Call Us (877) 740-5028
Call Us (877) 740-5028
On Friday, May 9th, a group of healthcare compliance professionals will meet in the Columbus Airport Marriott to discuss a myriad of Health IT issues for the 2014 Healthcare Compliance Association’s Upper North Central Regional Conference. The HCCA group is member-based, includes compliance and risk managers, healthcare CEOs, consultants and attorneys. They cover a wide range of healthcare institutions, from hospitals to home health, group practices to academic institutions. Here’s a little bit of what of what you’ll see at the HCCA event in Columbus this Friday: Addressing Insider Threats Rob Rhodes CPHIMS, CHCIO, HCISPP- Senior Director, Patient Privacy Solutions, Iatric Systems, inc. Explore technology that can correlate and automatically monitor PHI access information across your enterprise Learn how to set up risk assessment guidelines, identify gaps, and create an effective feedback loop Consider how exception and medical identity theft reporting can reduce insider threats Healthcare Enforcement from the Defence Perspective Anthony R. Petruzzi – Council, Tucker Ellis LLP Do’s and Don’ts: How to respond when the government knocks. Are you my lawyer? The Upjohn Warning, and other attorney-client issues. Lessons Learned: Practical tips to minimize and mitigate enforcement risk. HIPAA Hot Topics Alen Killworth – Partner, Bricker and Eckler…
Those of us working in the security and compliance world are very aware of the data privacy rules and enforcement in different regulated industries: Health and Human Services (HHS) and its Office of Civil Rights (OCR) have broad authority over protected health information (PHI) through HIPAA and HITECH acts with significant fines for breaches of PHIO data by the holders of that data. Sarbanes-Oxley (SOX) put teeth into protecting and securing financial data for publicly traded companies and a broad array of companies in the financial industry. Visa and MasterCard have driven businesses that touch payment cardholder data (CHD) to secure ecommerce transactions data through Payment Card Industry – Data Security Standards (PCI-DSS) with significant fines and penalties built into their contracts for data breaches. In addition to these familiar players, a new ranger has shown up to the scene and established a stake in investigating and holding companies accountable for protecting data. Until the recent ruling by the U.S. District Court of New Jersey, many of us in the data security and compliance world haven’t given much thought to the Federal Trade Commission (FTC) and its authority over both regulated and non-regulated industries when it comes to cybersecurity and…
Online Tech is excited to congratulate the winners of the 2014 a DiSciTech award from Corp! magazine. These Michigan companies are “leading the way in digital, science and technology” fields. The 29 companies listed in the technology category alone demonstrates the increasing volume of companies for Corp! to choose from. So as we celebrate our fourth DiSciTech award in five years, we also offer congratulations and wishes of continued growth to our fellow technology award winners: Attendance on Demand (Livonia), Avegant (Ann Arbor), Breeze Design Studio (Birmingham), Brightline Technologies (Waterford), Bullseye Telecom (Southfield), C-Net Systems Inc. (Shelby Township), Davenport University College of Technology (Grand Rapids), Digerati (Detroit), Fremont Community Designer (Freemont), Global Telecom Solutions (Detroit), IDV Solutions (Lansing), ImageSoft (Southfield), InfoReady Corp. (Ann Arbor), iRule LLC (Detroit), Jem Tech Group (Clinton Township), KI Technology Group (East Lansing), Livio (Ferndale), NITS Solutions (Farmington Hills), Oakland County (Pontiac), Oakland Schools Technical Campuses (Waterford), Rapid Global Business Solutions, Inc. (Madison Heights), Scientel Information Technology Inc. (Bingham Farms), Square One Education Network (Waterford), Sustainable Environmental Technologies (Mt. Morris), Synectics Media Inc. (Royal Oak), Trubiquity (Troy), Urban Science (Detroit) and Wayne State University College of Engineering (Detroit). Equally, we’re excited to be part of the…
On May 5-6, a large group of IT security experts will convene for the 2014 Central Ohio InfoSec Summit put on jointly by the Central Ohio ISSA, Central Ohio Infragard, and Central Ohio ISACA. Due to the diversity of attendees, there will be five tracks at the event: OWASP – Web Applications, Mobile Applications Governance, Risk and Compliance InfoSec Management Technical Track 1 Technical Track 2 With 5 tracks, an attendee has their pick from over 40 different sessions. Here’s just a sampling of what you can expect next week at the show: Learning From the Data of Others: Verizon Breach Report Jay Jacobs, Senior Data Analyst and co-author of Verizon’s Breach report, Verizon Tuesday, May 6, 8:30-9:30am (Keynote) Over the last few months, we have collected and analyzed over 63,000 security incidents from 50 organizations around the world. Hidden within those incidents are practical lessons we can apply back to our own environments. Join the lead data analyst on the 2014 Data Breach Investigations Report from Verizon and explore what higher education can learn from the data loss of others. Top Legal Issues we see in Cloud Service Agreements Dino Tsibouris, Founding Principal, Tsibouris & Associates, LLC. Tuesday, May…
This Thursday, April 24th, Online Tech’s Director of Product Management Jason Yaeger will be speaking at the Detroit Data Connectors security conference. The Detroit Data Connectors conference is a one day event focused on various security concerns plaguing businesses around the world. Ranging from email and wireless security to VoIP, USB drive security to LAN security, this conference touches on many hot button IT security topics. Jason’s presentation, running from 4:30-5:15pm will be on the various concerns when working to secure data in the cloud when coupled with the many regulations companies must adhere to within their verticals. Virtual machines now account for more application architecture than physical hosts. By 2017, $108 Billion dollars will be spent on public IT clouds worldwide, IDC forecasts. Cloud computing has become an important and innovative part of many company’s high-availability architecture, but without the proper safeguards in place, it can be a security nightmare. During his session, Jason will walk step-by-step through a holistic, “baked-in” approach to cloud security that can help minimize threats to a cloud environment, emphasizing the particular needs of compliance verticals like healthcare and retail. A session about more than specific cloud security technical tools, he also delves into…
