Data Cycle Security and Management – Linda White

Date: 11-2-2021 • Runtime: 13:37

With digitized test results and online vaccine status recordkeeping and tracking, your employees’ critical health data has never been so vulnerable. Is your employees’ health data safe and securely handled? Find out more info on this topic.

[00:00] – Holly Foxworth

Welcome back again. Here we are. I think we’re now at five of eight of the individual sessions within our Fast Track to OSHA COVID Compliance Virtual Summit this morning. For those that may be new or just joining us, my name is Holly Foxworth. I’m a registered nurse. I am the webinar host, and then I’m also the marketing manager of content here at Axiom Medical. We, of course, are thrilled to have you and excited to be able to bring you such a dynamic day of a wide range of topics and also from the industry experts that have been able to provide some really good tips and insight into what’s quickly on the horizon specific to the ocean mandates that are quickly approaching. So to this point, I think that we completed the other four. We started out with a keynote address with the assistant Secretary for Labor with OSHA. That was Doctor David Michaels. We then went to the HR and Legal Implications with Chief Legal and HR Officer Chuck Kable. Next, we visited the ESG, and that was from our Axiom President and CEO Mark Robinson. We just wrapped up the preparing for unannounced OSHA inspections, and that was HSC Area Manager Connor Trotter. And now we have arrived at the data cycle, security and management, and that’s going to be with Linda White.

So before we get started, before I turn it over to Linda, just a reminder again, if you are to encounter any type of technical issue, you’re welcome to use one of the boxes that have a question mark. It should be at the bottom of your screen. So if you have any issues, you’re welcome to chat back and forth with our team that’s there, they can assist you there. We do have a change that’s from our kind of straight from our norm with the webinars that we usually do. The Q & A portion will actually be conducted through the breakout room. So whenever you’re looking there at your console on your screen on the top right-hand side corner, that’s where you’ll see. It should have a label at the top that says “Breakout Room”. You’re welcome to join at any time. You just press the button to join, there are Axiom representatives in there throughout the event. So you’re welcome to engage with them. But after our presenter completes their content, then they will actually be joining that as well. So you can speak face to face live with Linda, and I’m sure that she’ll be able to answer any of your questions that you may come across. The last thing I’ll mention is how does that you get to the next session, which would be the number six. So if you have not already registered, it’s not a problem. And I’ll remind you one time before we wrap up at the end of the session before you closeout, there’ll be a prompt, a box that comes up and that will be how you can get registered for the next session, you just press the “Register Now” button and that will generate your access link. And then we would see you there. So I think that wraps up everything I need to share. Linda, I’ll go ahead and turn it over to you and listen to everything we need to know with Data Security Management.

[03:20] – Linda White

All right, thank you, Holly. Can you hear me?

[03:23] – Holly Foxworth

Yes, I can hear you.

[03:25] – Linda White

Thank you, Holly. Happy to be here and talk about the data cycle and security and management. I have been at Axiom now for almost a year and a half and have been involved in IT or security for over 25 years, a broad range of experiences with different companies. I love it because it’s just ever-changing, not to mention OSHA. So we’ll go ahead and get started. The goal of this brief talk is I hope that it empowers each one of you to know a little bit more about your data and to prompt some thoughts and about your own situation. I know that Chuck has already talked a lot about ADA and data security or the electronic records or he has in passed in regards to the ADA. I’m no expert on ADA, but I will say that with the vaccine mandate from what I have read, it is possible for a disability information to occur when you’re addressing those employees. So if you err on the side of conservativism, you could consider those records confidential and we’ll talk about that more in just a minute.

