SlideShare uma empresa Scribd logo
1 de 25
Baixar para ler offline
CPE Credit is not available for viewing archived programs.
Please visit http://www.grantthornton.com/events for upcoming programs.

Third-Party Relationships and Your Confidential Data

Assessing risk and management
oversight processes

Original Broadcast Date: September 2013

© Grant Thornton LLP. All rights reserved.
Presenters

David Reitzel
Grant Thornton LLP
Partner and National Health IT Leader, Health Care
Advisory Services

Joined by

Mark Ruppert
Cedars-Sinai Medical Center
Chief Audit Executive
© Grant Thornton LLP. All rights reserved.

2

2
Third-Party Relationships
and Your Confidential Data

Learning objectives
• Describe how health care auditors and technologists can
assist management by identifying compliance risks, and
establishing effective vendor selection and monitoring as
the use of third parties becomes more prevalent
• Identify various types of third-party relationships and the
breaches most commonly associated with them
• Define the Health Insurance Portability and Accountability
Act (HIPAA) Omnibus Rule and key factors that
management and internal auditors should consider when
evaluating whether a breach has occurred in their
organization
© Grant Thornton LLP. All rights reserved.

3

3
Third-Party Relationships
and Your Confidential Data

Agenda
• Electronic medical data
• HIPAA Omnibus Rule
• Third-party involvement

• Breaches
• Vendor selection, management
• Questions

© Grant Thornton LLP. All rights reserved.

4
Electronic medical data

• Volume has grown
• Definitions have grown
– Protected health information, or PHI
– Electronic protected health information, or ePHI
• Protection is required
– HIPAA Omnibus Rule
• Protection rules are changing

© Grant Thornton LLP. All rights reserved.

5
Third-Party Relationships
and Your Confidential Data

Agenda
• Electronic medical data
• HIPAA Omnibus Rule
• Third-party involvement

• Breaches
• Vendor selection, management
• Questions

© Grant Thornton LLP. All rights reserved.

6
HIPAA Omnibus Rule changes effective Sept. 23

• "Business associate"
– Redefined as anyone who maintains paper PHI or ePHI
• ePHI use
– New limits imposed on marketing and fundraising
• "Breach" and "risk"
– Redefined and assessments required
• Penalties
– Fines escalate with violation severity

© Grant Thornton LLP. All rights reserved.

7
Third-Party Relationships
and Your Confidential Data

Agenda
• Electronic medical data
• HIPAA Omnibus Rule
• Third-party involvement

• Breaches
• Vendor selection, management
• Questions

© Grant Thornton LLP. All rights reserved.

8
What's a third party?

Businesses not under direct business control of the
organization that engages them
Including:
• Vendors
• Distributors
• Suppliers
• Franchisees/licensees
• Joint venture or alliance partners
• Technology outsourcing providers

© Grant Thornton LLP. All rights reserved.

9
Cloud computing

The cloud: Server network and software managed by third
party in private or shared environment
Risks:
1. Data security and controls
2. Data transmission
3. Multitenancy
4. Location
5. Reliability
6. Sustainability
© Grant Thornton LLP. All rights reserved.

10
Types of third-party relationships

• Infrastructure only
– Vendor provides key structure but no apps or app
support (e.g., third-party data centers)
• Managed apps
– Vendor exerts some control over installation,
maintenance, and support of infrastructure and apps
• All data
– Vendor provides infrastructure and managed apps, as
well as support, maintenance and disaster recovery
(e.g., backup and recovery site)
© Grant Thornton LLP. All rights reserved.

11
Third-party risks

1. Increasing volume of electronic medical data
2. Increasing reliance on third-party vendors
3. Increasing risk from this reliance:
Third parties have been responsible
for almost half of all data breaches.

© Grant Thornton LLP. All rights reserved.

12
Third-Party Relationships
and Your Confidential Data

Agenda
• Electronic medical data
• HIPAA Omnibus Rule
• Third-party involvement

• Breaches
• Vendor selection, management
• Questions

© Grant Thornton LLP. All rights reserved.

13
Determining a breach has occurred

• Could the patient be identified?
• Who received or used the information and to whom
were disclosures made?
• Was the data actually acquired or viewed by someone
who shouldn't have had access to it?
• What steps were taken to mitigate the risk?
Has the recipient of the data given assurances that

it was not used inappropriately?

© Grant Thornton LLP. All rights reserved.

