Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2002 First Consulting Group F I R S T C O N S U L T I N G G R O U P Security HIPAA Tool Training.

Similar presentations


Presentation on theme: "©2002 First Consulting Group F I R S T C O N S U L T I N G G R O U P Security HIPAA Tool Training."— Presentation transcript:

1 ©2002 First Consulting Group F I R S T C O N S U L T I N G G R O U P Security HIPAA Tool Training

2 ©2002 First Consulting Group 2 Agenda  Objectives  HIPAA Tool Overview - Security Uses and results Features and compatibility Worksheet overviews  Questions

3 ©2002 First Consulting Group 3 Objectives At the end of this presentation, you should:  Understand the structure of the HIPAA Security Assessment Toolkit  Understand how to fill out the HIPAA Security Assessment Toolkit  Understand how to review the HIPAA Security Assessment Toolkit in different levels of detail  Understand how to maintain the HIPAA Security Assessment Toolkit as your assessment activities continue

4 ©2002 First Consulting Group F I R S T C O N S U L T I N G G R O U P HIPAA Tool Overview - Security HIPAA Tool Training

5 ©2002 First Consulting Group 5 Uses and Results  The toolkit is used for Self-assessment Inventory Strategic planning  A completed toolkit will result in Organizational gap analysis  Current operations vs. proposed operations Policy and procedure inventory Policy and procedure gap analysis  Current documentation vs. proposed documentation Organizational remediation efforts and costs

6 ©2002 First Consulting Group 6 Features and Compatibility  Advanced MS-Excel features Worksheets contain grouped rows; creating a summary effect  Rows preceded with “+” are hidden  Rows preceded with “-” are exposed Worksheets contain commented cells  Cells containing a triangle in the upper right corner have comments  Comments are activated by resting the mouse pointer on the cell  MS-Excel Compatibility

7 ©2002 First Consulting Group 7 Worksheets  Introduction  Participants  Guidelines  P&P Inventory & Gap Matrix  Assessment Worksheets Administrative Procedures Physical Safeguards TSS - App TSM - Net  Summary  Metrics  Solution Sets  Gantt

8 ©2002 First Consulting Group 8 Worksheet - Introduction  Worksheet Usage: Document the purpose of the tool, organizational detail, and workbook usage instructions.  Worksheet Benefit: The organization detail will aide when distributing the workbook to multiple organizations.  Worksheet Modifications: Modify to collect the detail deemed necessary

9 ©2002 First Consulting Group 9 Worksheet - Participants  Worksheet Usage: Document all individuals providing feedback and/or completing this toolkit.  Worksheet Benefit: The inventory of participants will assist individuals in understanding the context of feedback. Additionally, the inventory of participants will provide the opportunity to ensure all functional areas are represented appropriately.  Worksheet Modification: Modify to collect the demographic data deemed necessary.

10 ©2002 First Consulting Group 10 Worksheet - Guidelines  Worksheet Usage: Document all project guidelines (i.e. assumptions, scope predeterminations, and contexts).  Worksheet Benefit: The inventory of guidelines will assist individuals in understanding the context of the feedback, identified gaps, solutions, and solution sets and keep the gap analysis remains in-scope/on-time.  Worksheet Modification: Modify guidelines to reflect the organization being assessed. This worksheet is pre- loaded with guidelines commonly used.

11 ©2002 First Consulting Group 11 Worksheet – Documentation Inventory  Worksheet Usage: Document all policies and procedures used to provide feedback. Polices and procedures should be listed next to the rule for which they have fully or partially provided feedback.  Worksheet Benefit: The inventory of policies and procedures, organized by rule, will provide a graphical representation of areas deficient in documentation.  Worksheet Modification: This worksheet is pre-loaded with the appropriate rules; it is not recommended to alter the rule content of the spreadsheet.

12 ©2002 First Consulting Group 12 Assessment Worksheets  Worksheet Usage: Conduct the gap analysis of the organization against the rules.  Worksheet Benefit: This worksheet will provide a gap analysis indicating HIPAA non-compliance, partial compliance, or full-compliance.  Worksheet Modification: This worksheet is pre-loaded with information. Data entry points are the scorecard and comments columns.

