We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAmy Huddle
Modified about 1 year ago
© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior, express written permission of Clearwater Compliance LLC. You may not alter or remove any copyright or other notice from copies of this content. For reprint permission and information, please direct your inquiry to
© Clearwater Compliance LLC | All Rights Reserved Legal Disclaimer 2 Legal Disclaimer. This information does not constitute legal advice and is for educational purposes only. This information is based on current federal law and subject to change based on changes in federal law or subsequent interpretative guidance. Since this information is based on federal law, it must be modified to reflect state law where that state law is more stringent than the federal law or other state law exceptions apply. This information is intended to be a general information resource regarding the matters covered, and may not be tailored to your specific circumstance. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND ADVICE PROVIDED HEREIN IN CONSULTATION WITH YOUR LEGAL OR OTHER ADVISOR, AS APPROPRIATE. The existence of a link or organizational reference in any of the following materials should not be assumed as an endorsement by Clearwater Compliance LLC.
© Clearwater Compliance LLC | All Rights Reserved Instructional Module 8: How to Create a Culture of Compliance 3
© Clearwater Compliance LLC | All Rights Reserved Module 8. Overview 4 3.Learning Objectives Addressed In This Module – Describe real breach experiences that motivate organizations – Articulate the Breach Notification process and how to operate efficiently and effectively – Develop a plan to take advantage of Breach as an opportunity to engage senior management – Learn and understand that privacy, security and compliance are, ultimately, people issues – Recognize that culture drives practice - - not tools and rules – Know that you can lead from anywhere and that only sustainable change actually transforms people and processes 1.“How to Create a Culture of Compliance” 2.Instructional Module Duration = 60 minutes
© Clearwater Compliance LLC | All Rights Reserved Policy defines an organization’s values & expected behaviors; establishes “good faith” intent People must include talented privacy & security & technical staff, engaged and supportive management and trained/aware colleagues following PnPs. Procedures or processes – documented - provide the actions required to deliver on organization’s values. Safeguards includes the various families of administrative, physical or technical security controls ( including “guards, guns, and gates”, encryption, firewalls, anti-malware, intrusion detection, incident management tools, etc.) Balanced Compliance Program Four Critical Dimensions Clearwater Compliance Compass™ 5
© Clearwater Compliance LLC | All Rights Reserved 9 Actions to Take Now 6 4.Complete a HIPAA Security Risk Analysis (45 CFR § (a)(1)(ii)(A)) 5.Complete a HIPAA Security Evaluation (= compliance assessment) (45 CFR § (a)(8)) 6.Complete Technical Testing of Your Environment (45 CFR § (a)(8)) 7.Implement a Strong, Proactive Business Associate / Management Program (45 CFR § (e) and 45 CFR § (b)) 8.Complete Privacy Rule and Breach Rule compliance assessments (45 CFR § and 45 CFR § ) 9.Document and act upon a remediation plan 1.Set Privacy and Security Risk Management & Governance Program in place (45 CFR § (a)(1)) 2.Develop & Implement comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR § and 45 CFR § ) 3.Train all Members of Your Workforce (45 CFR § (b) and 45 CFR § (a)(5)) Demonstrate Good Faith Effort!
© Clearwater Compliance LLC | All Rights Reserved How to Build a Culture of Compliance 7
© Clearwater Compliance LLC | All Rights Reserved What is a Culture of Compliance? 8 The backdrop, the standard, the expectation ‘Guardrails’ placed by society, employers, peers.