14
Consequences of a breach HIPAA notification rules
Covered entities and their business associates must notify:
• HHS
– Report annually via a website for breaches affecting
fewer than 500 individuals
• HHS and the media
– Notify within 60 days of determination that breach affects
500 or more individuals and meets Federal Breach
Reporting Requirements
• Patients
– Notify per federal and state laws with varying notification
requirements
© Grant Thornton LLP. All rights reserved.

15
Third-Party Relationships
and Your Confidential Data

Agenda
• Electronic medical data
• HIPAA Omnibus Rule
• Third-party involvement

• Breaches
• Vendor selection, management
• Questions

© Grant Thornton LLP. All rights reserved.

16
Challenges for the organization

Selecting third-party vendors
• Risk-based criteria
• Due diligence
Monitoring third-party vendors
• Management oversight

© Grant Thornton LLP. All rights reserved.

17
Challenges for internal audit

Testing the organization's selection assessments
• Risk-based criteria
• Due diligence
Reviewing the organization's monitoring process
• Management oversight

© Grant Thornton LLP. All rights reserved.

18
Steps to establish effective controls

1. Identify your vendor population
2. Develop risk profile of all vendors
3. Focus first on highest-risk vendors
4. Maintain vendor screening
5. Establish ongoing monitoring process

© Grant Thornton LLP. All rights reserved.

19
Third-Party Relationships
and Your Confidential Data

Agenda
• Electronic medical data
• HIPAA Omnibus Rule
• Third-party involvement

• Breaches
• Vendor selection, management
• Questions

© Grant Thornton LLP. All rights reserved.

20
Comments?

Questions?

© Grant Thornton LLP. All rights reserved.

21

21
The white paper

Third-party relationships and your confidential data:
Assessing risk and management oversight processes
Association of Healthcare Internal Auditors (AHIA) Whitepaper
Subcommittee
• Mark Eddy, CPA (HCA Healthcare)
• Michael Fabrizius, CPA (Carolinas HealthCare System)
• Linda McKee, CPA, AHIA Board Liaison (Sentara Healthcare)
• Glen Mueller, CPA, AHIA Whitepaper Subcommittee Chair (Scripps
Health)
• Mark Ruppert, CPA (Cedars-Sinai Health System)
• Debi Weatherford, CPA (Piedmont Healthcare)
© Grant Thornton LLP. All rights reserved.

22
Contact

Information
David Reitzel
Grant Thornton LLP
Partner and National Health IT Leader, Health Care
Advisory Services
david.reitzel@us.gt.com
312.602.8531

Mark Ruppert
Cedars-Sinai Medical Center
Chief Audit Executive
mark.ruppert@cshs.org
323.866.6900

© Grant Thornton LLP. All rights reserved.

23

23
Disclaimer

This Grant Thornton LLP presentation is not a comprehensive analysis of the
subject matters covered and may include proposed guidance that is subject to
change before it is issued in final form. All relevant facts and
circumstances, including the pertinent authoritative literature, need to be
considered to arrive at conclusions that comply with matters addressed in this
presentation. The views and interpretations expressed in the presentation are
those of the presenters and the presentation is not intended to provide accounting
or other advice or guidance with respect to the matters covered.
For additional information on matters covered in this presentation, contact your
Grant Thornton LLP adviser.

© Grant Thornton LLP. All rights reserved.

24
Thank you for viewing this presentation.
Visit us online at:
www.GrantThornton.com
twitter.com/GrantThorntonUS
linkd.in/GrantThorntonUS

© Grant Thornton LLP. All rights reserved.

Mais conteúdo relacionado

Mais procurados

Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal servicesKatrin Stefanicki
 
How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?Experian
 
Top Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsTop Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsExperian
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligenceethiXbase
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...vivacidade
 
Modernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationModernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationDeloitte United States
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...Deloitte United States
 
How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?Experian
 
Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Grant Thornton LLP
 
The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...Deloitte United States
 
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Epstein Becker Green
 
2018 UK Automotive Consumer Study
2018 UK Automotive Consumer Study2018 UK Automotive Consumer Study
2018 UK Automotive Consumer StudyDeloitte UK
 
Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Deloitte United States
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesDeloitte United States
 
Potentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallyPotentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallycyoung1717
 
Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Vikrant Mudaliar
 
Modern Slavery Supply Chain
Modern Slavery Supply Chain Modern Slavery Supply Chain
Modern Slavery Supply Chain ethiXbase
 
Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Deloitte United States
 

Mais procurados (19)

Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal services
 
How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?
 
