what keeps you up at night
play

What Keeps You Up at Night? Issues of Fraud and Abuse Compliance - PowerPoint PPT Presentation

Dec 23, 2023 •160 likes •562 views

What Keeps You Up at Night? Issues of Fraud and Abuse Compliance Series My Datas Been Stolen: Now What? Part II November 21, 2013 39 Offices in 19 Countries Todays Hosts Thomas E. Zeno Of Counsel, Squire Sanders T +1 513 361 1202

  1. What Keeps You Up at Night? Issues of Fraud and Abuse Compliance Series My Data’s Been Stolen: Now What? Part II November 21, 2013 39 Offices in 19 Countries

  2. Today’s Hosts Thomas E. Zeno Of Counsel, Squire Sanders T +1 513 361 1202 thomas.zeno@squiresanders.com Emily E. Root Senior Associate, Squire Sanders T +1 614 365 2803 emily.root@squiresanders.com 2

  3. Review of Part I – September 19 • How to know a breach has occurred • Insider and outsider threats • Should you notify law enforcement? • What does HIPAA require about Business Associates? PowerPoint link: http://www.squiresanders.com/files/Event/14e2e0c3-5769- 48e6-b68d- f87ef7d1ccff/Presentation/EventAttachment/2d7a653a-eb4a- 4f27-bffd-0147fcdbecc4/My-Data's-Been-Stolen-Now-What- Part-I.pdf Recording link: https://cc.readytalk.com/cc/playback/Playback.do?id=9466ij 3

  4. Today’s Speakers Scott A. Edelstein Partner, Squire Sanders T +1 202 626 6602 scott.edelstein@squiresanders.com Thomas J. Hibarger Managing Director, Stroz Friedberg T +1 202 464 5803 thibarger@strozfriedberg.com 4

  5. Today’s Agenda • What more does HIPAA require? • Data breach remediation • Tips to prevent a breach • Pre-planning for a breach 5

  6. HIPAA has Teeth • HHS Office for Civil Rights (OCR) • U.S. Department of Justice (DOJ) • State Attorneys General • Expanded role of FTC 6

  7. HIPAA Penalties and Enforcement • Civil Penalties  $100 per violation up to a maximum of $1.5 million per year • Criminal Penalties  Up to $50,000; one year jail for wrongful disclosure  Up to $250,000; ten years jail if intent to sell, transfer or use PHI for commercial advantage • Applies to both Covered Entities and Business Associates 7

  8. State Patient Privacy Lawsuits • No HIPAA private right of action  Patients still can sue under state common law principles – e.g., invasion of privacy • HIPAA as standard of reasonableness? 8

  9. State Data Breach Notification Laws 9

  10. Other HIPAA Obligations • Duty to mitigate • Accounting of disclosures • Review administrative, technical and physical safeguards 10

  11. Federal Data Breach Notification – General Rule After discovering a breach of unsecured PHI , a Covered Entity must notify each individual whose information was, or reasonably is believed to have been, accessed, acquired, used, disclosed as a result 11

  12. Federal Data Breach Notification - Definitions • “Unsecured PHI”  Not rendered unusable, unreadable or indecipherable – Encryption or destruction encouraged but not required • “Breach”  Unauthorized acquisition, access, use or disclosure of PHI – Compromises the security or privacy of PHI . – Elimination of subjective standard (“significant risk of financial, reputational, or other harm”) – New objective standard creates presumption of breach unless CE/BA demonstrate low probability that PHI has been compromised.  Exceptions – Certain unintentional or inadvertent disclosures – Good faith belief recipient reasonably would not retain data 12

  13. Federal Breach Notification – Risk Assessment to Determine Low Probability • Nature and extent of PHI involved (e.g., types of identifiers and likelihood of re-identification) • The unauthorized person who used PHI or to whom PHI was disclosed • Whether PHI was actually acquired or viewed • Extent to which the risk to PHI has been mitigated 13

  14. Federal Data Breach Notification – Notification Obligations • Notification required within 60 days of discovery  Enforcement rule requires correction in 30 days  BA failing to notify CE can be penalized directly  State law may have shorter notice periods (e.g., Calif.) • Notification:  Briefly describe what happened and when  Describe types of unsecured PHI involved  Describe how individuals can protect themselves  Briefly describe investigation, mitigation and protection  Provide contact information 14

  15. Federal Data Breach Notification – Form of Notice • Plain language • Written  Via mail (or electronic if individual agrees)  If deceased, next of kin or personal representative  Also telephone or other means if urgent • Substitute notice if contact info insufficient  < 10, alternative written, telephone or other means  > 10, either 90-day website posting or media notice PLUS 90-day toll-free number 15

