SlideShare una empresa de Scribd logo

Third-Party Relationships and Your Confidential Data

Descargar como PPTX, PDF
Grant Thornton LLP
Grant Thornton LLP

As the volume of electronic medical data has grown, so has the number of third-party custodians who handle it. Organizations increasingly rely on third parties for infrastructure, managed applications and data management. Navigating the changing rules governing these third parties has become more complex. The risk of these relationships is significant: Third parties are responsible for almost half of all data breaches. Compounding these challenges are new federal requirements for managing electronic protected health information. Important changes that take effect Sept. 23, 2013 in the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule broaden the definition of a business associate, set new limits on how data may be used, redefine what constitutes a breach and establish new civil penalties for violations. Failing to properly assess risks inherent in these relationships and inadequately implementing monitoring controls to address the risk of third-party relationships can be costly in terms of potential penalties and damage to an organization’s reputation.

EmpresarialesEconomía y finanzas
1 de 25
CPE Credit is not available for viewing archived programs. Please visit http://www.grantthornton.com/events for upcoming programs. Third-Party Relationships and Your Confidential Data Assessing risk and management oversight processes Original Broadcast Date: September 2013 © Grant Thornton LLP. All rights reserved.
Presenters David Reitzel Grant Thornton LLP Partner and National Health IT Leader, Health Care Advisory Services Joined by Mark Ruppert Cedars-Sinai Medical Center Chief Audit Executive © Grant Thornton LLP. All rights reserved. 2 2
Third-Party Relationships and Your Confidential Data Learning objectives • Describe how health care auditors and technologists can assist management by identifying compliance risks, and establishing effective vendor selection and monitoring as the use of third parties becomes more prevalent • Identify various types of third-party relationships and the breaches most commonly associated with them • Define the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule and key factors that management and internal auditors should consider when evaluating whether a breach has occurred in their organization © Grant Thornton LLP. All rights reserved. 3 3
Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 4
Electronic medical data • Volume has grown • Definitions have grown – Protected health information, or PHI – Electronic protected health information, or ePHI • Protection is required – HIPAA Omnibus Rule • Protection rules are changing © Grant Thornton LLP. All rights reserved. 5
Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 6
HIPAA Omnibus Rule changes effective Sept. 23 • "Business associate" – Redefined as anyone who maintains paper PHI or ePHI • ePHI use – New limits imposed on marketing and fundraising • "Breach" and "risk" – Redefined and assessments required • Penalties – Fines escalate with violation severity © Grant Thornton LLP. All rights reserved. 7
Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 8
What's a third party? Businesses not under direct business control of the organization that engages them Including: • Vendors • Distributors • Suppliers • Franchisees/licensees • Joint venture or alliance partners • Technology outsourcing providers © Grant Thornton LLP. All rights reserved. 9
Cloud computing The cloud: Server network and software managed by third party in private or shared environment Risks: 1. Data security and controls 2. Data transmission 3. Multitenancy 4. Location 5. Reliability 6. Sustainability © Grant Thornton LLP. All rights reserved. 10
Types of third-party relationships • Infrastructure only – Vendor provides key structure but no apps or app support (e.g., third-party data centers) • Managed apps – Vendor exerts some control over installation, maintenance, and support of infrastructure and apps • All data – Vendor provides infrastructure and managed apps, as well as support, maintenance and disaster recovery (e.g., backup and recovery site) © Grant Thornton LLP. All rights reserved. 11
Third-party risks 1. Increasing volume of electronic medical data 2. Increasing reliance on third-party vendors 3. Increasing risk from this reliance: Third parties have been responsible for almost half of all data breaches. © Grant Thornton LLP. All rights reserved. 12
Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 13
Determining a breach has occurred • Could the patient be identified? • Who received or used the information and to whom were disclosures made? • Was the data actually acquired or viewed by someone who shouldn't have had access to it? • What steps were taken to mitigate the risk? Has the recipient of the data given assurances that it was not used inappropriately? © Grant Thornton LLP. All rights reserved. 14
Consequences of a breach HIPAA notification rules Covered entities and their business associates must notify: • HHS – Report annually via a website for breaches affecting fewer than 500 individuals • HHS and the media – Notify within 60 days of determination that breach affects 500 or more individuals and meets Federal Breach Reporting Requirements • Patients – Notify per federal and state laws with varying notification requirements © Grant Thornton LLP. All rights reserved. 15
Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 16
Challenges for the organization Selecting third-party vendors • Risk-based criteria • Due diligence Monitoring third-party vendors • Management oversight © Grant Thornton LLP. All rights reserved. 17
Challenges for internal audit Testing the organization's selection assessments • Risk-based criteria • Due diligence Reviewing the organization's monitoring process • Management oversight © Grant Thornton LLP. All rights reserved. 18
Steps to establish effective controls 1. Identify your vendor population 2. Develop risk profile of all vendors 3. Focus first on highest-risk vendors 4. Maintain vendor screening 5. Establish ongoing monitoring process © Grant Thornton LLP. All rights reserved. 19
Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 20
Comments? Questions? © Grant Thornton LLP. All rights reserved. 21 21
The white paper Third-party relationships and your confidential data: Assessing risk and management oversight processes Association of Healthcare Internal Auditors (AHIA) Whitepaper Subcommittee • Mark Eddy, CPA (HCA Healthcare) • Michael Fabrizius, CPA (Carolinas HealthCare System) • Linda McKee, CPA, AHIA Board Liaison (Sentara Healthcare) • Glen Mueller, CPA, AHIA Whitepaper Subcommittee Chair (Scripps Health) • Mark Ruppert, CPA (Cedars-Sinai Health System) • Debi Weatherford, CPA (Piedmont Healthcare) © Grant Thornton LLP. All rights reserved. 22
Contact Information David Reitzel Grant Thornton LLP Partner and National Health IT Leader, Health Care Advisory Services david.reitzel@us.gt.com 312.602.8531 Mark Ruppert Cedars-Sinai Medical Center Chief Audit Executive mark.ruppert@cshs.org 323.866.6900 © Grant Thornton LLP. All rights reserved. 23 23
Disclaimer This Grant Thornton LLP presentation is not a comprehensive analysis of the subject matters covered and may include proposed guidance that is subject to change before it is issued in final form. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this presentation. The views and interpretations expressed in the presentation are those of the presenters and the presentation is not intended to provide accounting or other advice or guidance with respect to the matters covered. For additional information on matters covered in this presentation, contact your Grant Thornton LLP adviser. © Grant Thornton LLP. All rights reserved. 24
Thank you for viewing this presentation. Visit us online at: www.GrantThornton.com twitter.com/GrantThorntonUS linkd.in/GrantThorntonUS © Grant Thornton LLP. All rights reserved.

