SlideShare a Scribd company logo

Maintaining HIPAA Compliance with Cloud Based Solutions

Compliancy Group, profile picture
Compliancy Group

The document discusses the importance of HIPAA compliance in cloud file sharing and mobile device usage, noting significant risks such as lost or stolen devices. It highlights the healthcare use cases for cloud services, emphasizing the necessity for encryption and access control to protect patient information. The solution proposed includes using Sookasa with Dropbox to ensure HIPAA compliance through device encryption and accidental sharing prevention.

Health & Medicine
1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Industry  leading  Education   Certified  Partner  Program     •  Please  ask  questions   •  For  todays  Slides   http://compliancy-­‐group.com/slides023/   •  Todays  &  Past  webinars  go  to:   http://compliancy-­‐group.com/webinar/     855.85HIPAA   www.compliancygroup.com  
Maintaining  HIPAA  Compliance:   Cloud  File  Sharing  and  Mobile  Devices   Asaf  Cidon   CEO,  Sookasa  
Cloud  File  Sharing  is  Booming   Dropbox   200M  Users   Google  Drive   120M  Users   Box   20M  Users  
Healthcare  Use  Case:   Sync  and  Backup   •  Sync  and  backup   –  TranscripLons   –  PaLent  charts   –  Medical  bills   •  Low  cost  alternaLve   –  $100-­‐200  per  seat  
Healthcare  Use  Case:   Mobile  Access   •  Mobile  access   –  Access  paLent  charts  on-­‐the-­‐go   –  Work  from  home   –  Home  care  
Healthcare  Use  Case:   External  Sharing   •  External  sharing   –  Share  medical  images   –  Send  medical  bills   –  Send  receipts  to  suppliers   •  Send  big  files   –  CT  Scans,  X-­‐Rays  
The  Dark  Side  of  the  Cloud   •  If  all  my  office  files  are   synchronized   everywhere…   •  The  loss  of  a  laptop  or   smartphone  causes  a   HIPAA  breach!  
HIPAA  Breaches  AffecLng  500+   Records  2006-­‐2013  [Source:  HHS]   4.92%   1.31%   Portable  Media   Network  Server   9.43%   46.01%   12.31%   12.96%   Computer   Laptop   EMR   Paper   13.04%   E-­‐mail  
HIPAA  Breaches  AffecLng  500+   Records  2006-­‐2013  [Source:  HHS]   4.92%   1.31%   Portable  Media   Network  Server   9.43%   46.01%   12.31%   12.96%   Computer   Laptop   EMR   Paper   13.04%   E-­‐mail   Most  breaches:  lost/stolen  devices  
The  Most  Common  HIPAA  Breaches   •  Lost  and  stolen  devices  and  portable  media   –  Over  1,000,000  devices  lost  every  week!   –  22%  of  employees  report  they  have  lost  a  phone   during  2012   •  Employees  inappropriately  accessing,  using,  or   transmidng  PHI  
Case  Study:  Stanford  Hospital   06/2013  Stolen  laptop:  13,000  paLents   01/2013  Stolen  laptop:  57,000  paLents   07/2012  Stolen  laptop:  2,500  paLents   09/2011  Accidental  online  sharing:  20,000  paLents   01/2010  Stolen  laptop:  500  paLents  
Top  HIPAA  File  Sharing  Risks   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI  
Top  HIPAA  File  Sharing  Risks   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?  
Top  HIPAA  File  Sharing  Risks   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?   Solved  by  BAA  
Top  HIPAA  File  Sharing  Risks   Not  Solved  by  BAA   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?   Solved  by  BAA  
Dropbox   Signed  BAA   On-­‐device  EncrypLon   Prevent  Accidental   Sharing   Access  Control  for  On-­‐ device  Data   End  User  Experience   and  Sync   Popularity   (Network  Effect)   Box   Google  Drive  
Ingredients  of  File  Sharing  HIPAA  Compliance   1.  File  encrypLon  on  the  device   2.  Control  access  to  files  with  white   list   –  People   –  Devices   3.  Audit  trail  and  emergency  access  
The  SoluLon   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?   Solved  
Sookasa:  Shameless  Plug   Dropbox   Signed  BAA   On-­‐device   EncrypLon   Prevent  Accidental   Sharing   Access  Control  for   On-­‐device  Data   End  User   Experience  and   Sync   Popularity   (Network  Effect)   Box   Google  Drive   Sookasa  +   Dropbox  
ü  HIPAA  Compliance   ü  HITECH  Attestation   ü  Risk  Assessment   ü  Omnibus  Rule  Ready   ü  Meaningful  Use  core  measure  15   Free  Demo  and  60  Day  Evaluation   www.compliancy-­‐group.com     HIPAA  Hotline       855.85HIPAA   855.854.4722  