Top Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsTop Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial Institutions
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due Diligence
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...
 
Modernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationModernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creation
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...
 
How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?
 
Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...
 
The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...
 
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
 
2018 UK Automotive Consumer Study
2018 UK Automotive Consumer Study2018 UK Automotive Consumer Study
2018 UK Automotive Consumer Study
 
Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activities
 
Potentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallyPotentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annually
 
Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013
 
WSJ(R+C)-IT
WSJ(R+C)-ITWSJ(R+C)-IT
WSJ(R+C)-IT
 
Modern Slavery Supply Chain
Modern Slavery Supply Chain Modern Slavery Supply Chain
Modern Slavery Supply Chain
 
Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...
 

Destaque

Resourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionResourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionGrant Thornton LLP
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do nowGrant Thornton LLP
 
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...Grant Thornton LLP
 
The 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreThe 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreGrant Thornton LLP
 
Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020CEW Georgetown
 
African Americans: College Majors and Earnings
African Americans: College Majors and Earnings African Americans: College Majors and Earnings
African Americans: College Majors and Earnings CEW Georgetown
 
The Online College Labor Market
The Online College Labor MarketThe Online College Labor Market
The Online College Labor MarketCEW Georgetown
 
Game Based Learning for Language Learners
Game Based Learning for Language LearnersGame Based Learning for Language Learners
Game Based Learning for Language LearnersShelly Sanchez Terrell
 
Digitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityDigitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityPaul Brown
 
GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom Brian Housand
 
Connecting With the Disconnected
Connecting With the DisconnectedConnecting With the Disconnected
Connecting With the DisconnectedChris Wejr
 
Responding to Academically Distressed Students
Responding to Academically Distressed StudentsResponding to Academically Distressed Students
Responding to Academically Distressed StudentsMr. Ronald Quileste, PhD
 
Can We Assess Creativity?
Can We Assess Creativity?Can We Assess Creativity?
Can We Assess Creativity?John Spencer
 
Parenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' SchoolingParenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' SchoolingChris Kennedy
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookGrant Thornton LLP
 
Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunityGrant Thornton LLP
 

Destaque (17)

Resourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionResourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's mission
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do now
 
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
 
The 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreThe 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignore
 
Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020
 
African Americans: College Majors and Earnings
African Americans: College Majors and Earnings African Americans: College Majors and Earnings
African Americans: College Majors and Earnings
 
The Online College Labor Market
The Online College Labor MarketThe Online College Labor Market
The Online College Labor Market
 
Game Based Learning for Language Learners
Game Based Learning for Language LearnersGame Based Learning for Language Learners
Game Based Learning for Language Learners
 
Digitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityDigitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and Identity
 
GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom
 
Connecting With the Disconnected
Connecting With the DisconnectedConnecting With the Disconnected
Connecting With the Disconnected
 
Responding to Academically Distressed Students
Responding to Academically Distressed StudentsResponding to Academically Distressed Students
Responding to Academically Distressed Students
 
Can We Assess Creativity?
Can We Assess Creativity?Can We Assess Creativity?
Can We Assess Creativity?
 
Parenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' SchoolingParenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' Schooling
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 Outlook
 
ForwardThinking Q1 2017
ForwardThinking Q1 2017ForwardThinking Q1 2017
ForwardThinking Q1 2017
 
Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunity
 

Semelhante a Third-Party Relationships and Your Confidential Data

Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationClinosolIndia
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...3GDR
 
What the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkWhat the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkHealth Catalyst
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
Web only rx16 len tues_1115_group
Web only rx16 len tues_1115_groupWeb only rx16 len tues_1115_group
Web only rx16 len tues_1115_groupOPUNITE
 
Preventing Provider Medical Identity Theft
Preventing Provider Medical Identity TheftPreventing Provider Medical Identity Theft
Preventing Provider Medical Identity Theft- Mark - Fullbright
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Scotland legal update 25 sept
Scotland legal update   25 septScotland legal update   25 sept
Scotland legal update 25 septRachel Aldighieri
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh5Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh53GDR
 
Codes of conduct for farm data sharing
Codes of conduct for farm data sharing Codes of conduct for farm data sharing
Codes of conduct for farm data sharing plan4all
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Compliancy Group
 

Semelhante a Third-Party Relationships and Your Confidential Data (20)

Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy Risk
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
What the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkWhat the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your Work
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
Web only rx16 len tues_1115_group
Web only rx16 len tues_1115_groupWeb only rx16 len tues_1115_group
Web only rx16 len tues_1115_group
 
Preventing Provider Medical Identity Theft
Preventing Provider Medical Identity TheftPreventing Provider Medical Identity Theft
Preventing Provider Medical Identity Theft
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and Security
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
Scotland legal update 25 sept
Scotland legal update   25 septScotland legal update   25 sept
Scotland legal update 25 sept
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh5Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh5
 
Codes of conduct for farm data sharing
Codes of conduct for farm data sharing Codes of conduct for farm data sharing
Codes of conduct for farm data sharing
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...Business Associates: How to differentiate your organization using HIPAA compl...
Business Associates: How to differentiate your organization using HIPAA compl...
 