Recomendados

Doing business in China – Recent anti-corruption and bribery
Doing business in China – Recent anti-corruption and briberyDoing business in China – Recent anti-corruption and bribery
Doing business in China – Recent anti-corruption and briberyGrant Thornton LLP
 
Provider/payor convergence: A prescription for growth?
Provider/payor convergence: A prescription for growth?Provider/payor convergence: A prescription for growth?
Provider/payor convergence: A prescription for growth?Grant Thornton LLP
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Managing sanctions compliance challenges
Managing sanctions compliance challengesManaging sanctions compliance challenges
Managing sanctions compliance challengesGrant Thornton LLP
 
After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processGrant Thornton LLP
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Software Advice UserView: Legal Management Software Report 2015
Software Advice UserView: Legal Management Software Report 2015Software Advice UserView: Legal Management Software Report 2015
Software Advice UserView: Legal Management Software Report 2015Software Advice
 
Tax insights: legislation gives nonprofits new benefits and burdens
Tax insights: legislation gives nonprofits new benefits and burdensTax insights: legislation gives nonprofits new benefits and burdens
Tax insights: legislation gives nonprofits new benefits and burdensGrant Thornton LLP
 

Recomendados

Doing business in China – Recent anti-corruption and bribery
Doing business in China – Recent anti-corruption and briberyDoing business in China – Recent anti-corruption and bribery
Doing business in China – Recent anti-corruption and briberyGrant Thornton LLP
 
Provider/payor convergence: A prescription for growth?
Provider/payor convergence: A prescription for growth?Provider/payor convergence: A prescription for growth?
Provider/payor convergence: A prescription for growth?Grant Thornton LLP
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
Managing sanctions compliance challenges
Managing sanctions compliance challengesManaging sanctions compliance challenges
Managing sanctions compliance challengesGrant Thornton LLP
 
After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processGrant Thornton LLP
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Software Advice UserView: Legal Management Software Report 2015
Software Advice UserView: Legal Management Software Report 2015Software Advice UserView: Legal Management Software Report 2015
Software Advice UserView: Legal Management Software Report 2015Software Advice
 
