1 / 9

C4HCO Security and Privacy Discussion

C4HCO Security and Privacy Discussion. Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013. Agenda. Introductions What – Needs to be Protected? How – Does it Need to be Protected? When – Does it Need to be Protected? Who – Assistance Sites Questions and Answers.

benson
Download Presentation

C4HCO Security and Privacy Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. C4HCO Security and Privacy Discussion Bill Jenkins C4HCO Security and Privacy Officer 16 October 2013

  2. Agenda • Introductions • What – Needs to be Protected? • How – Does it Need to be Protected? • When – Does it Need to be Protected? • Who – Assistance Sites • Questions and Answers

  3. Introductions Bill Jenkins C4HCO Security and Privacy Officer bjenkins@connectforhealthco.com 720-810-0568 Security@conncectforhealthco.com Privacy@connectforhealthco.com

  4. What Needs to be Protected • C4HCO handles: • Personally Identifiable Information (PII) • Protected Health Information (PHI) • Payment Card Industry (PCI) data • Federal Tax Information (FTI) • From C4HCO, Assistance Sites receive –>>> PII • Incidental exposure to the others

  5. What is PII? • OMB Memorandum M-07-16 defines Personally Identifiable Information (PII) as information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. • Stand-alone PII: Full name, Social Security Number, Immigration Number, etc. • Linkable PII: Bank Account Information, Credit Card Information, Health/Dental Policy Number, Pregnancy/Disability/Incarceration Status, etc. when attached to an identifier (stand-alone PII). • Examples of documents that contain PII: • Single Streamline Application (SSAp), Appeals Application, Citizenship Documents, Tax Returns, W2s/Income Verification Documents, Reports • You may only use or disclose PII as authorized as part of your job. 

  6. How Does it Need to be Protected? • Establish technical, physical, and administrative controls that: • Authorizes access to data (grant permission) • Ensures only authorized people access the data (limit access) • Use the data to do your job and then get rid of it (minimize retention) • Transmit and store data safely (lock it up) • C4HCO has 30+ Security and Privacy Policies • Even more procedures • Only a subset applies to you! – depends on your business model • Will take time to fully implement • Most Relevant • Security Training and Awareness • Incident Response • Personnel Security • Accountability and Risk Management • Use Limitation

  7. When Does it Need to be Protected? • Upon receipt • From C4HCO • From Customer • While being used • Be aware of your surroundings • Stick to the script • While stored or retained • Is it really needed? • Apply common sense • Two tests – your own data, answering the reporter afterwards • When done with it • Return it • Really deleted? • Valuable scraps

  8. Assistance Sites • Partners with C4HCO • Yet independent entities • Business Models Vary • For some, an added service • For some, an primary mission • Different uses of data can be permitted • Informed Customer Consent • Permitted C4HCO use • Get it in writing! We will all learn and grow together

  9. Questions and Answers Go for it!

More Related