© Clearwater Compliance LLC | All Rights Reserved Where does it come from? 9 From the top down – It is learned – Applies to everyone – Consistently – Enforced by ALL – Real sanctions And the bottom up – If you are doing it right
© Clearwater Compliance LLC | All Rights Reserved Why A Culture of Compliance? Anyone can make something happen... But you have to keep it happening. This is how sustainable change happens – Personally – Organizationally No one can do it alone – Every member of your work force has to a Privacy and Security Officer 10
© Clearwater Compliance LLC | All Rights Reserved Good Culture is Good Business 11 Breaches cost money – Total net cost of 10,000 records lost w/breach insurance at 80% of direct costs = $1,560,000 1 Loss of Reputation Loss of Patients Loss of Quality of Care Building culture – Requires consistency – “Is like a Chinese water torture” Asking Questions/Making Suggestions There is a return on Investment for good privacy and security 1 American National Standards Institute: “The Financial Management of Cyber Risk”
© Clearwater Compliance LLC | All Rights Reserved Then and Now David’s world Pre-HIPAA (Privacy issued pre- compliance; Security no published No burning platform Little awareness of Privacy and Security issues, concerns Senior leadership: Not our problem Under staffed, under budgeted The old healthcare paradigm Meredith’s world Post-HIPAA, Post Omnibus Enforcement, fines, media attention Everyone knows what can happen Senior leadership: I’ll hire someone to take care of it Under staffed, under budgeted Drastic changes in care delivery models and reimbursement Incredible new pressures on providers 12
© Clearwater Compliance LLC | All Rights Reserved And what hasn’t changed This is a people issue... Not technological This is about behaviors and habits... Not rules This is about understanding what you can and can’t do and how to do it... Not keeping people from doing what they need to do This is, ultimately about taking care of people (patients, staff, workforce, physicians/caregivers) 13
Copyright Davis Wright Tremaine LLP - Jan Working with the HIPAA Privacy Manual and Forms --- HIPAA Summit West II Clark Stanton & Tom Jeffry Davis.
1 Gramm-Leach-Bliley Act (GLBA) Implementation of the Safeguards Rule Information Security Program University of Minnesota (Adapted from the Federal Trade.
Privacy and Security: Creating a Culture of Compliance from Purchase to Production Catherine Gorman Klug RN, MSN Corporate Director Privacy and Data Security.
© 2005, EDUCAUSE/Internet2 Computer and Network Security Task Force Information Security Governance: The Buck Stops Where? Mark Luker Vice President, EDUCAUSE.
Internal Controls 101 and ARMICS An Auditor’s Perspective Deane Hennett Director of Internal Audit, Old Dominion University.
PLANNING THE AUDIT Individual audits must be properly planned to ensure: Appropriate and sufficient evidence is obtained to support the auditors opinion;
NEBOSH International General Certificate Resource Pack Ian Harries CMIOSH © 2013 Ian Harries. All rights reserved. No part of this material may be reprinted.
1 Minimum Necessary Standard Version 1.0 HIPAA Collaborative of Wisconsin HIPAA COW.
HIPAA Training: Ensuring Privacy for our Patients Privacy Training for Harvard Medical Students.
Challenges of Recent Legislation and the Need for IT Policy Jacqueline Craig University of California Office of the President Secure IT 2004 April 28,
Protecting Patient Privacy: HIPAA Guidelines for Health Care Providers.
©2001 Computer Sciences Corporation Advanced Issues in HIPAA Privacy Michael Calhoun Principal, Healthcare Consulting One Embarcadero, Suite 2800 San Francisco,
HIPAAsensitivity: Moving Towards a HIPAAculture DArcy Guerin Gue Executive Vice President Phoenix Health Systems.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Competence is the demonstrated ability to apply knowledge and/or skills and, where relevant, personal attributes. A certification scheme contains.
Developing and Using Institutional Plans. Christopher D. Lambert Associate Director of Commission Relations ACCSCT.
Implementing and Enforcing the HIPAA Security Rule John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions,
HIPAAs Security Regulations John Parmigiani National Practice Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Copyright Melissa Guenther, LLC. All rights reserved. Creating a Zero Incident Culture.
Role of Senior Management EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
1 HIPAA Privacy Standards Health Insurance Portability and Accountability Act – HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003.
NAHU Ethics In Business. Good Ethics is Good Business Why? Maybe its because the insurance industry is so highly regulated. Maybe its because NAHU makes.
2011 Health Insurance Portability and Accountability Act (HIPAA) Volunteer Training 2011 Privacy & Security Protection of Public Health Patients Information.
Sterling High School Mission Statement At Sterling High School we expect each student to achieve his or her individual potential. A healthy.
IP Audit "We're in an object-oriented, outsourced, and open-sourced world, and organizations are anxious to take steps to ensure that the software they.
Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 14-1 MANAGING INFORMATION TECHNOLOGY 7 th EDITION CHAPTER 14 INFORMATION SECURITY.
Anita M. Baker, Ed.D. Building Evaluation Capacity Presentation Slides for Participatory Evaluation Essentials: An Updated Guide for Non-Profit Organizations.
How to Create an IT Security Program Tracy Mitrano Steve Schuster R. David Vernon Copyright Tracy Mitrano, Steven Schuster and David Vernon, This.
Risk Management Objective 3: Explain legal issues and legal terminology. Injury is damage to the body that restricts activity and/or causes disability.
© 2016 SlidePlayer.com Inc. All rights reserved.