HIPAA. PCI. SOX. All very familiar, but rather industry-specific, acronyms in the world of regulating data security. A recent court decision confirmed the authority of another powerful player – the FTC – to be the omnibus data security enforcer of the federal government. In the next installment of Online Tech’s free ‘Tuesdays at 2’ educational webinar series, guest host Tatiana Melnik will explain the Federal Trade Commission v. Wyndham Worldwide Corporation court case, discuss the FTC’s broad discretion to take legal action against companies, the technology controls the FTC expects organizations to have in place, and the important role privacy policies play in gauging data compliance. The webinar – titled Is the FTC Coming After Your Company Next? Court Confirms that the FTC Has Authority to Punish Companies for Poor Cyber Security Practices – will be held from 2 to 3 p.m. ET on Tuesday, April 29. (Register here.) After Wyndham suffered three separate data breaches at the hands of hackers, the FTC filed suit that one of the world’s largest hospitality company’s website deceptively stated it reasonably protected consumers’ privacy. Wyndham filed to dismiss the case, citing – among other points – that the FTC lacks authority to regulate…
The Federal Trade Commission has taken new assertive action to protect consumer data privacy interests, this time relating to breaches of payment card information, and other consumer personal information by Wyndham Worldwide, a company which owns and manages hotels. Just recently, the FTC settled charges against Accretive Health relating to inadequate data security protections that resulted in the theft of patient records. This settlement is on top of the charges filed by the Minnesota State Attorney General against the Business Associate that resulted in the company being banned from doing business in Minnesota for six years, reminding businesses that data breaches may incur actions from a variety of state and federal authorities. Most recently, a United States District Court in New Jersey upheld the FTC’s authority to penalize Wyndham Hotel and Resorts for “failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information.” In this case, failure to implement reasonable data safeguards resulted in multiple data breaches of consumer payment card information as well as personal information including address, social security numbers, and other identifying data. Wyndham’s “failure to implement reasonable and appropriate security measures exposed consumers’ personal information to unauthorized access, collection, and use.” Results of…
More and more healthcare organizations are allowing employees to connect their own mobile devices to their network, but more than half are not confident those devices are secure. According to the Ponemon Institute’s fourth annual Benchmark Study on Patient Privacy and Data Security, Bring Your Own Device (BYOD) programs usage continues to rise despite concerns about employee negligence and the use of insecure mobile devices. According to the study: “…88 percent of organizations permit employees and medical staff to use their own mobile devices such as smart phones or tablets to connect to their organization’s networks or enterprise systems such as email. Similar to last year, more than half of organizations are not confident that the personally-owned mobile devices or BYOD are secure.” With that, it seemed like a good time to revisit a summary of a BYOD-centered webinar hosted by Online Tech last November. Co-presented from technical and legal perspectives, Online Tech’s Steve Aiello discussed the best technical practices for implementing an effective BYOD strategy and attorney Tatiana Melnik provided an overview of the legal and regulatory framework of the process. (View a video replay and the presentation slides.) The gist: If you’re going to allow employees to use…
Online Tech was named to CIOReview magazine’s list of the 20 Most Promising Enterprise Security Companies released in its April issue. The magazine reports the purpose of compiling the list is “to help CIOs navigate and find the right enterprise security solution providers” by presenting 20 companies that “have achieved significant momentum and will rise above the rest.” The 20 business were picked by a panel of CIOs, CEOs, analysts and the CIOReview editorial board. From the magazine’s profile of Online Tech: “Our legacy of audits and compliance is part of Online Tech’s culture, not a checkbox. Some companies cringe at the sight of auditors. We view it as a win-win partnership, and we benefit from getting an experienced set of independent eyes on our organization. We’ve worked hand-in-hand to establish a ‘super-audit’across the entire company that meets SOX, PCI, HIPAA, and Safe Harbor standards,” says Mike Klein, Co-CEO, Online Tech. The company protects its clients’ data and interests with comprehensive technical, physical, and administrative safeguards to ensure the secure handling of mission critical data and applications. A complement of enterprise backup and recovery services round out the protection of their clients’ critical IT infrastructure and systems. See the entire…
When the Ponemon Institute’s fourth annual Benchmark Study on Patient Privacy & Data Security was released earlier this month, it stated that use of cloud services is the second-highest security risk concern for healthcare organizations. Employee negligence was the runaway winner in that category, mentioned by 75 percent of leaders interviewed for the study. Cloud services (41 percent) was bunched in a tight race for second-place with mobile device insecurity (40 percent) and cyber attackers (39 percent). According to the report: “… healthcare organizations view the use of public cloud services as a serious threat. In fact, only one-third are very confident or confident that information in a public cloud environment is secure. Despite the risk, 40 percent of organizations say they use the cloud heavily, an increase from 32 percent last year. The applications or services most used are backup and storage, file-sharing applications, business applications and document sharing and collaboration.” Online Tech, of course, has built its reputation on protecting data and mission critical applications to ensure they are always available, secure, and comply with government and industry regulations. We have independent HIPAA, PCI, SOC 2 and Safe Harbor audits to back those claims. When you spend $1…