Presentation is loading. Please wait.

Presentation is loading. Please wait.

Culture of Compliance HIPAA Privacy & Security Compliance Office.

Similar presentations

Presentation on theme: "Culture of Compliance HIPAA Privacy & Security Compliance Office."— Presentation transcript:

1 Culture of Compliance HIPAA Privacy & Security Compliance Office

2 OCR Calls for a “Culture of Compliance” OCR is aggressively enforcing the HIPAA Privacy and Security Rules Covered Entities and Business Associates should have robust HIPAA Privacy and Security compliance programs 2

3 OCR Calls for a “Culture of Compliance” A robust compliance program includes: Employee training Vigilant implementation of policies and procedures Regular audits Prompt Action Plan to respond to incidents 3

4 Program Goals Outline Organization’s responsibilities under the Privacy and Security Rules Identified IU HIPAA Affected Areas IU HIPAA Privacy and Security Compliance Plan Provide strategies to build and maintain a culture of compliance Leadership – Set an Example Ongoing awareness 4

5 Program Goals Motivation for complying with the regulations? Just doing the “Right Thing” Leadership acts as a model that doing the “Right Thing” is the expected Out of fear of getting caught (hopefully not) Gauging Success Responding to incidents Awareness of responsibilities Questions related to HIPAA 5

6 Program Goals Be Proactive and not reactive Auditing and monitoring Education Mitigate the risks Not punitive * We would rather find areas we need to address before there is an incident or before an outside Agency identifies a problem 6

7 Current Policies – University Level Breach Notification  Information and Information System Incident Reporting, Management and Breach Notification  ISPP-26 Privacy Complaints  ISPP-27 7

8 IU Guidance Materials & Resources HIPAA Website Encryption Tools Reporting Suspected Sensitive Data Exposures data Reporting Security Incidents 8

9 IU Guidance Materials & Resources Mobile Device Security Handheld Device Security d Laptop Security “How can I protect data on my mobile device” 9

10 Drafting Policies – HIPAA Specific Minimum Necessary Fundraising Authorizations Individuals’ Rights De-identified Data & Limited Data Sets HIPAA Security Risk Management Disposition of Electronic Media Backup and Recovery Encryption 10

11 Interim HIPAA Officers Leslie J. Pfeffer, BS, CHP Interim University HIPAA Privacy Officer Privacy Officer – IUSM (317) 278-4521 Eric W. Schmidt, CISSP, CISM Interim University HIPAA Security Officer Chief Security Officer - IUSM (317) 278-8751 11

Download ppt "Culture of Compliance HIPAA Privacy & Security Compliance Office."

Similar presentations

Ads by Google