We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAmy Huddle
Modified about 1 year ago
© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior, express written permission of Clearwater Compliance LLC. You may not alter or remove any copyright or other notice from copies of this content. For reprint permission and information, please direct your inquiry to email@example.com firstname.lastname@example.org
© Clearwater Compliance LLC | All Rights Reserved Legal Disclaimer 2 Legal Disclaimer. This information does not constitute legal advice and is for educational purposes only. This information is based on current federal law and subject to change based on changes in federal law or subsequent interpretative guidance. Since this information is based on federal law, it must be modified to reflect state law where that state law is more stringent than the federal law or other state law exceptions apply. This information is intended to be a general information resource regarding the matters covered, and may not be tailored to your specific circumstance. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND ADVICE PROVIDED HEREIN IN CONSULTATION WITH YOUR LEGAL OR OTHER ADVISOR, AS APPROPRIATE. The existence of a link or organizational reference in any of the following materials should not be assumed as an endorsement by Clearwater Compliance LLC.
© Clearwater Compliance LLC | All Rights Reserved Instructional Module 8: How to Create a Culture of Compliance 3
© Clearwater Compliance LLC | All Rights Reserved Module 8. Overview 4 3.Learning Objectives Addressed In This Module – Describe real breach experiences that motivate organizations – Articulate the Breach Notification process and how to operate efficiently and effectively – Develop a plan to take advantage of Breach as an opportunity to engage senior management – Learn and understand that privacy, security and compliance are, ultimately, people issues – Recognize that culture drives practice - - not tools and rules – Know that you can lead from anywhere and that only sustainable change actually transforms people and processes 1.“How to Create a Culture of Compliance” 2.Instructional Module Duration = 60 minutes
© Clearwater Compliance LLC | All Rights Reserved Policy defines an organization’s values & expected behaviors; establishes “good faith” intent People must include talented privacy & security & technical staff, engaged and supportive management and trained/aware colleagues following PnPs. Procedures or processes – documented - provide the actions required to deliver on organization’s values. Safeguards includes the various families of administrative, physical or technical security controls ( including “guards, guns, and gates”, encryption, firewalls, anti-malware, intrusion detection, incident management tools, etc.) Balanced Compliance Program Four Critical Dimensions Clearwater Compliance Compass™ 5
© Clearwater Compliance LLC | All Rights Reserved 9 Actions to Take Now 6 4.Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A)) 5.Complete a HIPAA Security Evaluation (= compliance assessment) (45 CFR § 164.308(a)(8)) 6.Complete Technical Testing of Your Environment (45 CFR § 164.308(a)(8)) 7.Implement a Strong, Proactive Business Associate / Management Program (45 CFR §164.502(e) and 45 CFR §164.308(b)) 8.Complete Privacy Rule and Breach Rule compliance assessments (45 CFR §164.530 and 45 CFR §164.400) 9.Document and act upon a remediation plan 1.Set Privacy and Security Risk Management & Governance Program in place (45 CFR § 164.308(a)(1)) 2.Develop & Implement comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530 and 45 CFR §164.316) 3.Train all Members of Your Workforce (45 CFR §164.530(b) and 45 CFR §164.308(a)(5)) Demonstrate Good Faith Effort!
© Clearwater Compliance LLC | All Rights Reserved How to Build a Culture of Compliance 7
© Clearwater Compliance LLC | All Rights Reserved What is a Culture of Compliance? 8 The backdrop, the standard, the expectation ‘Guardrails’ placed by society, employers, peers.
© Clearwater Compliance LLC | All Rights Reserved Where does it come from? 9 From the top down – It is learned – Applies to everyone – Consistently – Enforced by ALL – Real sanctions And the bottom up – If you are doing it right
© Clearwater Compliance LLC | All Rights Reserved Why A Culture of Compliance? Anyone can make something happen... But you have to keep it happening. This is how sustainable change happens – Personally – Organizationally No one can do it alone – Every member of your work force has to a Privacy and Security Officer 10
© Clearwater Compliance LLC | All Rights Reserved Good Culture is Good Business 11 Breaches cost money – Total net cost of 10,000 records lost w/breach insurance at 80% of direct costs = $1,560,000 1 Loss of Reputation Loss of Patients Loss of Quality of Care Building culture – Requires consistency – “Is like a Chinese water torture” Asking Questions/Making Suggestions There is a return on Investment for good privacy and security 1 American National Standards Institute: “The Financial Management of Cyber Risk”
© Clearwater Compliance LLC | All Rights Reserved Then and Now David’s world Pre-HIPAA (Privacy issued pre- compliance; Security no published No burning platform Little awareness of Privacy and Security issues, concerns Senior leadership: Not our problem Under staffed, under budgeted The old healthcare paradigm Meredith’s world Post-HIPAA, Post Omnibus Enforcement, fines, media attention Everyone knows what can happen Senior leadership: I’ll hire someone to take care of it Under staffed, under budgeted Drastic changes in care delivery models and reimbursement Incredible new pressures on providers 12
© Clearwater Compliance LLC | All Rights Reserved And what hasn’t changed This is a people issue... Not technological This is about behaviors and habits... Not rules This is about understanding what you can and can’t do and how to do it... Not keeping people from doing what they need to do This is, ultimately about taking care of people (patients, staff, workforce, physicians/caregivers) 13
© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United.
© Clearwater Compliance LLC | All Rights Reserved Copyright Notice Copyright Notice. All materials contained within this document are protected by United.
HIPAA PRIVACY AND SECURITY AWARENESS. Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in.
V. 05/15/ Welcome to HIPAA What is HIPAA? HIPAA is the Healthcare Insurance Portability and Accountability Act. HIPAA is federal law managed and.
What do you need to know?. DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments.
1 PARCC Data Privacy & Security Policy December 2013.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Red Flag Rules: What they are? & What you need to do Employee Training for Identity Theft : “RED FLAG RULES” February 2010.
HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance.
Privacy Act United States Army (Managerial Training)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Steps to Compliance: Risk Assessment PRESENTED BY.
Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Informed Consent and HIPAA Tim Noe Coordinating Center.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
1 Minimum Necessary Standard Version 1.0 HIPAA Collaborative of Wisconsin HIPAA COW.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Important Information for financial professionals By using this communication you agree to the following: This communication is provided to you by Principal.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Information Security Policies and Standards Bryan McLaughlin Information Security Officer Creighton University
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
Introduction PHI Rights Protecting PHI Investigating & Reporting HIPAA Training Shelly Vrsek Director of Quality Privacy Officer.
© 2017 SlidePlayer.com Inc. All rights reserved.