Tax insights: legislation gives nonprofits new benefits and burdens
Tax insights: legislation gives nonprofits new benefits and burdensTax insights: legislation gives nonprofits new benefits and burdens
Tax insights: legislation gives nonprofits new benefits and burdensGrant Thornton LLP
 
Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal servicesKatrin Stefanicki
 
How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?Experian
 
Top Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsTop Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsExperian
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligenceethiXbase
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...vivacidade
 
Modernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationModernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationDeloitte United States
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...Deloitte United States
 
How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?Experian
 
Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Grant Thornton LLP
 
The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...Deloitte United States
 
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Epstein Becker Green
 
2018 UK Automotive Consumer Study
2018 UK Automotive Consumer Study2018 UK Automotive Consumer Study
2018 UK Automotive Consumer StudyDeloitte UK
 
Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Deloitte United States
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesDeloitte United States
 
Potentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallyPotentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallycyoung1717
 
Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Vikrant Mudaliar
 
WSJ(R+C)-IT
WSJ(R+C)-ITWSJ(R+C)-IT
WSJ(R+C)-ITKeith Darcy
 
Modern Slavery Supply Chain
Modern Slavery Supply Chain Modern Slavery Supply Chain
Modern Slavery Supply Chain ethiXbase
 
Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Deloitte United States
 
Resourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionResourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionGrant Thornton LLP
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do nowGrant Thornton LLP
 
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...Grant Thornton LLP
 

Más contenido relacionado

La actualidad más candente

Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal servicesKatrin Stefanicki
 
How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?Experian
 
Top Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsTop Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsExperian
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligenceethiXbase
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...vivacidade
 
Modernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationModernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationDeloitte United States
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...Deloitte United States
 
How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?Experian
 
Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Grant Thornton LLP
 
The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...Deloitte United States
 
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Epstein Becker Green
 
2018 UK Automotive Consumer Study
2018 UK Automotive Consumer Study2018 UK Automotive Consumer Study
2018 UK Automotive Consumer StudyDeloitte UK
 
Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Deloitte United States
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesDeloitte United States
 
Potentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallyPotentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallycyoung1717
 
Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Vikrant Mudaliar
 
Modern Slavery Supply Chain
Modern Slavery Supply Chain Modern Slavery Supply Chain
Modern Slavery Supply Chain ethiXbase
 
Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Deloitte United States
 

La actualidad más candente (19)

Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal services
 
How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?How do lenders perceive alternative credit data?
How do lenders perceive alternative credit data?
 
Top Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial InstitutionsTop Regulatory Insights for Fintechs & Financial Institutions
Top Regulatory Insights for Fintechs & Financial Institutions
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due Diligence
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...
 
Modernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creationModernizing compliance: A tech lens on value protection and creation
Modernizing compliance: A tech lens on value protection and creation
 
EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...EU General Data Protection Regulation: Practical steps for compliance, third ...
EU General Data Protection Regulation: Practical steps for compliance, third ...
 
How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?How do consumers feel about alternative credit data?
How do consumers feel about alternative credit data?
 
Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...Reserves planning: Determining the appropriate level of reserves for your org...
Reserves planning: Determining the appropriate level of reserves for your org...
 
The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...The need for speed in financial governance: Mitigating the risks of misstatem...
The need for speed in financial governance: Mitigating the risks of misstatem...
 
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
Proactive Health Care Regulatory Compliance - Proactive Compliance Initiative...
 
2018 UK Automotive Consumer Study
2018 UK Automotive Consumer Study2018 UK Automotive Consumer Study
2018 UK Automotive Consumer Study
 
Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...Closing the talent gap: Five ways government and business can team up to resk...
Closing the talent gap: Five ways government and business can team up to resk...
 
Hedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activitiesHedge accounting: Simplifying the accounting for hedging activities
Hedge accounting: Simplifying the accounting for hedging activities
 
Potentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annuallyPotentially save 1,625 dollars per employee annually
Potentially save 1,625 dollars per employee annually
 
Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013Social Media Marketing: India Trends Study 2013
Social Media Marketing: India Trends Study 2013
 
WSJ(R+C)-IT
WSJ(R+C)-ITWSJ(R+C)-IT
WSJ(R+C)-IT
 
Modern Slavery Supply Chain
Modern Slavery Supply Chain Modern Slavery Supply Chain
Modern Slavery Supply Chain
 
Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...Supply chain financial crime rates holding steady, but few tap blockchain to ...
Supply chain financial crime rates holding steady, but few tap blockchain to ...
 

