CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with...
-
Upload
health-it-conference-iht2 -
Category
Education
-
view
128 -
download
0
description
Transcript of CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with...
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Creating an Effective Cyber Security Strategy
________Key Attributes for Success, Challenges and
Critical Success Factors
● Angela Duncan Diop, ND, CHCIO, VP of Information Systems
Unity Health Care, Inc. ●
#LEAD14
ANATOMY OF A BREACH
A CHIME Leadership Education and Development Forum in collaboration with iHT2
INTRODUCTION
Unity Health Care, Inc.Federally
Qualified Health Center
Over 100,000 unique patients
in 2013
30 sites; health centers,
homeless service sites, school based health
centers, correctional sites, and a mobile site Mission
Promoting healthier communities through compassion and comprehensive health and human services, regardless of ability to pay.
4
5
Unity’s Patients• Patient population is
racially and ethnically diverse and largely minority
• Substantial health disparities and poor health outcomes exist
• Great need for accessible and comprehensive primary care services
THE INCIDENTData is like water – it always flows through the cracks
Description• A personal laptop
containing data from a nutrition and exercise program
• Student assisting in the analysis of data saved it to a flash drive.
• Loaded to a personal computer.
• Stolen from a student’s home in a burglary.
FreeDigitalPhotos.net
Description
• Type of Incident: Theft
• Location of Breach: Laptop computer - unencripted
• Approximate number of individuals affected by the breach: 305
FreeDigitalPhotos.net
THE CALLTo breach or not to breach – that is the question.
Type of PHI Involved
• Demographic information – name and DOB
• Clinical Information -diagnosis/conditions
• The data consisted of names, dates of birth, weight, body mass index, and for a limited number of participants, information regarding a history of hypertension or diabetes.
Risk Assessment
• Consulted our HIPAA auditor• Consulted our attorney• Met/discussed with our Executive
Management team• Decided to treat the incident as a
breach
THE RESPONSENever let a good crisis go to waste
Created a Team
• Appointed a breach response team– Privacy Officer– VP of Information
Systems– Legal Counsel– VP of Clinical
Administration– Deputy Chief Medical
Officer– VP of Human Resources
Gap Analysis &Corrective Action Plan
• Overall responsibility – Privacy Officer or VP of IS
• Identifies the steps that led to incident
• Captures key info surrounding the incident– Description– Issues/Gaps– Lead – Due date
Incident Response Plan
• Plan that the team creates and follows to address the incident– Investigation– Risk Assessment– Notifications –
Patients, HHS, Staff Exe Man Team, Exe. Board
– Corrective actions
EPILOGUEMilk the crisis for all it’s worth
Benefits Gained
• Blue print for responding to a breach
• Breach team• Breach management policy• Breach insurance• Retraining of staff• Heightened awareness by senior
leadership and Board
Q & AAngela Duncan Diop, ND, CHCIO
A CHIME Leadership Education and Development Forum in collaboration with iHT2
@AngelaDiop@UnityHealthCare