federal Tax Cuts and Jobs Act, the Wayfair Decision, and Related Tax Policy Issues for 2019

Federal Tax Cuts and Jobs Act, the Wayfair Decision, and Related Tax Policy Issues for 2019

Federal Tax Cuts and Jobs Act, the Wayfair Decision, and Related Tax Policy Issues for 2019 Annual Meeting November 15, 2018 1 S ENATE F INANCE C OMMITTEE Discussion Topics Major General Fund Revenue Sources Virginia Taxes 101 Tax Cuts and

657 views • 40 slides
Todays Presentation Are we supporting for development? 1. Rural places are places of

Todays Presentation Are we supporting for development? 1. Rural places are places of

11/08/2018 THROUGH A RURAL LENS: PROGRAMMES, POLICY &amp; PRACTICE - DEVELOPING OR SUPPORTING THE RURAL? Dr. Karen Keaveney Assistant Professor, UCD School of Agriculture &amp; Food Science Research Associate, ICLRD Todays Presentation

160 views • 14 slides
RHLF LF PR PRES ESEN ENTATIO ION Credit Amnesty, Debt Relief &amp; Data Sharing Presented by

RHLF LF PR PRES ESEN ENTATIO ION Credit Amnesty, Debt Relief &amp; Data Sharing Presented by

RHLF LF PR PRES ESEN ENTATIO ION Credit Amnesty, Debt Relief &amp; Data Sharing Presented by Mark Seymour 23 March 2017 Credit Information Amnesty Amnesty 1 1 June 2006 Removal of all dormant accounts older than 24 months (last

282 views • 11 slides
CLOSING BUDGET DEBATE PRESENTATION Wednesday, May 22, 2017 HONOURABLE AUDLEY SHAW, CD, MP

CLOSING BUDGET DEBATE PRESENTATION Wednesday, May 22, 2017 HONOURABLE AUDLEY SHAW, CD, MP

CLOSING BUDGET DEBATE PRESENTATION Wednesday, May 22, 2017 HONOURABLE AUDLEY SHAW, CD, MP MINISTER OF FINANCE AND THE PUBLIC SERVICE A. INTRODUCTION I wish to once again thank the staff of the Ministry of Finance and the Public Service and

565 views • 22 slides
Dos and Donts of Grant Writing Dos and Donts of Grant Writing The Problem Multiple

Dos and Donts of Grant Writing Dos and Donts of Grant Writing The Problem Multiple

Dos and Donts of Grant Writing Dos and Donts of Grant Writing The Problem Multiple Submittals Proposals of Poor Quality 7 Dos and Donts of Grant Writing The Solution (aka the reason for this workshop) Think about your

281 views • 9 slides
How to Give an Excellent Presentation CB01.05.25 (02) 9514 9733 helps@uts.edu.au

How to Give an Excellent Presentation CB01.05.25 (02) 9514 9733 helps@uts.edu.au

WELCOME TO ORIENTATION! How to Give an Excellent Presentation CB01.05.25 (02) 9514 9733 helps@uts.edu.au www.helps.uts.edu.au 2020 HELPS Orientation Competition $40 COLES-MYER gift cards to be won! Go to UTS HELPS to enter:

543 views • 41 slides

More recommend