Upload
vubao
View
213
Download
0
Embed Size (px)
Citation preview
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial Overview of
FairWarning® for IAMCustomer-Only Webinar
April 3, 2014
2014 © FairWarning, Inc. – Private & Confidential
Watch Replay
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Today’s Panel
Kurt Long
• FairWarning® Founder and CEO
• Office: (727)576-6700 Ext. 101
Chris Arnold
• FairWarning® VP of Product Management
• Office: (727) 576-6700 Ext. 118
Mike Lyons
• Director of Product Development
• Office: (727)576-6700 Ext. 160
Mike Nessen
• Customer Community Manager
• Office: (727)576-6700 Ext. 133
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Agenda
• Business Problem
• Building on your FairWarning® Investment
• FairWarning® for IAM
• Unique Solution Benefits
• Packaging & Pricing
• What’s Next
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
IAM in Healthcare
Who and where are your users?
What can they do?
What do they do?
Compliance and Info Security Risk
CERNER
MEDITECH
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
§164.312(a)(1): Access Control
HIPAASection
Established Performance Criteria Key Activity Audit Procedures
§164.312
§164.312(a)(1): Access Control - Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4).
Identify Technical Access Control Capabilities
Inquire of management as to how technical access control capabilities are defined. Obtain and review evidence to determine whether and how technical access capabilities are defined for in-scope systems. Obtain and review screenshots from in-scope systems to determine whether technical access capabilities are defined, i.e., read-only, modify, full-access.
§164.312
§164.312(a)(2)(i): Access Control - Assign a unique name and/or number for identifying and tracking user identity.Ensure that system activity can be traced to a specific user.Ensure that the necessary data is available in the system logs to support audit and other related business functions.
Ensure that All System Users Have Been Assigned a Unique Identifier
Inquire of management as to how users are assigned unique user IDs. Obtain and review policies and/or procedures and evaluate the content in relation to the specified criteria to determine how user IDs are to be established and assigned and evaluate the content in relation to the specified criteria. Obtain and review user access lists for each in-scope application to determine if users are assigned a unique ID and evaluate the content in relation to the specified criteria for attributing IDs. For selected days, obtain and review user access logs to determine if user activity is tracked and reviewed on a periodic basis and evaluate the content of the logs in relation to the specified criteria for access reviews.
§164.312
§164.312(a)(1): Access Control - Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4).
Review and Update User Access
Inquire of management as to whether user access to systems and applications is reviewed on a periodic basis. Obtain and review policies and/or procedures to determine whether formal procedures are in place over the review of user access that address the recommended performance criteria, such as enforcing the policies and procedures as a matter of ongoing operations; determining whether changes are needed based on periodic reviews; and establishing and updating access. Obtain and review documentation to determine whether reviews have been performed over user access and evaluate the content in relation to the specified criteria for reviews.
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Typical IAM/IdM Proposal
$5 Million
3 Years
Consulting & Planning
Software or SaaS
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
FairWarning® for IAM Goals
• Dramatically reduce cost of compliance
• Leverage FairWarning® investment
• Improve quality using actual access logs
• Complement existing provisioning workflow processes
• Accelerate & improve IAM vendor solutions
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
CERNER
MEDITECH
Building on Your FairWarning® Investment
Application 1 Audit Log
Application N Audit Log
FairWarning® Patient Privacy Monitoring
FairWarning® for Identity Access Management
1 … through 250+
Private Service Cloud
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Discover, Correlate, Cleanse, and Centralize Identities
Active Directory EHR Audit Logs Lawson
1. Discover identities from data already going into FairWarning®
2. Correlate Identity’s based on your existing provisioning rules
3. Cleanse names based on rules of where the best data exists in your current systems
4. Centralize Identity
DN=William Doe, dc=acme, dc=comEmail: [email protected]
User ID = wd7323Title = Doctor
Login=BdoeEmployeeId = 1234
Centralized Identity: William Doe
Email: [email protected]
Title: Doctor
EmployeeId = 1234
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Automate HIPAA Access Control Review
Fill gaps in existing HIPAA Access Control Processes
Examples• Access after Termination Date
• Discovery of unknown users
• Discovery of orphaned accounts
Discover Identities
Correlate Identities
Cleanse Identities
Centralize Identities
Audit Identity
Processes
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Complement & Accelerate IAM through FairWarning® Ready for Identity
FairWarning® Ready for Identity Cooperation between patient privacy monitoring and identity management
Creates Identity Intelligence for patient privacy monitoring across an enterprise
Increased ROI in both products through shared Centralized Identity Repository
Nominate your IAM Vendors Operates similar to FairWarning® Ready for Security and HealthCare Applications
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Summary of FairWarning® for IAM
• Discover Identities
• Correlate and Cleanse Identities
• Centralize Identities
• Automate HIPAA Access Control Review
• Ongoing HIPAA Access Control Review
• Complement & Accelerate IAM
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Unique Solution Benefits
• Discover and build identities from authoritative user sources and access logs
• Analyze roles, permissions, and actual use based on activity in the access logs
• Reduce time and expense by leveraging FairWarning®
• Fill gaps in existing HIPAA Access Control processes
• Accelerate & improve IAM projects
• Patent-pending solution
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Packaging & Pricing
Base FairWarning® License• Strengthened analytics• Strengthened Filtering• Delegated Incident Review
Full FairWarning® for IAM License• Automate Access Control Review• Roles Analysis & Export to IAM
The information in this presentation is confidential and proprietary to FairWarning and may not be disclosed without the permission of FairWarning. This presentation is not subject to your license agreement or any other service or subscription agreement with FairWarning. FairWarning has no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation and FairWarning’s strategy and possible future developments, products and or platforms directions and functionality are all subject to change and may be changed by FairWarning at any time for any reason without notice. The information in this document is not a commitment, promise or legal obligation to deliver any material, code or functionality.
SECOND HALF 2014
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
What’s Next
• In Production Now at Major Beta Site
•Accepting 5 more Beta Sites
•General Availability as early as August 1
•What Else You Can Do
20
14
© F
airW
arn
ing,
Inc.
–P
riva
te &
Co
nfi
den
tial
Questions?
Please submit via the Webex Q&A or Chat windows to the right side of your screen