FairWarning Executive Series Webinar
Data Protection & Compliance in Your EMR: Cerner
In this webinar, NCH reveals the single largest challenge the NCH team has faced in developing their current information security program—along with some tips for getting executive buy-in for data security initiatives.
Naples Community Hospital is just one of the more than 25,000 healthcare facilities that rely upon Cerner for managing patient data. NCH Healthcare System is comprised of two hospitals and an alliance of more than 700 independent physicians and medical facilities. NCH utilizes 440 servers, hosted at both the Cerner data center and NCH’s data center.
“We protect our confidential data because that is the right thing to do for our patients, our employees, and our organization.” That mindset, according to Andrew Cooper, NCH Director of Information Security Assurance, is NCH’s foundational motivation for protecting data—not the OCR. The NCH team has taken some interesting and unique actions in living up to that principle and assuring the protection of their data.
In this webinar, for example, Andrew reveals why NCH stopped outsourcing risk assessments and trained internal staff to do the job instead. And since defending against ever-evolving threats requires a structured approach, NCH has developed an Incident Response & Disaster Recovery Framework, which Andrew describes in detail. The team constantly tweaks this Framework to improve its efficiency and effectiveness.
Andrew discusses the 5-part plan that NCH used to develop their current state-of-the-art Information Security Program. This plan would be adaptable for any healthcare organization looking to improve data security. And recently, Andrew’s team has focused strongly on leveraging FairWarning. Frequently scheduled staff training is used to assure that all pertinent employees are competent and proficient in maximizing FairWarning’s Patient Privacy Intelligence capabilities.
Andrew also reveals the single largest challenge the NCH team has faced in developing their current information security program—along with some tips for getting executive buy-in for data security initiatives.
Meeting areas of enforcement (such as providing required incident notifications)
Actionable & demonstrable compliance (how you can prove compliance)
The most common FairWarning reports used in Cerner environments
Chuck also provides a recap of 2016 OCR enforcement activity (It was a record-breaking year!), and discusses the bulletins published by OCR in 2016.
Andrew Cooper, CISSP, CHP, CSCS
Director of Information Security Assurance
NCH Healthcare System
Chief Information Security Officer & Director of Managed Privacy Services