Destacado

Resourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionResourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionGrant Thornton LLP
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do nowGrant Thornton LLP
 
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...Grant Thornton LLP
 
The 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreThe 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreGrant Thornton LLP
 
Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020CEW Georgetown
 
African Americans: College Majors and Earnings
African Americans: College Majors and Earnings African Americans: College Majors and Earnings
African Americans: College Majors and Earnings CEW Georgetown
 
The Online College Labor Market
The Online College Labor MarketThe Online College Labor Market
The Online College Labor MarketCEW Georgetown
 
Game Based Learning for Language Learners
Game Based Learning for Language LearnersGame Based Learning for Language Learners
Game Based Learning for Language LearnersShelly Sanchez Terrell
 
Digitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityDigitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityPaul Brown
 
GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom Brian Housand
 
Connecting With the Disconnected
Connecting With the DisconnectedConnecting With the Disconnected
Connecting With the DisconnectedChris Wejr
 
Responding to Academically Distressed Students
Responding to Academically Distressed StudentsResponding to Academically Distressed Students
Responding to Academically Distressed StudentsMr. Ronald Quileste, PhD
 
Can We Assess Creativity?
Can We Assess Creativity?Can We Assess Creativity?
Can We Assess Creativity?John Spencer
 
Parenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' SchoolingParenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' SchoolingChris Kennedy
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookGrant Thornton LLP
 
Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunityGrant Thornton LLP
 

Destacado (17)

Resourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's missionResourcefulness, creativity can help further your nonprofit's mission
Resourcefulness, creativity can help further your nonprofit's mission
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do now
 
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
TIP on Tax: New rules may ease burden for small shareholders in tech acquisit...
 
The 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignoreThe 4 ERP governance best practices you can’t ignore
The 4 ERP governance best practices you can’t ignore
 
Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020Recovery: Job Growth and Education Requirements Through 2020
Recovery: Job Growth and Education Requirements Through 2020
 
African Americans: College Majors and Earnings
African Americans: College Majors and Earnings African Americans: College Majors and Earnings
African Americans: College Majors and Earnings
 
The Online College Labor Market
The Online College Labor MarketThe Online College Labor Market
The Online College Labor Market
 
Game Based Learning for Language Learners
Game Based Learning for Language LearnersGame Based Learning for Language Learners
Game Based Learning for Language Learners
 
Digitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and IdentityDigitized Student Development, Social Media, and Identity
Digitized Student Development, Social Media, and Identity
 
GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom GAME ON! Integrating Games and Simulations in the Classroom
GAME ON! Integrating Games and Simulations in the Classroom
 
Connecting With the Disconnected
Connecting With the DisconnectedConnecting With the Disconnected
Connecting With the Disconnected
 
Responding to Academically Distressed Students
Responding to Academically Distressed StudentsResponding to Academically Distressed Students
Responding to Academically Distressed Students
 
Can We Assess Creativity?
Can We Assess Creativity?Can We Assess Creativity?
Can We Assess Creativity?
 
Parenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' SchoolingParenting Wishes - Hopes and Dreams for my Kids' Schooling
Parenting Wishes - Hopes and Dreams for my Kids' Schooling
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 Outlook
 
ForwardThinking Q1 2017
ForwardThinking Q1 2017ForwardThinking Q1 2017
ForwardThinking Q1 2017
 
Balancing risk with opportunity
Balancing risk with opportunityBalancing risk with opportunity
Balancing risk with opportunity
 

Similar a Third-Party Relationships and Your Confidential Data

Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationClinosolIndia
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...3GDR
 
What the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkWhat the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkHealth Catalyst
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
Web only rx16 len tues_1115_group
Web only rx16 len tues_1115_groupWeb only rx16 len tues_1115_group
Web only rx16 len tues_1115_groupOPUNITE
 
Preventing Provider Medical Identity Theft
Preventing Provider Medical Identity TheftPreventing Provider Medical Identity Theft
Preventing Provider Medical Identity Theft- Mark - Fullbright
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 septRachel Aldighieri
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfEthical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfAlex860662
 
Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh5Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh53GDR
 
Codes of conduct for farm data sharing
Codes of conduct for farm data sharing Codes of conduct for farm data sharing
Codes of conduct for farm data sharing plan4all
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 