Mais de Grant Thornton LLP

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019Grant Thornton LLP
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017Grant Thornton LLP
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017Grant Thornton LLP
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Grant Thornton LLP
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonGrant Thornton LLP
 
10 social media tips for nonprofits to further engagement
10  social media tips for nonprofits to further engagement10  social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagementGrant Thornton LLP
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series:  Trends to watch for 2020The Future of Growth and Industries Webcast Series:  Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020Grant Thornton LLP
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonGrant Thornton LLP
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry Grant Thornton LLP
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementGrant Thornton LLP
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration Grant Thornton LLP
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsGrant Thornton LLP
 
Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Grant Thornton LLP
 
Quick look at the business equivalency rate
Quick look at the business equivalency rateQuick look at the business equivalency rate
Quick look at the business equivalency rateGrant Thornton LLP
 
3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behavior3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behaviorGrant Thornton LLP
 

Mais de Grant Thornton LLP (20)

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019
 
GT Events and Programs Guide
GT Events and Programs GuideGT Events and Programs Guide
GT Events and Programs Guide
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant Thornton
 
10 social media tips for nonprofits to further engagement
10  social media tips for nonprofits to further engagement10  social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series:  Trends to watch for 2020The Future of Growth and Industries Webcast Series:  Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant Thornton
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset management
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. elections
 
Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing
 
Quick look at the business equivalency rate
Quick look at the business equivalency rateQuick look at the business equivalency rate
Quick look at the business equivalency rate
 
3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behavior3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behavior
 

Último

Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Reportamberjiles31
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfHajeJanKamps
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.mcshagufta46
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZKanakChauhan5
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..dlewis191
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursKaiNexus
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...Brian Solis
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toumarfarooquejamali32
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024Stephan Koning
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGlokeshwarmaha
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsyasinnathani
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)tazeenaila12
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 

Último (20)

Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Report
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdf
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.
 
Mihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZMihir Menda - Member of Supervisory Board at RMZ
Mihir Menda - Member of Supervisory Board at RMZ
 
Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..Team B Mind Map for Organizational Chg..
Team B Mind Map for Organizational Chg..
 
Developing Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, OursDeveloping Coaching Skills: Mine, Yours, Ours
Developing Coaching Skills: Mine, Yours, Ours
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
 
Lecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb toLecture_6.pptx English speaking easyb to
Lecture_6.pptx English speaking easyb to
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
 
Data skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story pointsData skills for Agile Teams- Killing story points
Data skills for Agile Teams- Killing story points
 
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
TalentView Webinar: Empowering the Modern Workforce_ Redefininig Success from...
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
Harvard Business Review.pptx | Navigating Labor Unrest (March-April 2024)
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 

