chime lead dc 2014 “key attributes for success, challenges and critical success factors” with...
DESCRIPTION
CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Angela Diop, ND, CHCIO, VP of Information Systems, Unity Health Care, Inc.TRANSCRIPT
A CHIME Leadership Education and Development Forum in collaboration with iHT2
Creating an Effective Cyber Security Strategy
________Key Attributes for Success, Challenges and
Critical Success Factors
● Angela Duncan Diop, ND, CHCIO, VP of Information Systems
Unity Health Care, Inc. ●
#LEAD14
ANATOMY OF A BREACH
A CHIME Leadership Education and Development Forum in collaboration with iHT2
INTRODUCTION
Unity Health Care, Inc.Federally
Qualified Health Center
Over 100,000 unique patients
in 2013
30 sites; health centers,
homeless service sites, school based health
centers, correctional sites, and a mobile site Mission
Promoting healthier communities through compassion and comprehensive health and human services, regardless of ability to pay.
4
5
Unity’s Patients• Patient population is
racially and ethnically diverse and largely minority
• Substantial health disparities and poor health outcomes exist
• Great need for accessible and comprehensive primary care services
THE INCIDENTData is like water – it always flows through the cracks
Description• A personal laptop
containing data from a nutrition and exercise program
• Student assisting in the analysis of data saved it to a flash drive.
• Loaded to a personal computer.
• Stolen from a student’s home in a burglary.
FreeDigitalPhotos.net
Description
• Type of Incident: Theft
• Location of Breach: Laptop computer - unencripted
• Approximate number of individuals affected by the breach: 305
FreeDigitalPhotos.net
THE CALLTo breach or not to breach – that is the question.
Type of PHI Involved
• Demographic information – name and DOB
• Clinical Information -diagnosis/conditions
• The data consisted of names, dates of birth, weight, body mass index, and for a limited number of participants, information regarding a history of hypertension or diabetes.
Risk Assessment
• Consulted our HIPAA auditor• Consulted our attorney• Met/discussed with our Executive
Management team• Decided to treat the incident as a
breach
THE RESPONSENever let a good crisis go to waste
Created a Team
• Appointed a breach response team– Privacy Officer– VP of Information
Systems– Legal Counsel– VP of Clinical
Administration– Deputy Chief Medical
Officer– VP of Human Resources
Gap Analysis &Corrective Action Plan
• Overall responsibility – Privacy Officer or VP of IS
• Identifies the steps that led to incident
• Captures key info surrounding the incident– Description– Issues/Gaps– Lead – Due date
Incident Response Plan
• Plan that the team creates and follows to address the incident– Investigation– Risk Assessment– Notifications –
Patients, HHS, Staff Exe Man Team, Exe. Board
– Corrective actions
EPILOGUEMilk the crisis for all it’s worth
Benefits Gained
• Blue print for responding to a breach
• Breach team• Breach management policy• Breach insurance• Retraining of staff• Heightened awareness by senior
leadership and Board
Q & AAngela Duncan Diop, ND, CHCIO
A CHIME Leadership Education and Development Forum in collaboration with iHT2
@AngelaDiop@UnityHealthCare