Top 5 Must Do IT Audits
|
|
- Jeffery Chapman
- 6 years ago
- Views:
Transcription
1 Top 5 Must Do IT Audits Mike Fabrizius, Sharp HealthCare, VP, Internal Audit DJ Wilkins, KPMG, Partner, IT Advisory 2011 AHIA Annual Conference
2 Background on Sharp HealthCare Sharp s Co-sourcing Arrangement with KPMG Current IT Landscape and Trends Typical Profile of IT Departments in HealthCare New and Changing Regulatory Environment Changes to Patient Care Technologies Five Must Do IT Audits Contents 2
3 Serves the 3 million residents of San Diego County Largest health care system in San Diego 2,060 Licensed Beds Largest private employer in San Diego 15,000 Employees 2,600 Affiliated Physicians Full spectrum of health care programs and services Home Health, Hospice, 2 Medical Groups, Health Plan Key Sharp HealthCare Facts 3
4 2007 Malcolm Baldrige National Quality Award Magnet Designation for Nursing Excellence at Sharp Memorial and Sharp Grossmont Hospitals "Most Wired" Health Care System 11 years out of 12 Top integrated health care network in California and sixth in the nation as ranked by Modern Healthcare in 2010 Sharp Highlights 4
5 Reports to Board Audit Committee (functionally) and CEO (administratively) 6.5 FTEs (VP, Manager, & Senior Internal Auditors) Emphasis on operational, financial and IS audits Annual participation with external auditors Successful external Quality Assessment in 2007 Co-sourcing for information systems auditing About Sharp HealthCare Internal Audit 2011 AHIA Annual Conference 5
6 Centralized Information Systems services CIO directing all staff and services Single data center Multitude of systems Common Enterprise Systems Hospital EMR: Cerner Clinic EHR: Allscripts Touchworks ERP: Lawson (GL, Payroll, MM, AP) Patient registration & billing: GE Centricity Patient Portal Board of Directors oversight is provided through its committees for Technology and Audit and Compliance. Sharp HealthCare - IS Overview 6
7 Minimal internal auditing IT expertise Significant organizational IT investment in-process and planned Technology proliferating rapidly Lacked an IT risk assessment many inherent risks obvious residual risks largely unknown Urgency to do something Sharp s IT Auditing Situation in
8 Issued an RFP for IT Risk Assessment Received six responses Evaluated responses: Description Weight 1. Ability to execute 30% 2. Comprehension of scope 15% 3. Cost 10% 4. Reputation/history 20% 5. Local IT expertise 5% 6. Healthcare IT expertise 20% Total 100% Chose KPMG First Step IT Risk Assessment 8
9 KPMG completed IT risk assessment Provided roadmap for a 3-year IT auditing plan Reviewed IT risk assessment with Audit Committee Process demonstrated competency, expertise and fit of KPMG Contracted with KPMG for IT auditing services Sharp s Co-sourcing Assessment 9
10 KPMG Works as an extension of Internal Audit Matches staffing skills with specific project needs Consults with Sharp IA on staff assignments Manages arrangement locally Established and maintains credibility with IS and Audit Committee Sharp HealthCare IA Management Involved in planning of each engagement Participates in kick-off and wrap-up meetings Participates in weekly status meetings Reviews all report drafts Obtains IS Department client feedback Our Key Success Factors 10
11 Healthcare industry is constantly forced to innovate to comply with the demands of the market and legislation Must incorporate security in a way that does not compromise valuable patient data Patient safety concerns and compliance mandates act as viable investment drivers Wireless technologies play a vital role in healthcare industry Improving healthcare quality and preventing medical errors reduces healthcare costs and increases efficiency Current IT Landscape in HealthCare 11
12 HIPAA: The healthcare component focuses on a broad range of improvements that range from amendments to HIPAA s privacy and security rules to construction, and provides incentives to entice provider organizations to adopt HIT systems as quickly as possible. HITECH Act: Incentives related to health care information technology in general (e.g. creation of a national health care infrastructure) and contains specific incentives designed to accelerate the adoption of electronic health record (EHR) systems among providers. ICD-10: The International Classification of Disease (ICD) version 10 (ICD-10) represents the tenth version of diagnosis and procedure coding for the healthcare industry. The change in formatting expands the number of codes thereby allowing far greater flexibility in detailing and classifying diseases and procedures. The Changing Regulatory Environment 12
13 Number 5: Business Continuity Business Continuity Audits analyze the current state of readiness of the organization when faced with a natural or man-made disaster. Five Must Do IT Audits 13
14 Business Continuity Audits analyze the current state of readiness of the organization when faced with a natural or man-made disaster. Risks: Lack of a disaster recovery plan can significantly impact the companies ability to provide quality patient care. Increased reliance on technology raises the importance of high availability business continuity. Lack of a comprehensive, well communicated crisis management and business continuity plan will negatively impact employee and patient health and safety. Business Continuity 14