  16. Federal Data Breach Notification – Additional Required Notice • Media Notification  > 500 residents of State, notify prominent media outlets  Within 60 days of breach discovery  Same content as notice to individuals • HHS Notification  > 500, notify HHS at same time as individuals  < 500, maintain a breach log and notify HHS with 60 days after the end of calendar year – Hospice of North Idaho settlement Dec. 2012 16

  17. Lessons Learned • Encryption will prevent a lot of headaches • OCR will have access to everything • State AGs may become involved • Media attention • Enterprise embarrassment • Consider cyber insurance • May prompt litigation  Between covered entities and business associates – Who will pay costs associated with notification? – Security incident versus breach – Enforcement of agreements with offshore BAs  By affected individuals 17

  18. Key Steps • Organize your network data • Update Policies and Procedures • Develop a Response Plan • Perform a Risk Assessment 18

  19. Organize Your Network Data • Map your critical assets • Record backup schedules and inventories • Update user lists • Centralize logging functions 19

  20. Update Policies and Procedures • Conform them to HIPAA Security and Privacy Audit Protocols • Account for New Technology  Text Messaging  Social Media  BYOD  Cloud Computing 20

  21. BYOD – Bring Your Own Device http://blogs.wsj.com/riskandcompliance/2013/09/26/hospitals-allowing-byod-face-complications-with-new-hipaa-rule/ • Consider the risk implications of BYOD vs. convenience • Where is the perimeter of your network and who controls it? • ePHI transmitted via emails, texts, attached documents • ePHI must be secured in transit and at rest - container • iOS vs. Android 21

  22. Develop a Response Plan • Management endorsement • Contact lists • Legal analysis and timeline • Categories of adverse events • Facilities and equipment list • Outreach plan • An effective team 22

  23. The Cloud • OCR Guidance that Cloud providers are Business Associates 23

  24. Develop a Response Plan – Effective Team 24

  25. Communication Other Key Constituents •  Team Members − Outside & in-house counsel − Compliance, HR, IT − Business managers, public affairs − Experts  Board/CEO, Executives  Employees  Shareholders  Unaffected Patients, Providers, or Customers 25

  26. Perform a Risk Assessment • The HIPAA Security Rule requires it • HHS auditors report it as one of the most common compliance failures 26

  27. Preservation • Unhook infected machines  Do NOT poke around  Insert clean and patched machines • Call experts to image infected machines • Save off log files • Pull needed backup(s) out of rotation • Save keycard data and surveillance tapes • Start real-time packet capture • Force password changes 27

  28. Breach Timeline 28

  29. Mitigating Your Risks Simple steps to reduce risk of compromising your data and systems Encrypt data – in motion and at rest • Install software security patches • Train employees to avoid security threats • Robust passwords; changed; no default passwords • Use multi-factor authentication for remote access •  Employees from outside the office  Sensitive on-line accounts such as financial and cloud storage of patient data Terminate dormant user accounts • Use up-to-date virus scanning software • Periodically audit compliance with data security • 29 rules

  30. Mitigating Your Risks Simple steps to reduce the damage if/when a compromise occurs • Don’t store data you don’t need • Know where your data is • Use internal network walls to protect sensitive data • Train employees to spot and report anomalies • Monitor logs in your system to detect anomalies 30

  31. Mitigating Your Risks Steps for reducing insider cybercrime and data breach risk • Create written employee conduct policies  Include social media use policies • Restrict internet sites able to exfiltrate sensitive data • Create tiered access to sensitive information  Not everyone needs access to everything • Check background of employees with access to sensitive information • Restrict use of external storage devices 31

  32. Mitigating Your Risks Steps for reducing insider cybercrime and data breach risk (con’t) • Implement employee exit procedures  Acknowledgement of post-employment obligations  Termination of account access • Dual controls for access to certain sensitive data 32

  33. Mitigating Your Risks Reducing the risk of employee negligence • Good risk management of malicious conduct • Encryption • Don’t store data unnecessarily • Encryption • Data security policies and audits • Encryption • Employee training • Audit compliance with data security rules 33

Recommend

Analog night vision devices April, 2020 ANALOG NIGHT VISION DEVICES Night vision devices

Analog night vision devices April, 2020 ANALOG NIGHT VISION DEVICES Night vision devices

Analog night vision devices April, 2020 ANALOG NIGHT VISION DEVICES Night vision devices amplify the rest light in the night so the user gets a brighter image for observing Night vision devices operate in the visible and also

378 views • 11 slides
THE EARTH CYCLES By: Chrissy What Causes Day and Night The sun causes day and night as the

THE EARTH CYCLES By: Chrissy What Causes Day and Night The sun causes day and night as the

THE EARTH CYCLES By: Chrissy What Causes Day and Night The sun causes day and night as the earth rotates around the sun. The sun 's rays hit different parts of the earth causing day and night. WHAT IS THE SUN The sun is a burning ball