Third-Party Relationships and Your Confidential Data

  • 1. CPE Credit is not available for viewing archived programs. Please visit http://www.grantthornton.com/events for upcoming programs. Third-Party Relationships and Your Confidential Data Assessing risk and management oversight processes Original Broadcast Date: September 2013 © Grant Thornton LLP. All rights reserved.
  • 2. Presenters David Reitzel Grant Thornton LLP Partner and National Health IT Leader, Health Care Advisory Services Joined by Mark Ruppert Cedars-Sinai Medical Center Chief Audit Executive © Grant Thornton LLP. All rights reserved. 2 2
  • 3. Third-Party Relationships and Your Confidential Data Learning objectives • Describe how health care auditors and technologists can assist management by identifying compliance risks, and establishing effective vendor selection and monitoring as the use of third parties becomes more prevalent • Identify various types of third-party relationships and the breaches most commonly associated with them • Define the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule and key factors that management and internal auditors should consider when evaluating whether a breach has occurred in their organization © Grant Thornton LLP. All rights reserved. 3 3
  • 4. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 4
  • 5. Electronic medical data • Volume has grown • Definitions have grown – Protected health information, or PHI – Electronic protected health information, or ePHI • Protection is required – HIPAA Omnibus Rule • Protection rules are changing © Grant Thornton LLP. All rights reserved. 5
  • 6. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 6
  • 7. HIPAA Omnibus Rule changes effective Sept. 23 • "Business associate" – Redefined as anyone who maintains paper PHI or ePHI • ePHI use – New limits imposed on marketing and fundraising • "Breach" and "risk" – Redefined and assessments required • Penalties – Fines escalate with violation severity © Grant Thornton LLP. All rights reserved. 7
  • 8. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 8
  • 9. What's a third party? Businesses not under direct business control of the organization that engages them Including: • Vendors • Distributors • Suppliers • Franchisees/licensees • Joint venture or alliance partners • Technology outsourcing providers © Grant Thornton LLP. All rights reserved. 9
  • 10. Cloud computing The cloud: Server network and software managed by third party in private or shared environment Risks: 1. Data security and controls 2. Data transmission 3. Multitenancy 4. Location 5. Reliability 6. Sustainability © Grant Thornton LLP. All rights reserved. 10
  • 11. Types of third-party relationships • Infrastructure only – Vendor provides key structure but no apps or app support (e.g., third-party data centers) • Managed apps – Vendor exerts some control over installation, maintenance, and support of infrastructure and apps • All data – Vendor provides infrastructure and managed apps, as well as support, maintenance and disaster recovery (e.g., backup and recovery site) © Grant Thornton LLP. All rights reserved. 11
  • 12. Third-party risks 1. Increasing volume of electronic medical data 2. Increasing reliance on third-party vendors 3. Increasing risk from this reliance: Third parties have been responsible for almost half of all data breaches. © Grant Thornton LLP. All rights reserved. 12
  • 13. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 13
  • 14. Determining a breach has occurred • Could the patient be identified? • Who received or used the information and to whom were disclosures made? • Was the data actually acquired or viewed by someone who shouldn't have had access to it? • What steps were taken to mitigate the risk? Has the recipient of the data given assurances that it was not used inappropriately? © Grant Thornton LLP. All rights reserved. 14
  • 15. Consequences of a breach HIPAA notification rules Covered entities and their business associates must notify: • HHS – Report annually via a website for breaches affecting fewer than 500 individuals • HHS and the media – Notify within 60 days of determination that breach affects 500 or more individuals and meets Federal Breach Reporting Requirements • Patients – Notify per federal and state laws with varying notification requirements © Grant Thornton LLP. All rights reserved. 15
  • 16. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 16
  • 17. Challenges for the organization Selecting third-party vendors • Risk-based criteria • Due diligence Monitoring third-party vendors • Management oversight © Grant Thornton LLP. All rights reserved. 17
  • 18. Challenges for internal audit Testing the organization's selection assessments • Risk-based criteria • Due diligence Reviewing the organization's monitoring process • Management oversight © Grant Thornton LLP. All rights reserved. 18
  • 19. Steps to establish effective controls 1. Identify your vendor population 2. Develop risk profile of all vendors 3. Focus first on highest-risk vendors 4. Maintain vendor screening 5. Establish ongoing monitoring process © Grant Thornton LLP. All rights reserved. 19
  • 20. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 20
  • 21. Comments? Questions? © Grant Thornton LLP. All rights reserved. 21 21
  • 22. The white paper Third-party relationships and your confidential data: Assessing risk and management oversight processes Association of Healthcare Internal Auditors (AHIA) Whitepaper Subcommittee • Mark Eddy, CPA (HCA Healthcare) • Michael Fabrizius, CPA (Carolinas HealthCare System) • Linda McKee, CPA, AHIA Board Liaison (Sentara Healthcare) • Glen Mueller, CPA, AHIA Whitepaper Subcommittee Chair (Scripps Health) • Mark Ruppert, CPA (Cedars-Sinai Health System) • Debi Weatherford, CPA (Piedmont Healthcare) © Grant Thornton LLP. All rights reserved. 22
  • 23. Contact Information David Reitzel Grant Thornton LLP Partner and National Health IT Leader, Health Care Advisory Services david.reitzel@us.gt.com 312.602.8531 Mark Ruppert Cedars-Sinai Medical Center Chief Audit Executive mark.ruppert@cshs.org 323.866.6900 © Grant Thornton LLP. All rights reserved. 23 23
  • 24. Disclaimer This Grant Thornton LLP presentation is not a comprehensive analysis of the subject matters covered and may include proposed guidance that is subject to change before it is issued in final form. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this presentation. The views and interpretations expressed in the presentation are those of the presenters and the presentation is not intended to provide accounting or other advice or guidance with respect to the matters covered. For additional information on matters covered in this presentation, contact your Grant Thornton LLP adviser. © Grant Thornton LLP. All rights reserved. 24
  • 25. Thank you for viewing this presentation. Visit us online at: www.GrantThornton.com twitter.com/GrantThorntonUS linkd.in/GrantThorntonUS © Grant Thornton LLP. All rights reserved.