15 Audit Steps: Evaluate scope and framework for BC and DR plans Evaluate prioritization of key systems, resources and assessment / response procedures Evaluate technology architecture for redundancies, failover capabilities, back-ups and alternative recovery sites Review the disaster recovery plans, evaluate scope, testing methodology and results of plans, employee training/knowledge of plan Evaluate the IT Disaster Recovery Plan and the effectiveness of it to meet business and customer needs Business Continuity 15
16 Number 4: Security Monitoring Security event logging and monitoring becomes increasingly important to identify when unauthorized security-related activities have been attempted or performed on a system or application that processes, transmits or stores confidential information. Five Must Do IT Audits 16
17 Security event logging and monitoring is a process that organizations perform by examining electronic audit logs for indications that unauthorized security-related activities have been attempted or performed on a system or application that processes, transmits or stores confidential information. Key Risks: Unauthorized users may gain access to confidential health information and the breach may not be detected by Management in a timely manner. Logging is not enabled to create audit trails and/or logging lacks detail to allow for effective security monitoring. Lack of device monitoring (e.g. medical devices) is connected to the organizations IT network and can create vulnerabilities to impact data integrity and security. Security Monitoring 17
18 Audit Steps Review security policies and procedures relevant to Information Security. Example policies: responsibility for security, security awareness and training, provisioning, elevated access, segregation of duties and incident response procedures; Review activities to promote security awareness, including Computer Based Training (CBT) and the Information Security intranet website; Inspect the configuration of security applications used to monitor the IT environment; Security Monitoring 18
19 Audit Steps Review Information Security s procedures to monitor security logs and reports; Review security assessment activities performed to identify IT security threats; Review procedures to manage the resolution of security incidents; and Review system development and change control processes to understand Information Security s role in the acquisition and deployment of IT systems. Security Monitoring 19
20 Number 3: External and Wireless Networks As the user base grows and mobile applications become increasingly mission-critical, the need for effective security and management of these networks becomes a top priority. Five Must Do IT Audits 20
21 As the user base grows and mobile applications become increasingly mission-critical, the need for effective security and management of these networks becomes a top priority. Creates cost effective redundancy capabilities Migration to Electronic Health Records Evolution of mobile devices and mobile health technology Ability to provide patients and guests internet access Wireless Network drivers 21
22 Risks: Rogue wireless access points unauthorized access points added to the wireless network Performance optimization monitoring performance and capacity Secure architecture encryption, redundancy and segmentation RF Broadcast strength potential device interference and external visibility Malicious hackers security monitoring and patch management External and Wireless Networks 22
23 Audit Steps Review wireless policy to gain an understanding of how Sharp manages and secures their wireless environment. Inspect the wireless network configuration to determine how wireless local area networks are segregated from Sharp s internal network. Perform internal electronic scanning of in-scope locations by walking through facilities with wireless testing tools. Compare a listing of scanning results against authorized wireless access points (APs) provided by IT. The comparison is made to identify unauthorized or rogue APs. External and Wireless Networks 23
24 Audit Steps Perform external electronic network scans of in-scope locations to determine the broadcast range of Sharp s wireless network. Results of the external scans are exported from the scanning tools to a graphical map. Perform penetration testing against public wireless network, Portal, to determine if the Portal wireless network is properly segregated from the rest of Sharp s network. Assess monitoring processes over unauthorized APs and unauthorized access attempts. External and Wireless Networks 24
25 Number 2: Patient Portals Due to the increased usage of Patient portals, protecting access to confidential health information and management of this data becomes more and more important. Five Must Do IT Audits 25