More Related Content

PDF
The Basics: Reviewing & Producing ESI Evidence
Aaron Vick
 
PPTX
Webinar - Maximize Your Technology Donations Through TechSoup - 2017-03-28
TechSoup
 
PPTX
Umphrey hutcherson-ecu-cause2010-rev5
umphreym
 
PPT
TechSoup for Libraries: Sustaining Technology to Serve Your Patrons: Dec. 2010
TechSoup for Libraries
 
DOCX
LECTIO DIVINA DOMINICAL VI DE PASCUA ! QUIEN ME AMA GUARDARA MIS MANDAMIENTOS...
Gladysmorayma Creamer Berrios
 
PDF
Squash Those IoT Security Bugs with a Hardened System Profile
Steve Arnold
 
PPTX
HIPAA Compliance in the Cloud
DataWorks Summit/Hadoop Summit
 
PDF
Internet of Things & Hardware Industry Report 2016
SparkLabs Group
 
The Basics: Reviewing & Producing ESI Evidence
Aaron Vick
 
Webinar - Maximize Your Technology Donations Through TechSoup - 2017-03-28
TechSoup
 
Umphrey hutcherson-ecu-cause2010-rev5
umphreym
 
TechSoup for Libraries: Sustaining Technology to Serve Your Patrons: Dec. 2010
TechSoup for Libraries
 
LECTIO DIVINA DOMINICAL VI DE PASCUA ! QUIEN ME AMA GUARDARA MIS MANDAMIENTOS...
Gladysmorayma Creamer Berrios
 
Squash Those IoT Security Bugs with a Hardened System Profile
Steve Arnold
 
HIPAA Compliance in the Cloud
DataWorks Summit/Hadoop Summit
 
Internet of Things & Hardware Industry Report 2016
SparkLabs Group
 

Similar to Maintaining HIPAA Compliance with Cloud Based Solutions (20)

PPT
Disaster Planning What Organizations Need To Know To Protect Their Tech
TechSoup
 
KEY
LENDING IPADS TO MEDICAL STAFF: INTEGRATING IN INFORMATION WORKFLOW
Guus van den Brekel
 
PDF
materi_workshop_online_preservasi_arsip_seri_ke2_digital_preservation_1623134...
HajarHartono1
 
PPT
Remote Workers
Marieke Guy
 
PPT
3G HIT
Jack Shaffer
 
PPT
Behind the Cloud: Cloud Computing Programs Demystified
Sonnet Ireland
 
PDF
Delay Tolerant Disaster Communication with the One Laptop Per Child XO
Mirjam-Mona
 
KEY
Lending Ipads to Medical Staff; Tablets in the Workplace – Guus Van Den Brekel
Incisive_Events
 
PPT
Practical Approaches to Cloud Computing at YOUR Library
University of Missouri
 
PPTX
Webinar: Is the Cloud Right for You 2016-10-18
TechSoup
 
PPTX
UWA Research Week 2016
Katina Toufexis
 
PPTX
Ciso Platform Webcast: Shadow Data Exposed
Elastica Inc.
 
PDF
Briefing on US EPA Open Data Strategy using a Linked Data Approach
3 Round Stones
 
PPTX
The Future of Work
Argyle Executive Forum
 
PPTX
Information Management - Data Processing
Gisli Olafsson
 
PDF
II-SDV 2014 Standing on the Shoulders of Giants: New strategies to involve mo...
Dr. Haxel Consult
 
PPTX
Enabling Dropbox for Business
Elastica Inc.
 
