1 / 5

AHCCCS System Security

AHCCCS System Security. Why is Security SO important? Federal and State standards Security breaches in the last year What AHCCCS is doing What we are expecting of you Questions. Federal and State Standards. Federal requirement – HIPAA Covers both Privacy and Security

pierce
Download Presentation

AHCCCS System Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AHCCCS System Security • Why is Security SO important? • Federal and State standards • Security breaches in the last year • What AHCCCS is doing • What we are expecting of you • Questions

  2. Federal and State Standards • Federal requirement – HIPAA • Covers both Privacy and Security • AHCCCS utilized HIPAA consultants to assist with: • GAP analysis (as-is and target environments) • Remediation Plan • Part of that is on-gong – Annual HIPAA Security Self Assessment • State Standards

  3. Security breaches • State of Utah – up to 200K files stolen; information on up to 750K people hacked due to a “configuration issue” • State of Alaska – USB thumb drive stolen w/member data; fined in 2012 • State of South Carolina - Information on 228K people stolen by an employee via email • ASU– obtained password, used to steal list of user-id & passwords • AZ DPS – 8 E-mail accounts “hacked” • Our responsibility: As Health Care professionals, take SECURITY seriously

  4. What AHCCCS security is doing • Annual HIPAA Security Self Assessment (Audit) • Stach & Liu Security Audit • External Penetration Test • Detailed assessment of our web-based applications • Wireless environment • Completed, working on remediation • Working on an SSAE-16 audit • Focused on Security • In Process • Completed “assessment”, awaiting preliminary findings

  5. What we are expecting of you • Security language is/will be included in the contracts • Includes initial and annual assessments • Actively worked remediation plan • Providing our HIPAA Security Self Assessment Audit tool that we utilize • Best if Audit to be conducted by an independent third party; required by contract • Only as good as you make it • Questions?

More Related