Notas do Editor

  1. The volume of electronic medical data is growing rapidly, driven by the potential quality of care considerations, desired process efficiencies, cost savings and looming federal requirements to migrate all health care providers to electronic records by 2015.In the past year, the use of electronic medical records has more than doubled, and the U.S. Department of Health and Human Services (HHS) has already exceeded its goal to have 50% of doctors’ offices and 80% of eligible hospitals using electronic records by the end of 2013.
  2. Four-tiered risk assessment replaces the harm threshold in identifying a breach.
  3. These third-party relationships offer a host of benefits for health care providers. Contracting with an outside firm to manage data systems enables providers to streamline their IT systems and related processes, and accelerate the deployment of IT resources, such as new software. These relationships also allow health care providers to focus key limited people resources on vision and mission-critical activities.
  4. In health care, cloud computing can support electronic medical records, prescription data, practice management, computerized physician order entry, billing and administration. Clouds offer flexibility and affordability, enabling providers to expand resources as their needs dictate while paying only for what they use. Cloud computing reduces the need for capital investment in IT infrastructure and speeds the deployment of new applications and software updates.
  5. Managed applications — including cloud computing, infrastructure and software-as-a-service — can be used to more rapidly deploy software to a larger number of users across a network, and reduce the capital needed to support and manage applications over an extended period of time.
  6. Once a health care organization enters into a third-party relationship, it faces the challenge of compliance requirements for computer networks and software that another company owns. What’s more, the organization is dependent on such third parties for the reliability and availability of mission-critical data systems, which may include applications that require instant and constant availability (e.g., clinical applications).
  7. The new rules put a greater onus on providers and their auditors to understand all aspects of third-party ePHI risk and develop a process for minimizing it.
  8. Organizations should establish a management process for properly vetting vendors before their selection, and then actively monitor vendor security and privacy controls to reduce the risks created by third-party relationships. To be effective, the overall process will require more formality and rigor in vendor management than in the past.
  9. Organizations should establish a management process for properly vetting vendors before their selection, and then actively monitor vendor security and privacy controls to reduce the risks created by third-party relationships. To be effective, the overall process will require more formality and rigor in vendor management than in the past.
  10. 1. The list should include any smaller third-party contracts that may have been added at the department level rather than through the typical centralized review and centralized contracting channels. These smaller arrangements may actually hold some of the higher risks because the contracts may not be as complete, and smaller vendors are less inclined to have the level of controls found with larger organizations.Focus the inquiries on vendors’ controls and financial stability. Ideally, this type of risk profile should be developed by management for auditor review, but it may require the auditor to lead and/or complete the effort. If completed by the auditor, the auditor should work with management on developing a process to maintain it on a periodic basis.3. Work with management and the vendor to mitigate the most immediate threats, using concepts such as data protection and digital rights management to close risk gaps.Create standard criteria such as ethics, financial stability, good references, invoice accuracy and service quality to assess new vendors and their technologies for protecting data. In decentralizedenvironments or environments where departments can create vendor relationships without a central conduit such as purchasing or legal, ensuring this happens will be much more difficult and will requiremore internal audit consideration and efforts.5. Continue to use surveys, questionnaires and inspections to review the compliance of third parties on an ongoing basis. Year-to-year comparisons can flag potential lapses in security control environments.
  11. You will all receive an email with a link to this whitepaper, we collaborated and created with the whitepaper subcommittee/AHIA. The whitepaper lists key questions that might be helpful to review. Health care organizations considering risks associated with third-party custodians entrusted with ePHI should first understand the implications of the Final Rule and any related state regulations, and then complete a robust risk assessment of its existing vendor relationships. A similar level of management due diligence is important before entering any contractual relationship with new vendors. Internal auditors can play a key role in such due diligence by asking management to ensure it understands if the vendor has the proper security controls in place to protect organizational data by, at a minimum, addressing these key questions.