[04:53] – Linda White

So here we go with the data lifecycle. You are going to see the data lifecycle diagram here. There are multiple versions of this. This is the one that I think makes the most sense on a basic level. So we’re going to talk about each stage and just go through the entire cycle. And first of all. Let me talk about regardless of any kind of regulatory requirements or whatever state that you’re in. It’s very important for everyone and every entity to understand their data, what they have, where it is, how it’s used and where it’s located. So we’ll just go ahead and start. So the first step is or the first stage is creator needs to understand if you are creating new data, or are you acquiring data from a third party or from some external resources, know where your data is coming from, how it’s being used, why you are collecting that data. Once you know what data you have, go to the next stage, which is store and secure, you need to have a good understanding of where your data is being stored and how it’s being secured. So most likely today it’s being stored somewhere in some type of cloud environment. Or it may be a hybrid cloud environment. You need to understand every single location where your data is being stored and that includes primary, secondary, and backup instances of that data. Next, you need to know how is it being secured? What type of encryption technologies are being used to store the data. What about the encryption keys, etc? Once you go from phase two, you go over to the use or process and share. So now you have your data, you know where it’s being stored. Now, how is it being used and who is it being shared with, or is it being shared not just with an individual, but with other systems? Where is all that data going in between different systems? You want to be sure it’s used in the manner that it’s supposed to be used in.

[07:11] – Linda White

Then we go to the next stage, which is the archive stage. You need to understand if your data needs to be archived for legal purposes for a certain amount of time. If it does need to be archived prior to disposal, what are the requirements for that? And where do those locations exist? Then the last stage is pretty self-explanatory, disposal. When you dispose of your data or it’s time to dispose of that data, is it being disposed of in all instances? Because remember, our digital footprint is large these days. We’re undergoing a data transformation and it’s exploding exponentially. You need to be sure it is disposable. How can you be sure it’s disposed of? What type of assurance will you get from your cloud provider or from your service provider, that it really has been disposed of? Be sure that you have all of your appropriate legal agreements or any other type of agreement in place as you see fit for your organization. So that’s pretty much the data cycle. We’ll go to the next one, which is record-keeping best practices, which I’m going to go back to the data life cycle. You need to understand all those aspects of your data in order to keep your record-keeping sound.

And I’m going to move on to the next one. SOC 2 Compliance. As many of you know, SOC 2 has been around for a while. It’s changed over the past decade or two decades, actually. So what it means is in regards to the new gold standard, Axiom now has achieved a SOC 2 attestation from a third-party auditor that will be available later this month or early next month. And so let’s talk about what SOC 2 means. SOC 2 is something that you would want to see from any type of service provider that you have. What it means is that that service provider has achieved assurance with specific trust principles. There are five trust principles. Axiom Medical has achieved compliance with the two trust principles of security and confidentiality. So we’re very excited about this. This will assure to our customers that we take security very seriously and we have processes and procedures in place that are enforced so that we can scale this up and grow in this effort.

[10:22] – Linda White

And I went through this very quickly. I could have said a lot more. So just keep in mind, just know your data it’s very overwhelming and very difficult sometimes to know where your data is, how it’s being used, how it’s being aggregated, anonymized so forth, and so on. So I’m happy to address any questions in the break room and thank you.

[10:51] – Holly Foxworth

Love it. Thank you, Linda. Excellent job. Obviously, you always have so much great information, especially when it comes to all things IT Security. I know that’s something that always weighs on all of our minds consistently, and it’s dominated a lot of headlines lately. So I value you and your profession is so admirable, and we appreciate the insight that you’re able to share with us on this. As Linda mentioned, what you would need to do to participate in the question and answer session is going to the breakout room, and that’s located right there at the top of your screen. On the right-hand side, you would merely click on the “Join” button and that will get you admitted. And we have both Axiom representatives, and we would also have Linda there as our speaker to take your questions and also kind of provide some best practice tips in terms of IT data security. So I will mention one more time that if you have not already registered for the next session, that’s coming up and that is going to be with the dynamic duo Chief Medical Officer Doctor Scott Cherry and Chief Marketing Officer Dara Wheeler. They’re going to talk about total worker health in the new modern world. I don’t want to give too much away but I will say that this has been a big year for employers, for health and the way that we manage things. I think that we found ourselves in somewhat of a compromising position in what we thought as employers, we should be monitoring for employee health versus what we needed to be looking at, especially during epidemics. So they have some great information. You don’t want to miss their individual session. So if you haven’t already registered, once that comes up, you’ll just press the button and it’ll get you the link and we will see you there. So thank you again and see you in a few.