Similar a Third-Party Relationships and Your Confidential Data (20)

Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
 
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy ProgramTrustArc Webinar: Level-Up Your Healthcare Privacy Program
TrustArc Webinar: Level-Up Your Healthcare Privacy Program
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy Risk
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
What the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your WorkWhat the ONC's Proposed Rule on Information Blocking Means for Your Work
What the ONC's Proposed Rule on Information Blocking Means for Your Work
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
Web only rx16 len tues_1115_group
Web only rx16 len tues_1115_groupWeb only rx16 len tues_1115_group
Web only rx16 len tues_1115_group
 
Preventing Provider Medical Identity Theft
Preventing Provider Medical Identity TheftPreventing Provider Medical Identity Theft
Preventing Provider Medical Identity Theft
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and Security
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdfEthical Considerations for Healthcare Analytics Data Disposal.pdf
Ethical Considerations for Healthcare Analytics Data Disposal.pdf
 
Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh5Mobile Health Symposium #HIMSS15 Session Mh5
Mobile Health Symposium #HIMSS15 Session Mh5
 
Codes of conduct for farm data sharing
Codes of conduct for farm data sharing Codes of conduct for farm data sharing
Codes of conduct for farm data sharing
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 

Más de Grant Thornton LLP

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019Grant Thornton LLP
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017Grant Thornton LLP
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017Grant Thornton LLP
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Grant Thornton LLP
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonGrant Thornton LLP
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagementGrant Thornton LLP
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020Grant Thornton LLP
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonGrant Thornton LLP
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry Grant Thornton LLP
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementGrant Thornton LLP
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration Grant Thornton LLP
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsGrant Thornton LLP
 
Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Grant Thornton LLP
 
Quick look at the business equivalency rate
Quick look at the business equivalency rateQuick look at the business equivalency rate
Quick look at the business equivalency rateGrant Thornton LLP
 
3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behavior3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behaviorGrant Thornton LLP
 

Más de Grant Thornton LLP (20)

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019
 
GT Events and Programs Guide
GT Events and Programs GuideGT Events and Programs Guide
GT Events and Programs Guide
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant Thornton
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant Thornton
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset management
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. elections
 
Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing Not-For-Profit Audit Committee Briefing
Not-For-Profit Audit Committee Briefing
 
Quick look at the business equivalency rate
Quick look at the business equivalency rateQuick look at the business equivalency rate
Quick look at the business equivalency rate
 
3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behavior3 hard facts shaping higher education thinking and behavior
3 hard facts shaping higher education thinking and behavior
 

Último

WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreNZSG
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 
BAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxBAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxran17april2001
 
Supercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsSupercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsGOKUL JS
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 

Último (20)

WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource Centre
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.com
 
BAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxBAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptx
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
Supercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsSupercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebs
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 