26 Patient portals provide access to confidential health information such as billing information, test results, scheduled appointments, bill payments, prescribed medications, etc. Risks: Unauthorized access to portal content and/or lack of data security controls Patient Portal Access is not restricted to minimum use access as required under HIPAA Privacy Policy Data at rest and data in motion do not meet encryption standards under HIPAA privacy policy Insecure web applications could create vulnerabilities (e.g. portal attacks, cross-site scripting, etc.) that could be exploited by an unauthorized user through the internet allowing access to confidential data Audit trails are not maintained for Portal Events to allow for Security Monitoring Patient Portals 26
27 Audit Steps Gain an understanding of functionality design and architecture Evaluate overall portal security through analysis of the following key areas: Patient Web Portal (e.g. 2 factor authentication, encrypted passwords) Network (e.g. firewall configurations, use of secure VPN tunnels, use of non-standard ports, use of egress filtering) Operating system (e.g. patches are up to date) Applications and Data sources Identify and evaluate access controls to ensure access to create, modify, add, or delete portal content is controlled Patient Portals 27
28 Audit Steps Perform a web application vulnerability assessment to identify potential technical vulnerabilities (e.g. input validation, user authentication, user authorization, session management, error handling and data protection). Review access controls for systems and applications storing, receiving or transmitting ephi. Evaluate whether access is appropriately restricted to minimum use data. Review audit logging capabilities and evaluate controls regarding management review for critical events (e.g. unauthorized access, access to sensitive data, suspicious activity). Patient Portals 28
29 Number 1: Patient Care Technologies There are increasingly strong private and public incentives as a result of the HITECH act to implement electronic exchange of health information and allow for interoperability while still preserving security. Five Must Do IT Audits 29
30 There are increasingly strong private and public incentives as a result of the HITECH act to implement electronic exchange of health information and allow for interoperability while still preserving security. Risks: Not meeting new requirements of ICD-10 transaction standards Data encryption does not meet the definition in the HIPAA Security Rule for data at rest and data in motion Lack of monitoring for application interfaces that ensure data integrity as it s exchanged among applications and can significantly impact the organization s financial and clinical outcomes Electronic Health Records systems do not promote data integrity and data security Data destruction/sanitization procedures are not in accordance with HIPAA privacy rules Patient Care 30
31 Audit Steps: Evaluate the project plan and scope of ICD 10 implementation and scope audit(s) to address highest risk remediation elements. These include elements related to: people, processes and technology. Review existing electronic health records (EHR) systems and their ability to promote the use and exchange of the health information. Audit activities might include: Review of data security for electronic health information Compare current systems/processes to industry best practices for protecting health information Patient Care 31
32 Audit Steps: Identify and evaluate system configurations/controls using certain EDI healthcare transactions against upcoming ICD requirements (i.e. ASC X12 version 5010). Evaluate impact of third-party vendors storing, receiving or transmitting such transactions. Identify key interfaces and evaluate interface controls over error handling activities, reconciliations, testing procedures and coding change controls. Review procedures and evaluate controls over data destruction/sanitization for media devices containing ephi. Patient Care 32
33 Questions? 33
34 Save the Date: August 26-29, st Annual Conference in Philadelphia Pennsylvania
A Marketing Makeover Changing the Perception and Image of Your Internal Audit Department AHIA Annual Conference
A Marketing Makeover Changing the Perception and Image of Your Internal Audit Department 2011 AHIA Annual Conference 1 Your Presenters Christy Decker is the Internal Audit Manager at Sharp HealthCare in
More informationThe Evolution of the Referral Process
The Evolution of the Referral Process Case Study: Providence Health System E-Referral Mike Reagin Director of Research and Development michael.reagin@providence.org Providence Health System Portland, Oregon
More informationHow to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment
How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment Caroline Hamilton caroline.r.hamilton@gmail.com Risk & Security LLC As channeled by Dr. HIPAA Meaningful Use was the Hottest
More informationBig Data, Security and Privacy: The EHR Vendor View
Taking a step towards Big Data, Security and Privacy: proactive health + care The EHR Vendor View Bob Harmon, MD Physician Executive, Cerner Corporation Presented to Preventive Medicine 2016 Washington,
More informationDriving Down Network Cost Through Enhanced Interoperability
