Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
1
Security & Privacy Agenda• Security & Privacy Concepts
• Security & Privacy Awareness
• Security & Privacy Cycle
• Security & Privacy References
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
2
Security & Privacy Concepts- Security Policy - Corporation
- Digital Signature Act - Business
- Sarbanes/Oxley – Financial
• HIPAA - HealthCare
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
3
Security & Privacy ConceptsHIPAA GOAL
Protecting individuals patient data without compromising personal safety
Quality of Care Information Security
Patient Safety
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
4
Security & Privacy ConceptsPrivacy: Access, Use of, and disclose of Confidential
Information
Security: Safeguard in place to protect Confidential Information
PRIVACY - What to protected
SECURITY How it is protected
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
5
Security & Privacy AwarenessSecurity Categories:
• Administrative– Policies, procedures and practices
• Physical– Doors, Locks, Badge Access
• Technical– Software Electronic Access, Audits
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
6
Security & Privacy ConceptsSecurity Mission
- Confidentiality – Insures proper authorization to Information
- Availability – Information is Accessible
- Integrity – Accurate and Reliable
- Authentication - Proof of Identity
- Non Repudiation – legally bound
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
7
Security & Privacy AwarenessSecurity is a continuous Cycle of:
• Assessment - Identify or follow up to changes to environment?
• Plan - Suggest solutions to mitigate risk where appropriate
• Implement - Implement corrective action based on plan
• Report - Success or Failure of corrective actions
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
8
Security & Privacy Cycle
Assessment Tasks for Security
• Identify ThreatsWhat is being protected?
Who is it being protected from?
What are the threats?
Where are the Assets?
• Identify probability of Risk
• Identify Impact of Risk
• Identify acceptability of Risk
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
9
Security & Privacy Cycle
Plan Tasks for Security • Mitigate those High Risks
• Verify security planned is reasonable for:
Authentication, Non Repudiation
Confidentiality, Availability,Integrity
• Establish Cost of Solutions– Physical, administrative, technical costs
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
10
Security & Privacy Cycle
Implement Tasks for Security • Document Plan
• Verify Benchmarks
• Verify contingencies are available and ready
• Initiate changes
• Test initial success
• Complete documentation
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
11
Security & Privacy Cycle
Report for Security • Review with end users
• Report availability of system
• Initiate any additional training
• Identify and report breaches
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
12
Security & Privacy References
References Used:
http://www.HIPAAdvisory.com
http://aspe.hhs.gov/
http://www.nema.org/medical/spc
http://snip.wedi.org
http://www.sans.org
Energize Your Workflow!Energize Your Workflow!
www.merge-emed.com©2006 Merge eMed. All Rights Reserved.
2006 User Group Meeting“Energize Your Workflow”
May 7-9, 2006
13
Security & Privacy
Albert Allen Klumpp
Email: [email protected]
Phone: 1-414-977-4000
Location: Milwaukee