Third-Party Relationships and Your Confidential Data

  • 1. CPE Credit is not available for viewing archived programs. Please visit http://www.grantthornton.com/events for upcoming programs. Third-Party Relationships and Your Confidential Data Assessing risk and management oversight processes Original Broadcast Date: September 2013 © Grant Thornton LLP. All rights reserved.
  • 2. Presenters David Reitzel Grant Thornton LLP Partner and National Health IT Leader, Health Care Advisory Services Joined by Mark Ruppert Cedars-Sinai Medical Center Chief Audit Executive © Grant Thornton LLP. All rights reserved. 2 2
  • 3. Third-Party Relationships and Your Confidential Data Learning objectives • Describe how health care auditors and technologists can assist management by identifying compliance risks, and establishing effective vendor selection and monitoring as the use of third parties becomes more prevalent • Identify various types of third-party relationships and the breaches most commonly associated with them • Define the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule and key factors that management and internal auditors should consider when evaluating whether a breach has occurred in their organization © Grant Thornton LLP. All rights reserved. 3 3
  • 4. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 4
  • 5. Electronic medical data • Volume has grown • Definitions have grown – Protected health information, or PHI – Electronic protected health information, or ePHI • Protection is required – HIPAA Omnibus Rule • Protection rules are changing © Grant Thornton LLP. All rights reserved. 5
  • 6. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 6
  • 7. HIPAA Omnibus Rule changes effective Sept. 23 • "Business associate" – Redefined as anyone who maintains paper PHI or ePHI • ePHI use – New limits imposed on marketing and fundraising • "Breach" and "risk" – Redefined and assessments required • Penalties – Fines escalate with violation severity © Grant Thornton LLP. All rights reserved. 7
  • 8. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 8
  • 9. What's a third party? Businesses not under direct business control of the organization that engages them Including: • Vendors • Distributors • Suppliers • Franchisees/licensees • Joint venture or alliance partners • Technology outsourcing providers © Grant Thornton LLP. All rights reserved. 9
  • 10. Cloud computing The cloud: Server network and software managed by third party in private or shared environment Risks: 1. Data security and controls 2. Data transmission 3. Multitenancy 4. Location 5. Reliability 6. Sustainability © Grant Thornton LLP. All rights reserved. 10
  • 11. Types of third-party relationships • Infrastructure only – Vendor provides key structure but no apps or app support (e.g., third-party data centers) • Managed apps – Vendor exerts some control over installation, maintenance, and support of infrastructure and apps • All data – Vendor provides infrastructure and managed apps, as well as support, maintenance and disaster recovery (e.g., backup and recovery site) © Grant Thornton LLP. All rights reserved. 11
  • 12. Third-party risks 1. Increasing volume of electronic medical data 2. Increasing reliance on third-party vendors 3. Increasing risk from this reliance: Third parties have been responsible for almost half of all data breaches. © Grant Thornton LLP. All rights reserved. 12
  • 13. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 13
  • 14. Determining a breach has occurred • Could the patient be identified? • Who received or used the information and to whom were disclosures made? • Was the data actually acquired or viewed by someone who shouldn't have had access to it? • What steps were taken to mitigate the risk? Has the recipient of the data given assurances that it was not used inappropriately? © Grant Thornton LLP. All rights reserved. 14
  • 15. Consequences of a breach HIPAA notification rules Covered entities and their business associates must notify: • HHS – Report annually via a website for breaches affecting fewer than 500 individuals • HHS and the media – Notify within 60 days of determination that breach affects 500 or more individuals and meets Federal Breach Reporting Requirements • Patients – Notify per federal and state laws with varying notification requirements © Grant Thornton LLP. All rights reserved. 15
  • 16. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 16
  • 17. Challenges for the organization Selecting third-party vendors • Risk-based criteria • Due diligence Monitoring third-party vendors • Management oversight © Grant Thornton LLP. All rights reserved. 17
  • 18. Challenges for internal audit Testing the organization's selection assessments • Risk-based criteria • Due diligence Reviewing the organization's monitoring process • Management oversight © Grant Thornton LLP. All rights reserved. 18
  • 19. Steps to establish effective controls 1. Identify your vendor population 2. Develop risk profile of all vendors 3. Focus first on highest-risk vendors 4. Maintain vendor screening 5. Establish ongoing monitoring process © Grant Thornton LLP. All rights reserved. 19
  • 20. Third-Party Relationships and Your Confidential Data Agenda • Electronic medical data • HIPAA Omnibus Rule • Third-party involvement • Breaches • Vendor selection, management • Questions © Grant Thornton LLP. All rights reserved. 20
  • 21. Comments? Questions? © Grant Thornton LLP. All rights reserved. 21 21
  • 22. The white paper Third-party relationships and your confidential data: Assessing risk and management oversight processes Association of Healthcare Internal Auditors (AHIA) Whitepaper Subcommittee • Mark Eddy, CPA (HCA Healthcare) • Michael Fabrizius, CPA (Carolinas HealthCare System) • Linda McKee, CPA, AHIA Board Liaison (Sentara Healthcare) • Glen Mueller, CPA, AHIA Whitepaper Subcommittee Chair (Scripps Health) • Mark Ruppert, CPA (Cedars-Sinai Health System) • Debi Weatherford, CPA (Piedmont Healthcare) © Grant Thornton LLP. All rights reserved. 22
  • 23. Contact Information David Reitzel Grant Thornton LLP Partner and National Health IT Leader, Health Care Advisory Services david.reitzel@us.gt.com 312.602.8531 Mark Ruppert Cedars-Sinai Medical Center Chief Audit Executive mark.ruppert@cshs.org 323.866.6900 © Grant Thornton LLP. All rights reserved. 23 23
  • 24. Disclaimer This Grant Thornton LLP presentation is not a comprehensive analysis of the subject matters covered and may include proposed guidance that is subject to change before it is issued in final form. All relevant facts and circumstances, including the pertinent authoritative literature, need to be considered to arrive at conclusions that comply with matters addressed in this presentation. The views and interpretations expressed in the presentation are those of the presenters and the presentation is not intended to provide accounting or other advice or guidance with respect to the matters covered. For additional information on matters covered in this presentation, contact your Grant Thornton LLP adviser. © Grant Thornton LLP. All rights reserved. 24
  • 25. Thank you for viewing this presentation. Visit us online at: www.GrantThornton.com twitter.com/GrantThorntonUS linkd.in/GrantThorntonUS © Grant Thornton LLP. All rights reserved.

