HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Slides:



Advertisements
Similar presentations
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Advertisements

HIPAA’s Security Regulations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations.
Security Controls – What Works
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
Introduction and Overview- The HIPAA Security Rule
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc Lightfall Court Columbia, MD A Blumberg Capital, Valley Ventures and Intel Capital Funded.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Implementing the HIPAA Security Rule John Parmigiani National Practice Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.
Working with HIT Systems
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
HIPAA Security Final Rule Overview
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
1 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Issues for Counties – PHI, Prisoners, Disaster Preparedness and Homeland Security March 9,
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Security Final Rule Overview for HIPAA Summit West June 5, 2003Karen Trudel.
Healthcare Security Professional Roundtable John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions, Inc.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.
© 2016 Health Information Management Technology: An Applied Approach Chapter 10 Data Security.
iSecurity Compliance with HIPAA
Health Insurance Portability and Accountability Act HIPAA 101
Understanding HIPAA Dr. Jennifer Lu.
Introduction to the Federal Defense Acquisition Regulation
Paul T. Smith Davis Wright Tremaine LLP
Health Insurance Portability and Accountability Act
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
Health Insurance Portability and Accountability Act
County HIPAA Review All Rights Reserved 2002.
Thursday, June 5 10: :45 AM Session 1.01 Tom Walsh, CISSP
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
Drew Hunt Network Security Analyst Valley Medical Center
National Congress on Health Care Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Healthcare Security Rule Compliance: Afternoon Plenary Session
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

HIPAA Compliance Services CTG HealthCare Solutions, Inc. HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Presentation Outline Introduction Overview of HIPAA Security and its Impact The Final Rule? Conclusions 2 2

Introduction

John Parmigiani CTGHS Director of HIPAA Compliance Services HCS Director of Compliance Programs HIPAA Security Standards Government Chair/ HIPAA Infrastructure Group Directed development and implementation of security initiatives for HCFA Security architecture Security awareness and training program Systems security policies and procedures Directed development and implementation of agency-wide information systems policy and standards and information resources management AMC Workgroup on HIPAA Security and Privacy;Content Committee of CPRI Security and Privacy Toolkit; Editorial Advisory Board of HIPAA Compliance Alert’s HIPAA Answer Book

Overview of HIPAA Security & its Impact

Security Goals Confidentiality Integrity Availability

Flexible - Scalable - Technology Neutral HIPAA Security Framework Flexible - Scalable - Technology Neutral Each affected entity must assess own security needs and risks & Devise, implement, and maintain appropriate security to address business requirements

Security Standards What do they mean for covered entities? Procedures and systems must be updated to ensure that health care data is protected. Written security policies and procedures must be created and/or reviewed to ensure compliance. Employees must receive training on those policies and procedures. Access to data must be controlled through appropriate mechanisms (for example: passwords, automatic tracking of when patient data has been created, modified, or deleted). Security procedures/systems must be certified (self-certification is acceptable) to meet the minimum standards.

Security Compliance Areas: Training and Awareness Policy and Procedure Review System Review Documentation Review Contract Review Infrastructure and Connectivity Review Access Controls Authentication Media Controls

Security Compliance Areas…: Workstation Emergency Mode Access Audit Trails Automatic Removal of Accounts Event Reporting Incident Reporting Sanctions

Security Measures In general, security measures can grouped as: Administrative Physical Technical (Data in transit and data at rest)

Security Standards NPRM- 8/12/1998 Administrative Requirements (12) Physical Requirements (6) Technical Requirements [data at rest](5) Technical Requirements [data in transit](1) Electronic Signature Implementation Features (70)

BS 7799/ISO 17799 Standard Areas of Business Security Security Policy Security Organization Asset Classification and Control Personnel Security Physical and Environmental Security Communications and Operations Management Access Control Systems Development and Maintenance Business Continuity Management Compliance Standard Areas of Business Security

Security – The Privacy Rule Standard: safeguards. A covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information Implementation specification: safeguards. A covered entity must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of this subpart.

HIPAA Statutory- Security [USC 1320d-2(d)(2)] “Each covered entity who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards : (A) to ensure the integrity and confidentiality of the information; and (B) to protect against any reasonably anticipated (i) threats or hazards to the security or integrity of the information; and (ii) unauthorized uses or disclosures of the information; and (C) otherwise to ensure compliance with this part by the officers and employees of such person” Is in Effect Now!

The Final Rule?

HIPAA Security-The Final Rule Final Rule in clearance- expected to be published summer (Q3) 2002 What to expect Streamlining- Same core values- more specificity as to mandatory (must do)/discretionary (should do) Fewer standards Paper (?) as well as electronic media Business Associate Contracts/Chain-of-Trust Synchronization with Privacy What not to expect No Electronic Signature but…not dead for health care

Electronic Signature Standard Comments to Security NPRM indicated a lack of consensus; industry continues to work on, monitored by NCVHS NCVHS necessary before regulation developed Transaction standards do not require Security NPRM specified digital signature (authentication, message integrity, non-repudiation requirements) NIST rather than DHHS will probably develop PKI-HealthKey Bridge effort / interoperability problems

Conclusions

$ A Balanced Approach Risk Cost of safeguards vs. the value of the information to protect Security should not impede care Your organization’s risk aversion Due diligence $ Risk

Reasonableness/Common Sense Administrative Simplification Provisions are aimed at process improvement and saving money Healthcare providers and payers should not have to go broke becoming HIPAA-compliant Expect fine-tuning adjustments over the years

Remember: Due Diligence!

Thank You Questions? john.parmigiani@ctghs.com / 410-750-2497

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.