PPTX
DSS ITSEC 2013 Conference 07.11.2013 - Accellion - The Secure File-Sharing P...
Andris Soroka
 
PPT
Embracing the IT Consumerization Imperative NG Security
Barry Caplin
 
PPTX
TheInternetDigitalSecurityfddreeere.pptx
HAYDEECAYDA
 
Disaster Planning What Organizations Need To Know To Protect Their Tech
TechSoup
 
LENDING IPADS TO MEDICAL STAFF: INTEGRATING IN INFORMATION WORKFLOW
Guus van den Brekel
 
materi_workshop_online_preservasi_arsip_seri_ke2_digital_preservation_1623134...
HajarHartono1
 
Remote Workers
Marieke Guy
 
3G HIT
Jack Shaffer
 
Behind the Cloud: Cloud Computing Programs Demystified
Sonnet Ireland
 
Delay Tolerant Disaster Communication with the One Laptop Per Child XO
Mirjam-Mona
 
Lending Ipads to Medical Staff; Tablets in the Workplace – Guus Van Den Brekel
Incisive_Events
 
Practical Approaches to Cloud Computing at YOUR Library
University of Missouri
 
Webinar: Is the Cloud Right for You 2016-10-18
TechSoup
 
UWA Research Week 2016
Katina Toufexis
 
Ciso Platform Webcast: Shadow Data Exposed
Elastica Inc.
 
Briefing on US EPA Open Data Strategy using a Linked Data Approach
3 Round Stones
 
The Future of Work
Argyle Executive Forum
 
Information Management - Data Processing
Gisli Olafsson
 
II-SDV 2014 Standing on the Shoulders of Giants: New strategies to involve mo...
Dr. Haxel Consult
 
Enabling Dropbox for Business
Elastica Inc.
 
DSS ITSEC 2013 Conference 07.11.2013 - Accellion - The Secure File-Sharing P...
Andris Soroka
 
Embracing the IT Consumerization Imperative NG Security
Barry Caplin
 
TheInternetDigitalSecurityfddreeere.pptx
HAYDEECAYDA
 
Ad

More from Compliancy Group (20)

PDF
HIPAA compliance for Business Associates- The value of compliance, how to acq...
Compliancy Group
 
PDF
HIPAA compliance tuneup 2016
Compliancy Group
 
PDF
How to safeguard ePHIi in the cloud
Compliancy Group
 
PDF
Business Associates: How to differentiate your organization using HIPAA compl...
Compliancy Group
 
PDF
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
PDF
HIPAA 101- What all Doctors NEED to know
Compliancy Group
 
PDF
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
Compliancy Group
 
PDF
How to prepare for OCR's upcoming phase 2 audits
Compliancy Group
 
PDF
Preparing for the unexpected in your medical practice
Compliancy Group
 
PDF
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
Compliancy Group
 
PDF
How to Survive a HIPAA Audit
Compliancy Group
 
PDF
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
Compliancy Group
 
PDF
Meaningful Use vs HIPAA
Compliancy Group
 
PDF
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
Compliancy Group
 
PDF
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Compliancy Group
 
PDF
The must have tools to address your HIPAA compliance challenge
Compliancy Group
 
PDF
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
Compliancy Group
 
PDF
What you need to know about Meaningful Use 2 & interoperability
Compliancy Group
 
PDF
Just the Facts- Meaningful Use Stage 2 & ICD 10
Compliancy Group
 
PDF
Is Your EHR Safe? New Technologies for Auditing
Compliancy Group
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
Compliancy Group
 
HIPAA compliance tuneup 2016
Compliancy Group
 
How to safeguard ePHIi in the cloud
Compliancy Group
 
Business Associates: How to differentiate your organization using HIPAA compl...
Compliancy Group
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
HIPAA 101- What all Doctors NEED to know
Compliancy Group
 
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...
Compliancy Group
 
How to prepare for OCR's upcoming phase 2 audits
Compliancy Group
 
Preparing for the unexpected in your medical practice
Compliancy Group
 
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...
Compliancy Group
 
How to Survive a HIPAA Audit
Compliancy Group
 
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...
Compliancy Group
 
Meaningful Use vs HIPAA
Compliancy Group
 
How to Increase Your Profits Using Patient Payments on File, Recurring and On...
Compliancy Group
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Compliancy Group
 
The must have tools to address your HIPAA compliance challenge
Compliancy Group
 
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINED
Compliancy Group
 
What you need to know about Meaningful Use 2 & interoperability
Compliancy Group
 
Just the Facts- Meaningful Use Stage 2 & ICD 10
Compliancy Group
 
Is Your EHR Safe? New Technologies for Auditing
Compliancy Group
 
Ad

Recently uploaded (20)