Driving Down Network Cost Through Enhanced Interoperability An overview of how a long term imaging strategy in your hospital system can lower your short term costs. Bob Schallhorn Vice President, Solutions
More informationMOBILE TECHNOLOGY TRENDS FOR HOME HEALTH CARE
MOBILE TECHNOLOGY TRENDS FOR HOME HEALTH CARE Participants are in a listen-only mode. To ask a question during the event, use the chat feature at the bottom left of your screen. Technical questions will
More informationOperational Recovery in Healthcare Using Virtual Technologies. CareTech Solutions
Operational Recovery in Healthcare Using Virtual Technologies Eric Foote Chief Technical Architect Eric Foote, Chief Technical Architect, CareTech Solutions Overview/Background CareTech Solutions is an
More information3/16/2016. How to Implement a Monitoring Program Presented by: Kelly Nueske April 2016 OBJECTIVES AGENDA
How to Implement a Monitoring Program Presented by: Kelly Nueske April 2016 OBJECTIVES Discuss strategies for implementing a monitoring program. For example, using the quality platform. A complete walkthrough
More informationSuccess in Joint Ventures: Sustained Compliance and Audit Oversight
Success in Joint Ventures: Sustained Compliance and Audit Oversight Gene DeLaddy, CIA Senior Vice President, Chief Compliance & Privacy Officer, Chief Audit Executive Dave Pyland, CPA Director, Internal
More informationASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016
ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016 Charles J. Brennan Chief Information Officer Office of Innovation and Technology 1234 Market
More informationADDING VALUE BY AUDITING HEALTH INFORMATION IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA
1 ADDING VALUE BY AUDITING HEALTH INFORMATION EXCHANGE IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA PROTIVITI AHIA 31 st Annual Conference August 26-29, 2012 Philadelphia PA www.ahia.org Speakers Alex Robison
More informationIT Due Diligence in an Era of Mergers and Acquisitions
IT Due Diligence in an Era of Mergers and Acquisitions Session 49, March 6, 2018 Charlie Jones, Director of Project Management, University of Vermont Health Network 1 Conflict of Interest Charlie Jones;
More informationPreparing for an OCR Audit: What is Expected of You
Preparing for an OCR Audit: What is Expected of You Speakers Chuck Burbank CISO and Director of Managed Privacy Services FairWarning Robert Mireles, CIPM Sr. Healthcare Privacy Specialist for Managed Privacy
More informationConvergence of Clinical Engineering and Information Technology: Trends, Opportunities & Challenges
VII Congreso de la Sociedad Cubana de Bioingeniería Havana, Cuba 3 al 6 de mayo 2007 Convergence of Clinical Engineering and Information Technology: Trends, Opportunities & Challenges Stephen L. Grimes,
More informationNavigating the Payments Landscape:
Navigating the Payments Landscape: Reducing Payment Fraud and Leveraging Real-time Payments with Open APIs Jay Hesse Director, Corporate Treasury Emerson Payment Fraud Continues. The university learned
More informationExternal Supplier Control Obligations. Information Security
External Supplier Control Obligations Information Security Version 8.0 March 2018 Control Area / Title Control Description Why this is important 1. Roles and Responsibilities The Supplier must define and
More informationEFFECTIVE STRATEGIES IN PLANNING AND EXECUTING A SUCCESSFUL INTERNAL AUDIT
EFFECTIVE STRATEGIES IN PLANNING AND EXECUTING A SUCCESSFUL INTERNAL AUDIT 1 CHRISTY DECKER DIRECTOR OF INTERNAL AUDIT SHARP HEALTHCARE RUSSELL HARDER INTERNAL AUDIT SENIOR MANAGER DELOITTE & TOUCHE LLP
More informationGOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.
GOVERNANCE 8.A.1 - Objective: Information Technology strategies, plans, personnel and budgets are consistent with AES' business and strategic requirements and goals. Objective Risk Statement(s): - IT Projects,
More informationSecuring Intel s External Online Presence
IT@Intel White Paper Intel IT IT Best Practices Information Security May 2011 Securing Intel s External Online Presence Executive Overview Overall, the Intel Secure External Presence program has effectively
More informationSecurity overview. 2. Physical security
1. Collaborate on your projects in a secure environment Thousands of businesses, including Fortune 500 corporations, trust Wrike for managing their projects through collaboration in the cloud. Security
More informationInfor Cloverleaf Integration Suite
Healthcare Infor Cloverleaf Integration Suite With the Infor Cloverleaf Integration Suite, you ll have an end-to-end integration platform that addresses the fundamental obstacles to healthcare integration,
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationHealth Care Compliance Association
Health Care Compliance Association Audio/Web Conference: EMR Risk Mitigation & Optimization February 19, 2008 @ 12PM Central Speakers: Kelly Nueske, LarsonAllen LLP Jenny O Brien, Hallenland Lewis Nilan
More informationPREDICTIVE INTELLIGENCE SECURITY, PRIVACY, AND ARCHITECTURE
PREDICTIVE INTELLIGENCE SECURITY, PRIVACY, AND ARCHITECTURE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers.
