HIPAA BYOD webinar-v6 - Final
-
Upload
michael-flavin -
Category
Documents
-
view
257 -
download
0
Transcript of HIPAA BYOD webinar-v6 - Final
World Leader in Digital Faxing
HIPAA-compliant Faxing…in a BYOD World TrendsMisconceptionsBest Practices HIPAA-compliant Faxing
World Leader in Digital Faxing
The Speakers
Michael FlavinSenior Product Marketing ManagereFax Corporate®, part of j2 Cloud Services
Brad SpannbauerDirector, Product DevelopmenteFax Corporate®, Part of j2 Cloud Services
World Leader in Digital Faxing
HIPAA Concerns with BYOD — and Common Misconceptions
Faxing in Healthcare Today
Q&A
Industry Trends: BYOD in Healthcare
Compliant Mobile Faxing with eFax Corporate® and eFax Secure™
BYOD Best-Practices for Protecting ePHI
Agenda
World Leader in Digital FaxingWorld Leader in Digital Faxing 4
Michael FlavinSr. Product Marketing Managerj2 Cloud Services
Michael PearsonCISSP
World Leader in Digital Faxing
81%
of physicians now use their personal mobile devices to access ePHI.
Source:
World Leader in Digital Faxing
World Leader in Digital Faxing
60%
of doctors say they avoid at least one adverse drug error a week by using medical apps.
Source:
50%
report these apps save them 20 minutes a day — for a busy primary-care physician, a chance to see 2 more patients a day.
World Leader in Digital Faxing
Lost devices
Hacked devices
Jail-broken devices
Stolen devices
Unauthorized access
But BYOD Carries Real Risks for Healthcare Firms
World Leader in Digital Faxing
World Leader in Digital Faxing
40%of all HIPAA violations involve lost or stolen mobile devices.
Source:
World Leader in Digital Faxing
World Leader in Digital Faxing
Source:
88%of health firms let staff use personal devices to connect to the enterprise network — but fewer than half of these firms are confident that their staff’s devices are secure.
World Leader in Digital Faxing
World Leader in Digital Faxing
Healthcare providers are increasingly relying on medical apps in their practices.
World Leader in Digital Faxing
HIPAA Concerns in a BYOD Environment
Source: HealthIToutcomes
World Leader in Digital Faxing
What if your staff’s devices don’t have built-in security or anti-malware protection?
What if your staff uses their devices to access ePHI without encryption on a public network?
What if they lose a device containing ePHI?
What happens to a device’s data if an employee leaves or is terminated?
An employee uses access through apps to improperly World Leader in Digital Faxing
BYOD Poses Real Security and HIPAA IssuesWith ePHI and BYOD Access via Apps
World Leader in Digital FaxingWorld Leader in Digital Faxing
HIPAA PRIVACY RULE:Requires covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of
protected health information (PHI), in any form.
HIPAA SECURITY RULE:The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards
for protecting e-PHI.
No specific guidance on BYOD, but the onus is on the covered entity to anticipate and protect impermissible,
unauthorized use of ePHI…
World Leader in Digital Faxing
But Are These BYOD AppsHIPAA Compliant?
Source: www.hhs.gov
World Leader in Digital FaxingWorld Leader in Digital Faxing
What Rules Apply to BYOD and Apps?Data Encryption Protocols
TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION:
45 CFR Section 164.312(a)(2)(iv):
Which one?
“A covered entity or business associate must… Implement a mechanism to encrypt and decrypt
electronic protected health information.”
World Leader in Digital Faxing
TECHNICAL SAFEGUARD RULES FOR DATA ENCRYPTION:
45 CFR Section 164.312(a)(2)(iv):
“A covered entity or business associate must… Implement security measures to ensure that electronically transmitted electronic protected health
information is not improperly modified without detection until disposed of.”
What measures?
Another Critical Question:Are Your Data Encryption Protocols
Compliant?
World Leader in Digital Faxing
Bottom LineRules of HIPAA that can help protect ePHI
accessed on apps via BYOD devices
• Access Control – CFR 164.308(a)(4) (Information Access Mgmt)
• Transmission Security – 45 CFR 164.312(e)(2)(i)
• Data Encryption – 45 CFR 164.312(a)(2)(iv)
• Audit Control – 45 CFR 164.312(b)
World Leader in Digital Faxing
5 Common Misconceptions About BYOD and HIPAA Compliance
We use leading medical apps to check ePHI on our smart phones, and those apps are probably HIPAA compliant.1.If an employee leaves a mobile device at a coffee house or restaurant, the covered entity is not liable. 2.We ask our staff to password-protect the mobile devices they use for work purposes. We’re HIPAA compliant.3.Our corporate policy is to make every effort to protect patient information— even on mobile devices — and that puts in compliance with HIPAA.