PDF
Medical Evidence in the Criminal Justice Delivery System in.pdf
academicstrivee
 
PPTX
Gastroschisis- Clinical Overview 18112311
Nathan Lupiya
 
PPTX
ca esophagus molecula biology detailaed molecular biology of tumors of esophagus
akashdeepsohisge
 
PPTX
Note on Abortion.pptx for the student note
MikeMalou
 
PDF
Deadly Stampede at Yaounde’s Olembe Stadium Forensic.pdf
academicstrivee
 
PPTX
1 General Principles of Radiotherapy.pptx
DrHabtamu1
 
PPTX
POLYCYSTIC OVARIAN SYNDROME.pptx by Dr( med) Charles Amoateng
AMOATENGCHARLESNANAA
 
PPTX
surgery guide for USMLE step 2-part 1.pptx
kaleb90
 
PPT
ASRH Presentation for students and teachers 2770633.ppt
alpha june
 
PPTX
post stroke aphasia rehabilitation physician
nabilahamran1010
 
PPTX
Imaging of parasitic D. Case Discussions.pptx
IbrahimAboAlasaad
 
PPTX
Important Obstetric Emergency that must be recognised
khusyairi0
 
PPTX
Pathophysiology And Clinical Features Of Peripheral Nervous System .pptx
neuroptnagarajssmaka
 
PPTX
15.MENINGITIS AND ENCEPHALITIS-elias.pptx
wesigeGerald
 
PDF
Human Health And Disease hggyutgghg .pdf
vaishnavikumarimugha
 
PPTX
ACID BASE management, base deficit correction
bhoomikagowda71
 
DOCX
NEET PG 2025 | Pharmacology Recall: 20 High-Yield Questions Simplified
Shivankan Kakkar
 
DOCX
RUHS II MBBS Microbiology Paper-II with Answer Key | 6th August 2025 (New Sch...
Shivankan Kakkar
 
PPTX
Neuropathic pain.ppt treatment managment
BaharBazooyar
 
PPTX
Fundamentals of human energy transfer .pptx
neuroptnagarajssmaka
 
Medical Evidence in the Criminal Justice Delivery System in.pdf
academicstrivee
 
Gastroschisis- Clinical Overview 18112311
Nathan Lupiya
 
ca esophagus molecula biology detailaed molecular biology of tumors of esophagus
akashdeepsohisge
 
Note on Abortion.pptx for the student note
MikeMalou
 
Deadly Stampede at Yaounde’s Olembe Stadium Forensic.pdf
academicstrivee
 
1 General Principles of Radiotherapy.pptx
DrHabtamu1
 
POLYCYSTIC OVARIAN SYNDROME.pptx by Dr( med) Charles Amoateng
AMOATENGCHARLESNANAA
 
surgery guide for USMLE step 2-part 1.pptx
kaleb90
 
ASRH Presentation for students and teachers 2770633.ppt
alpha june
 
post stroke aphasia rehabilitation physician
nabilahamran1010
 
Imaging of parasitic D. Case Discussions.pptx
IbrahimAboAlasaad
 
Important Obstetric Emergency that must be recognised
khusyairi0
 
Pathophysiology And Clinical Features Of Peripheral Nervous System .pptx
neuroptnagarajssmaka
 
15.MENINGITIS AND ENCEPHALITIS-elias.pptx
wesigeGerald
 
Human Health And Disease hggyutgghg .pdf
vaishnavikumarimugha
 
ACID BASE management, base deficit correction
bhoomikagowda71
 
NEET PG 2025 | Pharmacology Recall: 20 High-Yield Questions Simplified
Shivankan Kakkar
 
RUHS II MBBS Microbiology Paper-II with Answer Key | 6th August 2025 (New Sch...
Shivankan Kakkar
 