More informationCORPORATE COMPLIANCE AND INTERNAL AUDIT WORKING CLOSER RESULTS VP-CHIEF AUDIT, COMPLIANCE, EXECUTIVE SCRIPPS HEALTH, SAN DIEGO
CORPORATE COMPLIANCE AND INTERNAL AUDIT WORKING CLOSER TOGETHER FOR OPTIMAL RESULTS GLEN C. MUELLER VP-CHIEF AUDIT, COMPLIANCE, INFORMATION SECURITY & ERM EXECUTIVE SCRIPPS HEALTH, SAN DIEGO AHIA 32 nd
More informationLogLogic. Open Log Management. LogLogic LX and LogLogic ST for Enterprise. LogLogic LX Enterprise- Class Log Data Capture and Processing
LogLogic Open Log Management LX and ST for Enterprise Driven by compliance, security, and limited personnel and budget, CIOs and IT departments are turning to the LogLogic Open Log Management solution
More informationRecommendation: Directory Services Architecture and Future IAM Governance Model
Recommendation: Directory Services Architecture and Future IAM Governance Model I. EXECUTIVE SUMMARY Identity and access management (IAM) is a broad administrative function that identifies individuals
More informationA-9: Audit Committee Effectiveness
A-9: Audit Committee Effectiveness Renée W. Jaenicke, CPA, CIA Renown Health 2011 AHIA Annual Conference www.ahia.org Renown Health and Internal Audit Our Journey Sources and Presentations Please ask questions
More informationTesting: The Critical Success Factor in the Transition to ICD-10
Testing: The Critical Success Factor in the Transition to ICD-10 The United States (US) adopted the International Classification of Diseases, 9th Edition, Clinical Modification (ICD-9-CM) in 1979. During
More informationStrategic Planning FY
Strategic Planning FY 2020-2022 Donna R. Hart, CIO HIS 12/ 21/ 20 18 1 Agenda HIS Overview Summary of the Past Impact 2020 Progress-to-date HIS Capabilities in the Healthcare Landscape The Journey Ahead-2020-2022
More informationARE YOU GOING DIGITAL WITHOUT A NET?
ARE YOU GOING DIGITAL WITHOUT A NET? Whether your business is embracing new digital technologies or moving to the cloud, your network needs to be up to the task. 2 ARE YOU GOING DIGITAL WITHOUT A NET?
More informationA Guide to IT Risk Assessment for Financial Institutions. March 2, 2011
A Guide to IT Risk Assessment for Financial Institutions March 2, 2011 Welcome! Housekeeping Control panel on the right side of your screen. Audio Telephone VoIP Submit Questions in the pane on the control
More informationOperational Level Agreement: SQL Server Database Incidents and Requests
Operational Level Agreement: SQL Server Database Incidents and Requests Version 0.4 02/19/2015 Contents Document Approvals Operational Level Agreement Overview Description of Services Services Included
More informationwhat it takes to connect Professional Service with world-class, predictable outcomes Predictable Outcomes
what it takes to connect Professional Service with world-class, predictable outcomes Predictable Outcomes Professional Service with world-class, predictable outcomes Capsule is recognized industry wide
More informationHEALTHCARE CASE STUDY
Healthcare Case Study HEALTHCARE CASE STUDY Table of Contents The Client: VaultMR... 2 The Initial Challenge... 3 Agile Method of Software Delivery... 3 The Next Stage... 3 Cost-Effective Migration...
More informationCRISC EXAM PREP COURSE: SESSION 4
CRISC EXAM PREP COURSE: SESSION 4 Job Practice 2 Copyright 2016 ISACA. All rights reserved. DOMAIN 4 RISK AND CONTROL MONITORING AND REPORTING Copyright 2016 ISACA. All rights reserved. Domain 4 Continuously
More informationTHE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM
WHITEPAPER THE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM ANDREW HICKS MBA, CISA, CCM, CRISC, HCISSP, HITRUST CSF PRACTITIONER PRINCIPAL, HEALTHCARE AND LIFE SCIENCES TABLE OF CONTENTS
More informationReimagine: Healthcare
PROSPECTUS 2018 Reimagine: Healthcare OUR MISSION Redox exists to make healthcare data useful. We ve built the fastest and most cost-effective way to share health data between technologies, enabling dramatic
More informationProactively Managing ERP Risks. January 7, 2010
Proactively Managing ERP Risks January 7, 2010 0 Introductions and Objectives Establish a structured model to demonstrate the variety of risks associated with an ERP environment Discuss control areas that
More informationCEBOS CLOUD PROGRAM DOCUMENT
CEBOS CLOUD PROGRAM DOCUMENT This CEBOS Cloud Program Document establishes terms and conditions for Cloud Services ordered by Customer and provided by Vendor under an Order Document executed under a Cloud
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationEmerging & disruptive technology risks
Emerging & disruptive technology risks Shawn W. Lafferty, KPMG Partner IT Internal Audit/Risk Assurance April 2018 Why IT internal audit? find ways to overcome resource and budgetary constraints. This
More informationRSA. Sustaining Trust in the Digital World. Gintaras Pelenis
1 RSA Sustaining Trust in the Digital World Gintaras Pelenis +370 698 75456 Gintaras.pelenis@emc.com 2 IN 2011 THE DIGITAL UNIVERSE WILL SURPASS 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 3 $ 4 5 Advanced
More informationPrivacy Officer s Guide to Evaluating Cloud Vendors
Privacy Officer s Guide to Evaluating Cloud Vendors Andrew Rodriguez, MSHI, HCISSP, CHPC, CHPS, CDP Corporate Privacy and Information Security Officer Shriners Hospitals for Children Adjunct Instructor