4.We’re compliant for sure, because the vendor that handles our data storage signed a BAA.5.
World Leader in Digital FaxingWorld Leader in Digital Faxing
10 BYOD Best-Practices for Protecting ePHI
Create clear, concise and comprehensive policies regarding ePHI — and disseminate companywide.1.Create a list of allowed devices (and/or operating systems) your enterprise will allow staff to use for work and to access ePHI.
2.Make sure your ePHI data is secure “at rest” as well as in-transit.3.Install and regularly update virus-protection, anti-malware software on all of your staffs’ mobile devices that access or store ePHI.
4.Train all healthcare providers and other staff in the secure and compliant use of ePHI on any device in any location.5.
Source:
World Leader in Digital FaxingWorld Leader in Digital Faxing
10 BYOD Best-Practices for Protecting ePHI
Employ the highest levels of encryption possible for all ePHI transmitted, shared or stored anywhere.6.Demand staff implement password protection for all mobile devices that access ePHI.7.Deploy next-gen security technologies such as IDS/IPS, virtualization and application firewalls.8.Implement biometrics, such as fingerprint readers, on portable devices that access ePHI.9.Implement Mobile Device Management — including tracking and remote wiping of any device lost or stolen.
10.
Source:
World Leader in Digital FaxingWorld Leader in Digital Faxing
Mobile Device Management: The Basics
MDM is a process allowing IT to manage and protect mobile devices— both company owned and personal — used across the
enterprise.
World Leader in Digital FaxingWorld Leader in Digital Faxing
Mobile Device Management: Six Best Practices to Enhance Your Mobile Device (BYOD)
Usage and Enhance HIPAA Compliance
Create a dynamic inventory of mobile devices.1.Distribute and enforce password and encryption policies.2.Adopt a tracking/deactivation/remote swipe system.3.Implement a DLP program.4.Maintain separation of personal & professional data on BYODs.5.Balance employee productivity with IT Control.6.
World Leader in Digital Faxing
HIPAA-compliant BYOD (Mobile Device) Faxing Use Cases
Brad SpannbauerDirector, Product DevelopmenteFax Corporate®, Part of j2 Cloud Services
World Leader in Digital Faxing
61%of healthcare firms cite fax as one of two top approaches to exchanging critical information.
World Leader in Digital Faxing
Healthcare Survey
Faxing: Still a Major Communication Protocol in Healthcare
World Leader in Digital Faxing
42%believe online fax is the most effective communication technology for HIPAA compliance.
World Leader in Digital Faxing
Healthcare Survey
Faxing: Still a Major Communication Protocol in Healthcare
World Leader in Digital Faxing
37%cite fax technology as the most undervalued when it comes to security and business needs.
World Leader in Digital Faxing
Healthcare Survey
Faxing: Still a Major Communication Protocol in Healthcare
World Leader in Digital Faxing
HIPAA-Compliant Mobile Faxingwith eFax Corporate® and eFax Secure™
Physician faxing image from mobile device to insurance company(Yep — HIPAA Compliant!)
Insurance company faxing approval for surgery(HIPAA Compliant)
Med staff faxing authorization to pharmacy(HIPAA Compliant)
World Leader in Digital Faxing
How eFax Corporate Measures Up As Your HIPAA-Compliant Online Fax Solution
Business Associate Agreement
SecurityProtocols
Compliance & Auditability
Redundancy& DR
Business Associate Agreements
Reporting for Compliance and Audit
Redundant Data Centers with DR
Strong Encryption – at-rest and in-motion
World Leader in Digital Faxing
Internet
Unparalleled Cloud Fax Infrastructure
30+ Worldwide Colocations
PSTN – SIP Trunk on Redundant Internet Fiber Circuits
TLS OutboundSecure TLS InboundBuilt on N+1 Network,
Systems and HardwareBusiness ContinuityDisaster Recovery 24/7/365 Monitoring24/7/365 Tech Support
Southeast
Southwest
Southwest
Canada
Northwest
Europe
World Leader in Digital Faxing
eFax Corporate:a Leader in Cloud Services
eFax Corporate is Part of Publicly-Traded j2 Global (Nasdaq; JCOM)
Market Capitalization: $3.2 Billion
More than 12 million customers worldwide
Growing in revenue for over 17 consecutive years
Unique Intellectual Property (IP) of 40+ cloud-service companies
Deepest online-fax Intellectual Property portfolio
Numerous US and foreign patents
Patents pending across a host of cloud-based communication technologies
World Leader in Digital Faxing