Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strategic Approaches to HIPAA Access & Audit HIPAA Summit West II March 15, 2002 San Francisco, CA Mariann Yeager 561.234.9876 tel 561.913.1588 cel

Published byMaude Park Modified over 8 years ago

Similar presentations

Presentation on theme: "Strategic Approaches to HIPAA Access & Audit HIPAA Summit West II March 15, 2002 San Francisco, CA Mariann Yeager 561.234.9876 tel 561.913.1588 cel"— Presentation transcript:

1 Strategic Approaches to HIPAA Access & Audit HIPAA Summit West II March 15, 2002 San Francisco, CA Mariann Yeager 561.234.9876 tel 561.913.1588 cel myeager@emersonsg.com www.emersonsg.com

2 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 2 HIPAA Expertise Industry Leader National speaker Technology & HIPAA Background

3 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 3 Agenda Role of technology Access & Audit Implementation considerations Practical, Vendor & Standards Case Study Discussion

4 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved Strategic Benefit Technical Access Audit Administrative Policies & Procedures Training Efficiencies – automation, cost savings Trust – consumers, partners Privacy & SecurityStrategic Benefit

5 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 5 Intersection of Security & Privacy Role of Technology Access Minimum Necessary Access Controls – Need-to-know Audit Accounting of Disclosures Audit Controls WEDI SNIP Security & Privacy White Paper: http://snip.wedi.org

6 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 6 Implementation Decisions Access Reinforce with technology Mitigate risk Audit Usage, detail, storage Separate vs. centralized

7 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 7 Implementation Considerations Practical Infrastructure: Enterprise-wide Disparate systems Data: Amount & type Link users to patient Compliance: Ease of use Universal

8 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 8 Implementation Considerations Vendors Multiple approaches? Separate systems? Core competency? Ability to meet needs? You are still accountable

9 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved Infrastructure: Context Management - CCOW National Health Information Infrastructure Others – Process & Policies: Accreditation programs Best practices ASTM NIST Implementation Considerations Standards

10 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved Context Management Industry Standard Architecture The Role of CCOW Result: Streamlined use of applications Uptake Accepted standard Healthcare-specific

11 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved CCOW Architecture

12 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 12 HIPAA Case Study

13 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 13 The Environment Largest hospital in Maine: 606-bed tertiary care and teaching hospital 30,000 inpatient stays 140,000 outpatient visits 22,000 surgeries 3,200 users, 2,100 desktops, 660 systems Major systems: Medical records –100% electronic/imaged PACS and departmental CCOW Architecture

14 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 14 The Philosophy Broad approach Reasonable Leverage technology Existing investments Keep it simple Seek synergies Support vision

15 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 15 The Vision “… CPR is not a single system. It is several systems seamlessly integrated in the eyes of the user, so that it appears to be one system.” – Jerry Edson, CIO HIPAA Vision Process Systematic Enterprise-wide Leverage for greater good

16 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 16 The Approach Centralized oversight Gap analysis: IT Dept. Compliance office HIPAA IT team: Lead Analyst Two Technical Analysts Compliance Analyst

17 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 17 The Need: Access & Audit Strategy: Address access & audit Reasonable approach Requirements: Enterprise-wide Meaningful data Flexible reporting Drivers: Mitigate risk Focus on highest priority

18 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 18 Implementation Considerations Vendor: Multiple approaches? Separate systems? Core competency? Ability to meet needs? We are still accountable Practical: Infrastructure Compliance Data Standards-based

19 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 19 The Solution Vergence Privacy Auditor Sentillion: Standards-based Enterprise-wide Vendor-neutral Supports vision of integrated desktop: Single implementation Centralized management User-friendly / Vendor-friendly Flexible reports

20 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 20 Vergence Privacy Auditor

21 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 21 The Rationale Fundamental HIPAA requirement Mitigates high risk Simplifies analysis, implementation Minimizes development Supports IT vision