More informationHEALTHCARE ACTIVITIES FROM ANYWHERE ANYTIME
HEALTHCARE ACTIVITIES FROM ANYWHERE ANYTIME Healthcare Utility Services To provide infrastructure or Software as a Service Platform to perform all kinds of healthcare operations by doctors, patients, lab
More informationCounty of Sutter. Management Letter. June 30, 2012
County of Sutter Management Letter June 30, 2012 County of Sutter Index Page Management Letter 3 Management Report Schedule of Current Year s 4 Schedule of Prior Auditor Comments 9 Prior Year Information
More informationSRISESHAA IN HEALTHCARE
SRISESHAA IN HEALTHCARE www.sriseshaa.com www.mobilizeurapps.com www.seshdocmeet.com www.seshcliniq.com SRISESHAA IN HEALTHCARE Interface Mobility Collaboration SriSeshaa in Healthcare TECHNICAL IMPLEMENTATION
More informationEnsuring the health of endpoints in healthcare IT
Ensuring the health of endpoints in healthcare IT Highlights Secure and manage endpoints across highly distributed environments, both on and off the network Automated continuous compliance against policies,
More informationSecuring Access of Health Information Using Identity Management
Securing Access of Health Information Using Identity Management Steve Whicker Manager Security Compliance HIPAA Security Officer AHIS Central Region St Vincent Health sawhicke@stvincent.org Chris Bidleman
More informationSSL ClearView Reporter Data Sheet
SSL ClearView Reporter Data Sheet Written expressly for the Juniper Networks SSL VPN, the SSL ClearView Reporter application takes log data from one or more SSL VPN devices and generates feature-rich reports
More informationIDENTITY AND ACCESS MANAGEMENT SOLUTIONS
IDENTITY AND ACCESS MANAGEMENT SOLUTIONS Help Ensure Success in Moving from a Tactical to Strategic IAM Program Overview While identity and access management (IAM) provides many benefits to your organization
More informationRapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042
Rapidly Reduce Segregation of Duty Violations in Oracle EBS R12 Responsibilities Session ID#: 15042 Responsibility templates from a catalog of pre-configured ERP roles. Workflow to update, review as well
More informationAlcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service
Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service Alcatel-Lucent OmniVista Cirrus is a scalable, resilient, secure cloud-based network management for unified access
More informationHIPAA Summit VII. Preconference III. Advanced Strategies to Achieve ROI in Implementing HIPAA
HIPAA Summit VII Preconference III Advanced Strategies to Achieve ROI in Implementing HIPAA Case Study Report: The Health Reinsurance Association (HRA) and Pool Administrators Inc. (PAI) By Karl Ideman,
More informationTesting: The critical success factor in the transition to ICD-10
Testing: The critical success factor in the transition to ICD-10 The U.S. adopted the International Classification of Diseases, 9th Edition, Clinical Modification (ICD-9-CM) in 1979. During the subsequent
More informationWritten Questions and Answers
Written Questions and Answers UK HealthCare Office of Corporate Compliance Privacy Auditing and Monitoring Software Solution RFP UK-1869-19 Closing Date: 08/16/18 Today s Date: 08/07/18. Question Answer
More informationNorth Shore LIJ Health System, Inc.
North Shore LIJ Health System, Inc. POLICY TITLE: Information System Review and Audit Controls Policy POLICY #: 900.27 System Approval Date: 1/15/2015 ADMINISTRATIVE POLICY AND PROCEDURE MANUAL CATEGORY:
More informationHow to Secure Your Healthcare Communications in a World of Security and Compliance Threats
How to Secure Your Healthcare Communications in a World of Security and Compliance Threats Time to Secure Your Communications At present, most healthcare organizations allocate only three percent of their
More informationENTERPRISE OPERATIONS SERVICES
ARIS CLOUD ENTERPRISE OPERATIONS SERVICES TABLE OF CONTENTS 1 Introduction 2 Operations services 7 Security services 7 Additional services 8 users & stakeholders 9 For more information ARIS Cloud is a
More informationTHE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE
THE CLOUD, RISKS AND INTERNAL CONTROLS Presented By William Blend, CPA, CFE AGENDA Cloud Basics Risks Related Cloud Use GOA on Service Level Agreements COSO ERM Internal Control Model 2 CLOUD BASICS Evolution
More informationAudit Committee Presentation FY2011 Audit Plan (annual risk assessment) August 16, 2010
Audit Committee Presentation FY2011 Audit Plan (annual risk assessment) August 16, 2010 INTERNAL AUDITS ACADEMIC ENTERPRISE Are research and development expenses expended in accordance with the terms of
More informationENABLE DIGITAL - % COMPLETE ENGAGED WORKFORCE - % COMPLETE
Each commitment listed below consists of one or more projects, and has at least one performance measure. Every year, targets are established to track progress towards the measure(s). The status shown on
More informationAlcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service
Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service Alcatel-Lucent OmniVista Cirrus is a scalable, resilient, secure cloud-based network management for unified access
More informationView the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc.
Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update November 17 th, 2011 View the Recording Learning objectives Enforcement update and lessons learned from past HIPAA audits Accounting
More informationORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE
ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE Advanced Access Controls (AAC) Cloud Service enables continuous monitoring of all access policies in Oracle ERP, potential violations, insider threats and
More informationBusiness Benefits by Aligning IT best practices
Business Benefits by Aligning IT best practices Executive Summary Since the Sarbanes-Oxley Act (Sarbanes-Oxley or SOX) was signed into law in 2002, many companies have adopted some IT practices to comply
More informationINVESTOR PRESENTATION. November 2012
INVESTOR PRESENTATION November 2012 today s agenda 2 Latest Announcements Merge to Connect to Surescripts Clinical Network Merge Named to EMC Select Program Merge Unveils New Mobile & Internet Platform
More informationAudit of Departmental Security
Audit of Departmental Security Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate October 2013 Cette publication est également disponible en français. This publication
More informationSTATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
Governance Digi.Com Berhad Annual Report 2017 73 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL IN ACCORDANCE WITH PARAGRAPH 15.26 (b) OF THE MAIN MARKET LISTING REQUIREMENTS OF BURSA MALAYSIA SECURITIES
More informationIs your ERP ready for COSO 2013?
Is your ERP ready for COSO 2013? Securing the ERP Webcast series February 26, 2015 Agenda COSO 2013 overview What is changing and what is not? Internal control definition Components and principles Transition
More informationMastering new and expanding financial services regulations and audits
IBM Software White Paper December 2010 Mastering new and expanding financial services regulations and audits 2 Mastering new and expanding financial services regulations and audits Contents 2 Executive
More informationIT Plan Instructions for FY18-FY19
IT Plan Instructions for FY18-FY19 Introduction and General Instructions The information technology plan for FY18-FY19 is web-enabled. You can navigate to the various sections of your agency s plan by
More informationImproving Information Security by Automating Provisioning and Identity Management WHITE PAPER
Improving Information Security by Automating Provisioning and Identity Management WHITE PAPER INTRODUCTION Many healthcare security professionals understand the need to enhance their security and privacy
More informationa physicians guide to security risk assessment
PAGE//1 a physicians guide to security risk assessment isalus healthcare isalus healthcare a physicians guide to security risk assessment table of contents INTRO 1 DO I NEED TO OUTSOURCE MY SECURITY RISK
More informationThe Importance of Independent Quality Assurance for Patient Safety and Quality Care
The Importance of Independent Quality Assurance for Patient Safety and Quality Care NTT DATA welcomed Dell Services into the family in 2016. Together, we offer one of the industry s most comprehensive
More informationDelivered by Sandra Fuller, MA, RHIA, FAHIMA. April 29, 2009
A Statement by the American Health Information Management Association on Determining the Definition of Meaningful Use to the National Committee on Vital and Health Statistics, April 2009 Delivered by Sandra
More informationITIL Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE. Sample Paper 2, version 5.1. To be used with Case Study 1 QUESTION BOOKLET
ITIL Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE Sample Paper 2, version 5.1 To be used with Case Study 1 Gradient Style, Complex Multiple Choice QUESTION BOOKLET Gradient Style, Complex
More informationFIVE STEPS TO AN ENTERPRISE IMAGING STRATEGY. Jon DeVries, Vice President, Solutions Management Merge Healthcare October 18 th, 2013
FIVE STEPS TO AN ENTERPRISE IMAGING STRATEGY Jon DeVries, Vice President, Solutions Management Merge Healthcare October 18 th, 2013 Today s Agenda 1 2 3 4 DISCUSS Enterprise imaging and why it should be
More informationGartner IT Key Metrics Data
Gartner IT Key Metrics Data 2011 SUMMARY REPORT Key Information Security Measures: Summary report This report contains database averages and only represents a subset of the published metrics and custom
More informationTOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR
TOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR The need for a robust and flexible enterprise-grade identity and access management (IAM) solution has never been greater. IAM is increasingly
More informationPresentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley
MAINTAINING A SECURE GLOBAL ENTERPRISE : Challenges and Emerging Solutions Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley The 2008 Chief Information Security
More informationIBM Content Foundation on Cloud
Service Description IBM Content Foundation on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of the
More informationPCI COMPLIANCE PCI COMPLIANCE RESPONSE BREACH VULNERABLE SECURITY TECHNOLOGY INTERNET ISSUES STRATEGY APPS INFRASTRUCTURE LOGS
TRAILS INSIDERS LOGS MODEL PCI Compliance What It Is And How To Maintain It PCI COMPLIANCE WHAT IT IS AND HOW TO MAINTAIN IT HACKERS APPS BUSINESS PCI AUDIT BROWSER MALWARE COMPLIANCE VULNERABLE PASSWORDS
More informationSecuring SaaS at Scale
Securing SaaS at Scale Protecting Mission-Critical Business Applications in the Cloud Cloud Essentials SaaS Usage Is Growing Along with Security Problems When it comes to the cloud, everyone wants in on
More informationIBM Case Manager on Cloud
Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized users and recipients of
More informationFrom the Front Lines: Navigating the OCR Phase 2 HIPAA Audits
View the Replay From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits June 16, 2016 Executive Series Webinar Today s Speakers Carla Wagner, HCISPP Privacy Officer Beacon Health System Trish A.
