50 likes | 202 Views
AHCCCS System Security. Why is Security SO important? Federal and State standards Security breaches in the last year What AHCCCS is doing What we are expecting of you Questions. Federal and State Standards. Federal requirement – HIPAA Covers both Privacy and Security
E N D
AHCCCS System Security • Why is Security SO important? • Federal and State standards • Security breaches in the last year • What AHCCCS is doing • What we are expecting of you • Questions
Federal and State Standards • Federal requirement – HIPAA • Covers both Privacy and Security • AHCCCS utilized HIPAA consultants to assist with: • GAP analysis (as-is and target environments) • Remediation Plan • Part of that is on-gong – Annual HIPAA Security Self Assessment • State Standards
Security breaches • State of Utah – up to 200K files stolen; information on up to 750K people hacked due to a “configuration issue” • State of Alaska – USB thumb drive stolen w/member data; fined in 2012 • State of South Carolina - Information on 228K people stolen by an employee via email • ASU– obtained password, used to steal list of user-id & passwords • AZ DPS – 8 E-mail accounts “hacked” • Our responsibility: As Health Care professionals, take SECURITY seriously
What AHCCCS security is doing • Annual HIPAA Security Self Assessment (Audit) • Stach & Liu Security Audit • External Penetration Test • Detailed assessment of our web-based applications • Wireless environment • Completed, working on remediation • Working on an SSAE-16 audit • Focused on Security • In Process • Completed “assessment”, awaiting preliminary findings
What we are expecting of you • Security language is/will be included in the contracts • Includes initial and annual assessments • Actively worked remediation plan • Providing our HIPAA Security Self Assessment Audit tool that we utilize • Best if Audit to be conducted by an independent third party; required by contract • Only as good as you make it • Questions?