Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Published byThomasina Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan."— Presentation transcript:

1 1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

2 June 6, 2002Presenter - Chris Apgar, CISSP2 Presentation Overview HIPAA & Data Security Challenges & Deadlines Opportunities & Tactics Resources Contact Information

3 June 6, 2002Presenter - Chris Apgar, CISSP3 Data Security 4Risk Assessment 4Policy & procedure development 4Training & awareness 4Contingency Plan 4Information access control (“need to know”) 4Audit & certification 4Documentation 4Record access (release management & file access) 4Personnel security & authentication 4Chain of Trust/Business Associate Agreement 4Security & privacy management 4Security incident response 4Physical security Impact Overview

4 June 6, 2002Presenter - Chris Apgar, CISSP4 Data Security Rule likely not final no earlier than 3Q 2002 Privacy Rule requires data security but regulatory definition not finalized In some cases court decisions have established draft rule as de facto standard

5 June 6, 2002Presenter - Chris Apgar, CISSP5 Final privacy rule without security rule creates confusion and hampers compliance Coordination between plans, providers, business associates and regulators complicated Lack of industry scalable standards Lack of internal documentation & process Limited resources & time (Privacy Rule does require security) Challenges & Deadlines

6 June 6, 2002Presenter - Chris Apgar, CISSP6 Need to require security assurances from business associates but lack final standard “Just another IS project/regulatory requirement” No final rule increases the challenge of dedicating the resources Vendor reliance's – how do they spell security? Legal hindrances, contract changes & new litigation – courts & attorneys won’t go away Challenges & Deadlines

7 June 6, 2002Presenter - Chris Apgar, CISSP7 Medicaid & Medicare: What standards will be applied? No published enforcement guidelines Political turf battles (federal/state/local) – the war to define security mandates Security certification not standard in healthcare & accreditation bodies want to get into the act Challenges & Deadlines

8 June 6, 2002Presenter - Chris Apgar, CISSP8 Privacy official & data security officer – grant authority and establish strong communication channels Complete risk assessment & gap analysis – point out costs of litigation and security failure Clearly and reasonably define what is needed when Senior management support required Apply appropriate project management methodology Opportunities & Tactics

9 June 6, 2002Presenter - Chris Apgar, CISSP9 The better the documentation, the better the protection only if followed & current Standardize, simplify and enforce – cultural change required! Minimize exceptions to defined processes and boilerplate forms Opportunities & Tactics

10 June 6, 2002Presenter - Chris Apgar, CISSP10 Education & training required Good security more process & culture than technology Review technical solutions & fit to organizational need Document protected health information storage, transmission, etc. process – how strong are your walls? Opportunities & Tactics

11 June 6, 2002Presenter - Chris Apgar, CISSP11 Develop contingency plan - what happens if the attorneys arrive or something goes wrong? Strengthen internal & external partnerships – participate in developing standards Keep current Remain flexible Opportunities & Tactics

12 June 6, 2002Presenter - Chris Apgar, CISSP12 Join industry/government HIPAA task force (local WEDI SNIP) Partner with state Medicaid agency If business associate, collaborate with other “business associates” Surf the web and network with colleagues & competitors Above all maintain a sense of humor! Opportunities & Tactics

13 June 6, 2002Presenter - Chris Apgar, CISSP13 Resources HHS HIPAA Web Site: http://aspe.hhs.gov/admnsimp http://aspe.hhs.gov/admnsimp National Institute of Health (regulatory information): http://list.nih.govhttp://list.nih.gov HealthExec Online (HIPAA): http://www.healthexec.net/index.html http://www.healthexec.net/index.html SANS Institute: http://www.sans.orghttp://www.sans.org

14 June 6, 2002Presenter - Chris Apgar, CISSP14 Resources Workgroup for Electronic Data Interchange: http://www.wedi.org http://www.wedi.org CPRI-Host Resource Center: http://www.cpri- host.orghttp://www.cpri- host.org HIPAA Assessment: http://www.nchica.org/activities/EarlyView/nch icahipaa_earlyview_tool.htm http://www.nchica.org/activities/EarlyView/nch icahipaa_earlyview_tool.htm Thomas Legislative Guide: http://thomas.loc.gov http://thomas.loc.gov

15 June 6, 2002Presenter - Chris Apgar, CISSP15 Resources American Association of Health Plans: http://www.aahp.org http://www.aahp.org American Medical Association: http://www.ama-assn.org http://www.ama-assn.org American Hospital Association: http://aha.orghttp://aha.org American Health information Management Association: http://www.ahima.orghttp://www.ahima.org American Health Quality Association: http://www.ahqa.org http://www.ahqa.org

16 June 6, 2002Presenter - Chris Apgar, CISSP16 Question & Answer Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan (503) 574-7927 (voice) (503) 574-8655 (fax) apgarc@providence.org

Download ppt "1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner www.ociusmedinfo.com.

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
New Privacy and Security Certifications Fifth Annual HIPAA Summit Baltimore, MD October 30, 2002.

New Privacy and Security Certifications Fifth Annual HIPAA Summit Baltimore, MD October 30, 2002.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Information Security Policies and Standards

Information Security Policies and Standards
HIPAA TRANSACTIONS HIPAA Summit IV 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and.

HIPAA TRANSACTIONS HIPAA Summit IV 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.

12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.

IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
5 TH National HIPAA Summit HIPAA Vendor Readiness SIEMENS/HDX Presentation 1 November 2002 Don Bechtel HDX Compliance Officer Co-chair WEDI SNIP Transactions.

5 TH National HIPAA Summit HIPAA Vendor Readiness SIEMENS/HDX Presentation 1 November 2002 Don Bechtel HDX Compliance Officer Co-chair WEDI SNIP Transactions.

Similar presentations

Ads by Google