422 views • 12 slides
TH THE E SU SUN N AND TH AND THE E EAR EARTH TH All Ab About out Day y and Night ght

TH THE E SU SUN N AND TH AND THE E EAR EARTH TH All Ab About out Day y and Night ght

TH THE E SU SUN N AND TH AND THE E EAR EARTH TH All Ab About out Day y and Night ght Ex Explaining laining Day an y and d Nigh ght Ancient cultures explained day and night The Egyptian sun god, Ra, traveled across the sky

207 views • 9 slides
Systems GENERAL FEATURES When the first night vision devices were developed, the military

Systems GENERAL FEATURES When the first night vision devices were developed, the military

Night Vision Clip-on May, 2020 Systems GENERAL FEATURES When the first night vision devices were developed, the military quickly needed a rifle-mounted version Night vision rifle scopes could be used only during the night For daytime

353 views • 10 slides
Night vision April, 2020 binoculars NIGHT VISION BINOCULARS Very popular among hunters

Night vision April, 2020 binoculars NIGHT VISION BINOCULARS Very popular among hunters

Night vision April, 2020 binoculars NIGHT VISION BINOCULARS Very popular among hunters Offer a magnified picture for night-time observations Available in different magnification Available as analog NV binoculars or digital NV

250 views • 8 slides
Surviving the First Night Surviving the First Night Surviving the First Night Surviving

Surviving the First Night Surviving the First Night Surviving the First Night Surviving

Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Surviving the First Night Duane Anderson,

631 views • 40 slides
PRESENTATION NIGHT POLICY As part of the Annual Presentation Night, a Committee will operate each

PRESENTATION NIGHT POLICY As part of the Annual Presentation Night, a Committee will operate each

PRESENTATION NIGHT POLICY As part of the Annual Presentation Night, a Committee will operate each year. It will consist of the Deputy Principal, Heads of Department, Sport Coordinator and Administration. The Committee and will be responsible

661 views • 11 slides
International Baccalaureate Programme Information Night IB Night Agenda What is IB? Why

International Baccalaureate Programme Information Night IB Night Agenda What is IB? Why

International Baccalaureate Programme Information Night IB Night Agenda What is IB? Why choose IB? What does the RICS IB experience look like? Is IB the right fit? What is the next step? The IB Mission The International

531 views • 24 slides
1 2 These are some of our reasons for hosting a game night. You may have other reasons that are

1 2 These are some of our reasons for hosting a game night. You may have other reasons that are

1 2 These are some of our reasons for hosting a game night. You may have other reasons that are just as valid. 3 Shared responsibility goes both ways- the library and Student Activities both benefit. Timing is important. Try and pick a night

1.3k views • 95 slides
Day and Night One of the most fundamental astronomical cycles. But what does it mean in

Day and Night One of the most fundamental astronomical cycles. But what does it mean in

Day and Night One of the most fundamental astronomical cycles. But what does it mean in astrology? Concept of sect recently recovered from ancient astrology. Posits a distinction between day and night charts. Interpretation of

923 views • 66 slides
August 19-25, 2016 New Orleans, LA Briefing Agenda Day by Day Overview Golf Tournament Event

August 19-25, 2016 New Orleans, LA Briefing Agenda Day by Day Overview Golf Tournament Event

August 19-25, 2016 New Orleans, LA Briefing Agenda Day by Day Overview Golf Tournament Event Maps Hotel Info / Transporta&lt;on from Airport Jackson Barracks Parking Events: Welcome Night / Open Night / Jr Enlisted Night / All Area Night /

485 views • 23 slides
Curriculum Night 2nd grade 2nd grade Communication Please check take home folder every night

Curriculum Night 2nd grade 2nd grade Communication Please check take home folder every night

Curriculum Night 2nd grade 2nd grade Communication Please check take home folder every night Send in note if dismissal plans are going to change Check in at the office and get visitors badge when entering the school Send lunch money in

233 views • 11 slides
WELCOME TO THE 2012-2013 PRESENTATION NIGHT WELCOME TO THE 2012-2013 PRESENTATION NIGHT

WELCOME TO THE 2012-2013 PRESENTATION NIGHT WELCOME TO THE 2012-2013 PRESENTATION NIGHT

WELCOME TO THE 2012-2013 PRESENTATION NIGHT WELCOME TO THE 2012-2013 PRESENTATION NIGHT THANK YOU TO OUR SPONSORS PRESIDENTS WELCOME CHRIS CLOHESY WELCOME TO THE 2012-2013 PRESENTATION NIGHT STATE CHAMPIONSHIP AWARDS State

681 views • 44 slides
Welcome! Lewiston High School Senior Information Night October 1, 2018 Senior Information Night

Welcome! Lewiston High School Senior Information Night October 1, 2018 Senior Information Night