More informationThe University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY2016
Purpose of the Annual Report Table of Contents I. Compliance with Texas Government Code, Section 2102.015: Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit information on
More informationICT budget and staffing trends in Germany
ICT budget and staffing trends in Germany Enterprise ICT investment plans to 2013 January 2013 TABLE OF CONTENTS 1 Trends in ICT budgets... Error! Bookmark not 1.1 Introduction... Error! Bookmark not 1.2
More informationTechnology evolution. Managing the risk in four key areas
Technology evolution Managing the risk in four key areas The message is widespread: the concept of as-a-service is real and has the potential to unleash the power of processing, increased capacity, cost
More information2018 Budget Presentation Information Technology. Jeff Eckhart IT Director November 14, 2017
2018 Budget Presentation Jeff Eckhart IT Director November 14, 2017 Mission The Department is an internal service organization chartered to provide foundational technology services and support to El Paso
More informationLegacy Health Data Management, an Overview of Data Archiving & System Decommissioning with Rick Adams
Legacy Health Data Management, an Overview of Data Archiving & System Decommissioning with Rick Adams Rick Adams is the co-founder and Managing Partner of Harmony Healthcare IT. He has 22 years of healthcare
More informationIntelligent automation and internal audit
Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise
More informationApplication Retirement Planning: Compliance, Cost & Access
Application Retirement Planning: Compliance, Cost & Access 4/16/2015 Martin Prince - Vice President - Baylor Scott & White Health Christine Foley Vice President - MediQuant DISCLAIMER: The views and opinions
More informationReducing EMR and Clinical System Downtime
Reducing EMR and Clinical System Downtime An Everbridge White Paper Introduction The majority of hospitals and large physician practices have implemented electronic medical records (EMRs) along with other
More informationCertified Identity Governance Expert (CIGE) Overview & Curriculum
Overview Identity and Access Governance (IAG) provides the link between Identity and Access Management (IAM) rules and the policies within a company to protect systems and data from unauthorized access,
More informationActive Record Retention and Legacy System Decommissioning:
Active Record Retention and Legacy System Decommissioning: Use Cases and Lessons Learned from Successful Projects NMHIMA Spring Conference April 18, 2017 Presented by Tony Paparella, President The Triumph
More informationHCCA 2006 Compliance Institute April 25, 2006
Case Study: Building and Operating an Integrated Compliance and Internal Audit Department HCCA 2006 Compliance Institute April 25, 2006 Heidi Crosby CPA, CIA Director, Audit Services Trinity Health Michael
More informationEpic Integrated Consulting Services Seamless integration for system implementation, transition, optimization, legacy support and training
Epic Integrated Consulting Services Seamless integration for system implementation, transition, optimization, legacy support and training With nearly a third of all electronic health record (EHR) inpatient
More informationOn the Alert: Incident Response Plan for Healthcare 111/13/2017
On the Alert: Incident Response Plan for Healthcare 111/13/2017 Presenter Introductions Nadia Fahim-Koster Managing Director, IT Risk Management Meditology Services Kevin Henry Senior Associate, IT Risk
More informationAchieve Continuous Compliance via Business Service Management (BSM)
Achieve Continuous Compliance via Business Service (BSM) Brian Holmes, CISA Solutions Consultant BMC Software Agenda Introduction Compliance: The Business Driver Challenges of IT Compliance Business Service
More information