Neuropathic pain.ppt treatment managment
BaharBazooyar
 
Fundamentals of human energy transfer .pptx
neuroptnagarajssmaka
 

Maintaining HIPAA Compliance with Cloud Based Solutions

  • 1. Industry  leading  Education   Certified  Partner  Program     •  Please  ask  questions   •  For  todays  Slides   http://compliancy-­‐group.com/slides023/   •  Todays  &  Past  webinars  go  to:   http://compliancy-­‐group.com/webinar/     855.85HIPAA   www.compliancygroup.com  
  • 2. Maintaining  HIPAA  Compliance:   Cloud  File  Sharing  and  Mobile  Devices   Asaf  Cidon   CEO,  Sookasa  
  • 3. Cloud  File  Sharing  is  Booming   Dropbox   200M  Users   Google  Drive   120M  Users   Box   20M  Users  
  • 4. Healthcare  Use  Case:   Sync  and  Backup   •  Sync  and  backup   –  TranscripLons   –  PaLent  charts   –  Medical  bills   •  Low  cost  alternaLve   –  $100-­‐200  per  seat  
  • 5. Healthcare  Use  Case:   Mobile  Access   •  Mobile  access   –  Access  paLent  charts  on-­‐the-­‐go   –  Work  from  home   –  Home  care  
  • 6. Healthcare  Use  Case:   External  Sharing   •  External  sharing   –  Share  medical  images   –  Send  medical  bills   –  Send  receipts  to  suppliers   •  Send  big  files   –  CT  Scans,  X-­‐Rays  
  • 7. The  Dark  Side  of  the  Cloud   •  If  all  my  office  files  are   synchronized   everywhere…   •  The  loss  of  a  laptop  or   smartphone  causes  a   HIPAA  breach!  
  • 8. HIPAA  Breaches  AffecLng  500+   Records  2006-­‐2013  [Source:  HHS]   4.92%   1.31%   Portable  Media   Network  Server   9.43%   46.01%   12.31%   12.96%   Computer   Laptop   EMR   Paper   13.04%   E-­‐mail  
  • 9. HIPAA  Breaches  AffecLng  500+   Records  2006-­‐2013  [Source:  HHS]   4.92%   1.31%   Portable  Media   Network  Server   9.43%   46.01%   12.31%   12.96%   Computer   Laptop   EMR   Paper   13.04%   E-­‐mail   Most  breaches:  lost/stolen  devices  
  • 10. The  Most  Common  HIPAA  Breaches   •  Lost  and  stolen  devices  and  portable  media   –  Over  1,000,000  devices  lost  every  week!   –  22%  of  employees  report  they  have  lost  a  phone   during  2012   •  Employees  inappropriately  accessing,  using,  or   transmidng  PHI  
  • 11. Case  Study:  Stanford  Hospital   06/2013  Stolen  laptop:  13,000  paLents   01/2013  Stolen  laptop:  57,000  paLents   07/2012  Stolen  laptop:  2,500  paLents   09/2011  Accidental  online  sharing:  20,000  paLents   01/2010  Stolen  laptop:  500  paLents  
  • 12. Top  HIPAA  File  Sharing  Risks   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI  
  • 13. Top  HIPAA  File  Sharing  Risks   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?  
  • 14. Top  HIPAA  File  Sharing  Risks   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?   Solved  by  BAA  
  • 15. Top  HIPAA  File  Sharing  Risks   Not  Solved  by  BAA   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?   Solved  by  BAA  
  • 16. Dropbox   Signed  BAA   On-­‐device  EncrypLon   Prevent  Accidental   Sharing   Access  Control  for  On-­‐ device  Data   End  User  Experience   and  Sync   Popularity   (Network  Effect)   Box   Google  Drive  
  • 17. Ingredients  of  File  Sharing  HIPAA  Compliance   1.  File  encrypLon  on  the  device   2.  Control  access  to  files  with  white   list   –  People   –  Devices   3.  Audit  trail  and  emergency  access  
  • 18. The  SoluLon   1.  Device  Loss  with  Unencrypted  PHI   2.  Accidental  Sharing  of  PHI   3.  Unencrypted  PHI  on  Cloud?   Solved  
  • 19. Sookasa:  Shameless  Plug   Dropbox   Signed  BAA   On-­‐device   EncrypLon   Prevent  Accidental   Sharing   Access  Control  for   On-­‐device  Data   End  User   Experience  and   Sync   Popularity   (Network  Effect)   Box   Google  Drive   Sookasa  +   Dropbox  
  • 20. ü  HIPAA  Compliance   ü  HITECH  Attestation   ü  Risk  Assessment   ü  Omnibus  Rule  Ready   ü  Meaningful  Use  core  measure  15   Free  Demo  and  60  Day  Evaluation   www.compliancy-­‐group.com     HIPAA  Hotline       855.85HIPAA   855.854.4722