Welcome! Lewiston High School Senior Information Night October 1, 2018 Senior Information Night Agenda Welcome Remarks Kevin Driskill, LHS Principal Senior Party Information Brenda Ross, Vice-Chairman, Parent Committee

771 views • 44 slides
Travilah Back to School Night Back to School Night Meeting Presentation Principals Welcome

Travilah Back to School Night Back to School Night Meeting Presentation Principals Welcome

Welcome Families! Travilah Back to School Night Back to School Night Meeting Presentation Principals Welcome Travilah Staff Highlights (Specialists &amp; non-classroom based) Message from the PTA President Our School Improvement Plan

674 views • 17 slides
A thousand and this night! Arabian Night 2014 8 th October 2014 Dear Readers, This year, on

A thousand and this night! Arabian Night 2014 8 th October 2014 Dear Readers, This year, on

A thousand and this night! Arabian Night 2014 8 th October 2014 Dear Readers, This year, on Wednesday 8 October 2014, we are organising a magical evening of Arabian Nights at Philippos Yiapanis Sculpture Park Small Salamina in

459 views • 13 slides
15th Sha'ban - Birth of Imam Al Mahdi (as) Aamal for Night of 15th Shaban It is advisable to stay

15th Sha'ban - Birth of Imam Al Mahdi (as) Aamal for Night of 15th Shaban It is advisable to stay

15th Sha'ban - Birth of Imam Al Mahdi (as) Aamal for Night of 15th Shaban It is advisable to stay awake during this full night in prayer as it has many rewards Ahadith has confirmed that as for one who spends this whole night with acts of

469 views • 19 slides
+ 1 Kindergarten Family Information Night February 2018 Kindergarten Family Information Night

+ 1 Kindergarten Family Information Night February 2018 Kindergarten Family Information Night

+ 1 Kindergarten Family Information Night February 2018 Kindergarten Family Information Night February 2019 + Agenda 2 Welcome David Fleishman, Superintendent of Schools Newton Elementary Schools and Registration Packet Eva

441 views • 25 slides
Welcome to Back to School Night! 6th Grade Back to School Night Sample Title Sample Subtitle

Welcome to Back to School Night! 6th Grade Back to School Night Sample Title Sample Subtitle

Welcome to Back to School Night! 6th Grade Back to School Night Sample Title Sample Subtitle Lynbrook Elementary School Welcome from the School Board Hear a message from FCPS School Board Lee District Representative Tamara Derenak Kaufax

645 views • 26 slides
OBT Formation in Night Experiments and OBT Formation in Night Experiments and OBT Formation in

OBT Formation in Night Experiments and OBT Formation in Night Experiments and OBT Formation in

OBT Formation in Night Experiments and OBT Formation in Night Experiments and OBT Formation in Night Experiments and Modeling Trials at CRL Modeling Trials at CRL Modeling Trials at CRL January 25-29, 2010 Sang Bog Kim, Ph.D. Research

688 views • 39 slides
Analog night vision April, 2020 scopes (Monoculars) NIGHT VISION MONOCULARS (SCOPES)

Analog night vision April, 2020 scopes (Monoculars) NIGHT VISION MONOCULARS (SCOPES)

Analog night vision April, 2020 scopes (Monoculars) NIGHT VISION MONOCULARS (SCOPES) Available as digital or analog devices Available in many magnifications 1x magnification scopes are designed for the military (helmet mounted use)

365 views • 9 slides
Digital night vision April, 2020 scopes (Monoculars) NIGHT VISION MONOCULARS (SCOPES)

Digital night vision April, 2020 scopes (Monoculars) NIGHT VISION MONOCULARS (SCOPES)

Digital night vision April, 2020 scopes (Monoculars) NIGHT VISION MONOCULARS (SCOPES) Available as digital or analog devices Available in many magnifications 1x magnification scopes are designed for the military (helmet mounted use)

217 views • 8 slides
Cork Club Night GAA Insurances &amp; Players Injury Schemes Autumn 2009 CORK CLUB NIGHT 2009

Cork Club Night GAA Insurances &amp; Players Injury Schemes Autumn 2009 CORK CLUB NIGHT 2009

Cork Club Night GAA Insurances &amp; Players Injury Schemes Autumn 2009 CORK CLUB NIGHT 2009 CONTENTS LIABILITY UPDATE INC NEW BLOCK HIRERS POLICY 1. PLAYERS INJURY SCHEME REVIEW 2. PROPERTY INSURANCE AND BACKGROUND TO RENEWAL 3.

219 views • 17 slides
Welcome to Middleborough High Schools Program of Studies Night and Scheduling Information

Welcome to Middleborough High Schools Program of Studies Night and Scheduling Information

Welcome to Middleborough High Schools Program of Studies Night and Scheduling Information Night Please take a 4 year graduation plan handout and please take a seat in the front of the auditorium We will be starting our presentation shortly

421 views • 28 slides

More recommend