As we’ve seen very publicly in recent weeks with Facebook, when data leaves an organization’s controls it is challenging for that organization to have control and oversight to all uses of that data.
All covered entities, and their business associates, do hold a responsibility to follow the Minimum Necessary requirement (45 CFR 164.506) by developing policies and procedures that reasonably limit its disclosure and use of ePHI.
Hospitals and healthcare systems are beginning to adopt vendor-managed cloud-based solutions more frequently than ever before. When ePHI is transmitted to these cloud instances, the Covered Entity loses control and vision of what the data is being used for. Contractual agreements will always protect entities when the defined function or service is not preformed, but there is no way of knowing if the vendor is using the data for other functions, like attempting to build additional products or services and testing with your ePHI.
How can covered entities protect themselves to ensure they do not fall victim to this type of misuse? Attend this webinar to learn effective process and contractual strategies to best position your organization with cloud-based vendors, and even monitor the access logs and scripts these vendors run on YOUR data.
This webinar is designed for anyone responsible for protecting covered entity’s data including Information Security Officers, Information Officers, Compliance Officers, Risk Officers, Privacy Officers, and any other information security and compliance professionals.
The Learning Outcomes
Attendees will be able to:
- Understand the current liability of vendor’s misusing the data provided them.
- Review contractual constraints that can be placed on vendors with cloud-hosted solutions.
- Methods to request logs of vendor access to data in cloud.
- Identify tools to monitor vendor access to your Org’s ePHI.
Date & Time
June 7, 2018
11 am – 12:15 pm CT