13 ©2002 First Consulting Group 13 Assessment Worksheets  Inquiry HIPAA security rule in question form  Clarification Industry examples for the rule

14 ©2002 First Consulting Group 14 Assessment Worksheets  Questioning system: Def - Is the item defined formally or informally? Doc - Is the item documented? Use - Is the item actively used and applicable?

15 ©2002 First Consulting Group 15 Assessment Worksheets  Scoring system: 0 (Zero) - Not Defined/Documented/Used 1 (One) - Partially Defined/Documented/Used 2 (Two) - Fully Defined/Documented/Used NA - Not Applicable

16 ©2002 First Consulting Group 16 Assessment Worksheets  Comments Justification for the scorecard Reference to policies or procedures Special considerations

17 ©2002 First Consulting Group 17 Worksheet - Summary  Worksheet Usage: Reviewed as a dashboard; providing a summary of all rules and generating an organizational compliance score.  Worksheet Benefit: This worksheet will provide a centralized reporting mechanism for the gap analysis and remediation activities.  Worksheet Modification: This worksheet is functional with the toolkit upon delivery. Modifications, duplications, and/or additions may alter the results on this worksheet.

18 ©2002 First Consulting Group 18 Worksheet - Metrics  Worksheet Usage: A source for all formulas; containing metrics to be applied to the entire workbook.  Worksheet Benefit: This worksheet will provide a centralized sourcing area to allow "What If?" scenarios with formulas.  Worksheet Modification: Upon initiation of the assessment, all information NOT highlighted in gray needs to be obtained. Additions to the worksheet are encouraged to accurately reflect desired metrics to be used for the organization.

19 ©2002 First Consulting Group 19 Worksheet - Solution Sets  Worksheet Usage: Define all solutions (tasks) required to reach full compliance on all rules. Group all solutions into logical solution sets (projects).  Worksheet Benefit: This worksheet will provide opportunities for project generation, project synergy, and budgeting estimates.  Worksheet Modification: This worksheet is pre-loaded with commonly used solutions for each rule. This worksheet should be modified to represent the actual work required.

20 ©2002 First Consulting Group 20 Worksheet - Solution Sets  Solution This worksheet is pre-loaded with common solutions for each rule. This worksheet should be modified to represent the actual work required for the organization to reach full compliance.  Logic Free text description of how the solution will be completed

21 ©2002 First Consulting Group 21 Worksheet - Solution Sets  Hour estimation Bus. FTE Hours - Total number of hours required to complete the task for Non-IS staff IS FTE Hours - Total number of hours required to complete the task for IS staff External FTE Hours - Total number of hours required to complete the task for Non-staff (i.e. consulting)

22 ©2002 First Consulting Group 22 Worksheet - Solution Sets  Cost estimation (automatically calculated) Bus. FTE Costs - The cost of the hours assigned to non-IS FTEs to complete the solution. IS FTE Hours - The cost of the hours assigned to IS FTEs to complete the solution. External FTE Hours - The cost of the hours assigned to non-staff FTEs (i.e. consulting) to complete the solution.

23 ©2002 First Consulting Group 23 Worksheet - Solution Sets  Usage estimation (automatically calculated) Bus. FTE Hours - The percentage utilized of one FTE over one year. IS FTE Hours - The percentage utilized of one FTE over one year. External FTE Hours - The percentage utilized of one FTE over one year.

24 ©2002 First Consulting Group 24 Worksheet - Solution Sets  Total Costs Capital costs include those costs outside of labor (i.e. software, hardware, legal counsel) Total costs are automatically calculated

25 ©2002 First Consulting Group 25 Worksheet - Gantt  Worksheet Usage: Allocate work effort of each solution set across annual quarters. Costs, hours, and usage is automatically distributed.  Worksheet Benefit: This worksheet will provide opportunities for “What If” scenarios  Worksheet Modification: The percentage of allocation should be entered.

26 ©2002 First Consulting Group 26 Questions and Discussion ? ? ? ? ? ? ? ?


Download ppt "©2002 First Consulting Group F I R S T C O N S U L T I N G G R O U P Security HIPAA Tool Training."

Similar presentations


Ads by Google