Notas del editor

  1. The volume of electronic medical data is growing rapidly, driven by the potential quality of care considerations, desired process efficiencies, cost savings and looming federal requirements to migrate all health care providers to electronic records by 2015.In the past year, the use of electronic medical records has more than doubled, and the U.S. Department of Health and Human Services (HHS) has already exceeded its goal to have 50% of doctors’ offices and 80% of eligible hospitals using electronic records by the end of 2013.
  2. Four-tiered risk assessment replaces the harm threshold in identifying a breach.
  3. These third-party relationships offer a host of benefits for health care providers. Contracting with an outside firm to manage data systems enables providers to streamline their IT systems and related processes, and accelerate the deployment of IT resources, such as new software. These relationships also allow health care providers to focus key limited people resources on vision and mission-critical activities.
  4. In health care, cloud computing can support electronic medical records, prescription data, practice management, computerized physician order entry, billing and administration. Clouds offer flexibility and affordability, enabling providers to expand resources as their needs dictate while paying only for what they use. Cloud computing reduces the need for capital investment in IT infrastructure and speeds the deployment of new applications and software updates.
  5. Managed applications — including cloud computing, infrastructure and software-as-a-service — can be used to more rapidly deploy software to a larger number of users across a network, and reduce the capital needed to support and manage applications over an extended period of time.
  6. Once a health care organization enters into a third-party relationship, it faces the challenge of compliance requirements for computer networks and software that another company owns. What’s more, the organization is dependent on such third parties for the reliability and availability of mission-critical data systems, which may include applications that require instant and constant availability (e.g., clinical applications).
  7. The new rules put a greater onus on providers and their auditors to understand all aspects of third-party ePHI risk and develop a process for minimizing it.
  8. Organizations should establish a management process for properly vetting vendors before their selection, and then actively monitor vendor security and privacy controls to reduce the risks created by third-party relationships. To be effective, the overall process will require more formality and rigor in vendor management than in the past.
  9. Organizations should establish a management process for properly vetting vendors before their selection, and then actively monitor vendor security and privacy controls to reduce the risks created by third-party relationships. To be effective, the overall process will require more formality and rigor in vendor management than in the past.
  10. 1. The list should include any smaller third-party contracts that may have been added at the department level rather than through the typical centralized review and centralized contracting channels. These smaller arrangements may actually hold some of the higher risks because the contracts may not be as complete, and smaller vendors are less inclined to have the level of controls found with larger organizations.Focus the inquiries on vendors’ controls and financial stability. Ideally, this type of risk profile should be developed by management for auditor review, but it may require the auditor to lead and/or complete the effort. If completed by the auditor, the auditor should work with management on developing a process to maintain it on a periodic basis.3. Work with management and the vendor to mitigate the most immediate threats, using concepts such as data protection and digital rights management to close risk gaps.Create standard criteria such as ethics, financial stability, good references, invoice accuracy and service quality to assess new vendors and their technologies for protecting data. In decentralizedenvironments or environments where departments can create vendor relationships without a central conduit such as purchasing or legal, ensuring this happens will be much more difficult and will requiremore internal audit consideration and efforts.5. Continue to use surveys, questionnaires and inspections to review the compliance of third parties on an ongoing basis. Year-to-year comparisons can flag potential lapses in security control environments.
  11. You will all receive an email with a link to this whitepaper, we collaborated and created with the whitepaper subcommittee/AHIA. The whitepaper lists key questions that might be helpful to review. Health care organizations considering risks associated with third-party custodians entrusted with ePHI should first understand the implications of the Final Rule and any related state regulations, and then complete a robust risk assessment of its existing vendor relationships. A similar level of management due diligence is important before entering any contractual relationship with new vendors. Internal auditors can play a key role in such due diligence by asking management to ensure it understands if the vendor has the proper security controls in place to protect organizational data by, at a minimum, addressing these key questions.