Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Published byScott Lester Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013."— Presentation transcript:

1 Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013

2 Protecting Personal Health Information HIPAA Privacy (and Security) Rule – 45 CFR 164 Meaningful Use – tied to HIPAA Security Rule and requires a security risk assessment Minimal enforcement so far, BUT increasing audits in 2014 “Data security and patient privacy are not compliance issues, they are patient care responsibilities” “Data security and patient privacy are not compliance issues, they are patient care responsibilities” “Trust is critical to building a secure electronic health infrastructure. Now more than ever consumer confidence in the privacy and security of health information is paramount as we undergo this transformation in the way in which we do the business of healthcare” “Trust is critical to building a secure electronic health infrastructure. Now more than ever consumer confidence in the privacy and security of health information is paramount as we undergo this transformation in the way in which we do the business of healthcare” Leon Rodriguez, JD – Director of the Office of Civil Rights

3 HIPAA Audit Findings Initial HIPAA Privacy and Security audits returned findings or observations on 89% of entities HHS/OCR has enforced 20,359 corrections upon covered entities since 2003 Over $15 million in civil penalties (since 2008) Forced implementation of new policies and practices Last year’s investigations lead to corrective action 77% of the time A 10% increase from the previous year New Omnibus Final Rule adopts higher standards, increased CMP amounts and tiered levels of culpability All business associates and subcontractors must comply with HITECH Rules and are liable for violations

4 Major Areas of Concern Security Rule Security accounted for 60% of findings in initial audits 58 of 59 providers had at least one security finding or observation No complete and accurate risk assessment in two thirds of entities Privacy Rule Improper uses and disclosures of PHI – nearly half of Privacy findings Updates to Privacy Protection of PHI require significant changes to EHR systems Outdated Notice of Privacy Practices does not comply with new rule requirements Breach Notification Rule Over 64,500 reports since Sept. 2009 – Theft, Unauthorized Access/Disclosure, Loss Theft accounted for over half of major security breaches (over 500 affected) No incident response plan implemented to contain/minimize breach of PHI Transition to “automatic presumption” of information breach – greater burden on CEs

5 Arizona Rural Providers Observations: HIPAA is complex and there is a lot to know Understanding role and responsibilities of Privacy and Security Officers Business Agreements – risk of breech Documentation – or a lack of…. PHI is still out there in work areas – beware of paper! Beware of data on devices! Monitors/screens PDAs, laptops Faxes/copiers Actions: HIPAA “team” HIPAA education and training Business Agreements (new) for everyone HIPAA documentation – policies and procedures are a must Implement “clean desk policy” Implement shredding process ENCRYPT data on all devices

6 Performed in accordance with the methodology described in the National Institute of Standards and Technology (NIST) Guidelines SP 800-30 and should include the following steps: 1. System Characterization 2. Threat Identification 3. Vulnerability Identification 4. Control Analysis 5. Likelihood Determination 6. Impact Analysis 7. Risk Determination 8. Control Recommendations 9. Results Documentation The complexity of the facility and the number of systems implemented will influence the amount of time required to complete the analysis Risk Analysis Guidance

7 Security Risk Assessment

8 Summary Understand HIPAA scope and breadth – educate, train, and share responsibility - www.healthit.gov HIPAA Security Rule – 45 CFR 164.308(a)(1) - Perform a Security Risk Assessment – know your challenges! Document, Document, Document, …. Encryption!!!!!! Recognize patient privacy and data security are compliance oriented – BUT focus on HIPAA as a patient care and customer service strategy

9 Discussion – Questions Thank you!! Questions? John Hoyt Partner, InTech Health Ventures Jhoyt@Intechhv.com 520-867-8530

Download ppt "Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.

Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Similar presentations

Ads by Google