iSecurity Compliance with HIPAA

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
ISecurity Compliance with HIPAA. Part 1 About HIPAA.
Hipaa privacy and Security
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA, Computer Security, and Domino/Notes Chuck Connell,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
NAU HIPAA Awareness Training
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
ISecurity Compliance with Sarbanes-Oxley & COBIT.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Information Security Policies and Standards
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA COMPLIANCE WITH DELL
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Compliance. What is it? The federal Health Insurance Portability and Accountability Act of Ensures the privacy rights of patients.
Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.
HIPAA Privacy Rule Training
Privacy, Confidentiality, and Security
HIPAA Privacy & Security
Understanding HIPAA Dr. Jennifer Lu.
HIPAA.
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
County HIPAA Review All Rights Reserved 2002.
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Lesson 1  7 Basic Components of an Effective Compliance Plan
HIPAA Security Standards Final Rule
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Introduction to the PACS Security
Presentation transcript:

iSecurity Compliance with HIPAA

Part 1 About HIPAA

About HIPAA Health Insurance Portability and Accountability Act Enacted by the U.S. Congress in 1996 A group of regulations that combat waste, fraud, and abuse in health care delivery and health insurance. Title II of HIPAA, - the Administrative Simplification (AS) provisions, addresses the security and privacy of health data.

HIPAA Requirements for Enterprises Institute a required level of security for health information, including limiting disclosures of information to the minimum required for the activity Designate a privacy officer and contact person Establish privacy and disclosure policies to comply with HIPAA Train employees on privacy policies Establish sanctions for employees who violate privacy policies Establish administrative systems in relation to the health information that can respond to complaints, respond to requests for corrections of health information by a patient, accept requests not to disclose for certain purposes, track disclosures of health information Issue a privacy notice to patients concerning the use and disclosure of their protected health information Establish a process through an IRB (or privacy board) for a HIPAA review of research protocols As a health care provider, include consent for disclosures for treatment, payment, and health care operations in treatment consent form (optional).

Part 2 HIPAA & iSecurity

iSecurity Products Supporting HIPAA (1) Firewall – prevents criminals from accessing and stealing sensitive data. Covers all 53 System communications protocols. Logs all access attempts and reports breaches. Audit – monitors and reports on all activity in the System I, performs as real-time auditing and detailed server audit trails. Compliance Evaluator – provides at-a-glance compliance checks assessing security status, strengths and weaknesses, based on industry and corporate policies. Authority on Demand – Control of user authorities, and dynamic granting of additional authorities on an as-needed basis, accompanied by more scrutinized monitoring. AP-Journal (including READ logs) – Monitoring of all changes in business-critical data & alerting of relevant personnel upon significant changes. Visualizer - Business Intelligence System for display and analysis of data from the System i

iSecurity Products Supporting HIPAA (2) Password - Full password management capabilities, including enforcement of site-defined password policies. Provides detailed daily reports of unsecured passwords. Anti Virus - Protection from Windows-compatible viruses and programs used or stored on System i server. Performs automatic pre-scheduled periodic scans. Central Admin - Manages multiple systems from a single control point Action - includes real-time alarms and protective response mechanisms for the System i Capture – performs silent capturing, saving and playback of user sessions View - protects and controls the display of classified data in iSeries user workstations. Screen - Automatic protection for unattended workstations Encryption (future) - Prevents intruders from using stolen information even when they succeed in obtaining it.

HIPAA Technical Safeguards Requirement iSecurity Compliance with HIPAA HIPAA Technical Safeguards Requirement Description: (R)=Required (A)=Addressable Firewall Audit Visualizer Compliance Evaluator Central Admin Anti-Virus AP-Journal Action Capture View Screen AOD Password Assessment Nubridges 164.312(a)(1) (R): Access Control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4). √ 164.312(a)(2)(i) (R): Unique User Identification. Implement procedures to assign a unique name and/or number for identifying and tracking user identity. 164.312(a)(2)(ii) (R): Emergency Access Procedure. Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.

HIPAA Technical Safeguards Requirement iSecurity Compliance with HIPAA HIPAA Technical Safeguards Requirement Description: (R)=Required (A)=Addressable Firewall Audit Visualizer Compliance Evaluator Central Admin Anti-Virus AP-Journal Action Capture View Screen AOD Password Assessment Nubridges 164.312(a)(2)(iii) (A): Automatic Logoff. Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. √ 164.312(a)(2)(iv) (A): Encryption and Decryption. Implement procedures to describe a mechanism to encrypt and decrypt electronic protected health information. 164.312(b) (R): Audit Controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

iSecurity Compliance with HIPAA HIPAA Technical Safeguards Requirement Description: (R)=Required (A)=Addressable Firewall Audit Visualizer Compliance Evaluator Central Admin Anti-Virus AP-Journal Action Capture View Screen AOD Password Assessment nuBridges 164.312(c)(1) (R): Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.   √ 164.312(c)(2) (A): Mechanism to authenticate electronic protected health information. Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner. 164.312(d) (R): Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

iSecurity Compliance with HIPAA HIPAA Technical Safeguards Requirement Description: (R)=Required (A)=Addressable Firewall Audit Visualizer Compliance Evaluator Central Admin Anti-Virus AP-Journal Action Capture View Screen AOD Password Assessment Nubridges 164.312(e)(1) (R): Transmission Security. Implement technical security policies and procedures measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. √   164.312(e)(2)(i) (A): Integrity Controls. Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. 164.312(e)(2)(ii) (A): Encryption. Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.

HIPAA Links The official central governmental hub for all HIPAA issues http://www.hhs.gov/ocr/privacy/index.html CMS (Center for Medicaid & Medicare): http://www.cms.hhs.gov/SecurityStandard/ http://www.cms.hhs.gov/SecurityStandard/Downloads/securityfinalrule.pdf HIPAA Security Guide http://www.cms.hhs.gov/SecurityStandard/Downloads/SecurityGuidanceforRemoteUseFinal122806rev.pdf HIPAA Security Standards Final Rule http://www.hipaa.samhsa.gov/download2/HIPAASecurityStandardsFinalRule.ppt#271,16,Basic Changes from NPRM HIPAA Security Rule Standards and Implementation Specifications http://www.nchica.org/HIPAAResources/Security/rule.htm#admin2

Thank You! Please visit us at www.razlee.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.