22 Copyright © 2001, 2002. Emerson Strategic Group, Inc. All Rights Reserved 22 The Results Cost-effective Reasonable approach Single, centralized solution Rapidly deployed Flexible

23 Strategic Approaches to HIPAA Access & Audit Discussion Mariann Yeager 561.913.1588 cel myeager@emersonsg.com www.emersonsg.com

Download ppt "Strategic Approaches to HIPAA Access & Audit HIPAA Summit West II March 15, 2002 San Francisco, CA Mariann Yeager 561.234.9876 tel 561.913.1588 cel"

Similar presentations

HIPAA and Joint Commission Requirements Compared and Contrasted

HIPAA and Joint Commission Requirements Compared and Contrasted
Managing Wireless Medical Device Security Challenges in Today's Enterprise HealthCare Neil Buckley AMA-IEEE Conference March 22, 2010.

Managing Wireless Medical Device Security Challenges in Today's Enterprise HealthCare Neil Buckley AMA-IEEE Conference March 22, 2010.
The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.

The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Effective Integration of HIPAA Information Security with Privacy Compliance Richard B. Boyer, Privacy Officer Jody S. Hawkins, Information Security Officer.

Effective Integration of HIPAA Information Security with Privacy Compliance Richard B. Boyer, Privacy Officer Jody S. Hawkins, Information Security Officer.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Enterprise and Global Management of e-Business Technology

Enterprise and Global Management of e-Business Technology
Regents Update New Business Architecture Project 2010 Jan00 meeting notes.doc March 17, 2004 Accelerating the New Business Architecture An Update for the.

Regents Update New Business Architecture Project 2010 Jan00 meeting notes.doc March 17, 2004 Accelerating the New Business Architecture An Update for the.
UC San Diego EH&S Staff Meeting Project 2010 Jan00 meeting notes.doc May 5, 2004 Update on the New Business Architecture EH&S Staff Meeting.

UC San Diego EH&S Staff Meeting Project 2010 Jan00 meeting notes.doc May 5, 2004 Update on the New Business Architecture EH&S Staff Meeting.
Chapter 12 Strategies for Managing the Technology Infrastructure.

Chapter 12 Strategies for Managing the Technology Infrastructure.
University of California New Business Architecture Project 2010 Jan00 meeting notes.doc April 15, 2004 Accelerating the New Business Architecture UC Employment.

University of California New Business Architecture Project 2010 Jan00 meeting notes.doc April 15, 2004 Accelerating the New Business Architecture UC Employment.
Wireless Directions University of California, Davis Wireless Technology Team February, 2001.

Wireless Directions University of California, Davis Wireless Technology Team February, 2001.
July 8-9, 2014 | Ronald Reagan Building | Washington, DC Federal Cloud Computing Summit Dr. Barry C. West Cloud Tools and Integration.

July 8-9, 2014 | Ronald Reagan Building | Washington, DC Federal Cloud Computing Summit Dr. Barry C. West Cloud Tools and Integration.
Enabling a Medical Home With a Patient Communication Strategy Jeanette Christopher Northwest Primary Care Group, P.C.

Enabling a Medical Home With a Patient Communication Strategy Jeanette Christopher Northwest Primary Care Group, P.C.
August 22, 2002 THE HIPAA COLLOQUIUM at Harvard University A. John Blair, III, MD Chairman and Chief Executive Officer Taconic IPA, Inc. Fishkill, NY HIPAA.

August 22, 2002 THE HIPAA COLLOQUIUM at Harvard University A. John Blair, III, MD Chairman and Chief Executive Officer Taconic IPA, Inc. Fishkill, NY HIPAA.
The future shape of business is being redefined through outsourcing.

The future shape of business is being redefined through outsourcing.
Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.
Business Intelligence Case Study Sean Downer, Manager Decision Support Royal Children’s Hospital Melbourne.

Business Intelligence Case Study Sean Downer, Manager Decision Support Royal Children’s Hospital Melbourne.

Similar presentations

Ads by Google