What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
David Assee BBA, MCSE Florida International University
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Health information security & compliance
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
MU and HIPAA Compliance 101 Robert Morris VP Business Services Ion IT Group, Inc
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
1 © CHC Healthcare Solutions 2004 All rights reserved HIPAA Issues for Counties – PHI, Prisoners, Disaster Preparedness and Homeland Security March 9,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.
Public Health IT Privacy, Confidentiality and Security of Public Health Information This material (Comp13_Unit2) was developed Columbia University, funded.
Installation and Maintenance of Health IT Systems System Security Procedures and Standards Lecture a This material Comp8_Unit6a was developed by Duke University,
© 2016 Health Information Management Technology: An Applied Approach Chapter 10 Data Security.
Privacy & Information Security Basics
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.
Paul T. Smith Davis Wright Tremaine LLP
Pass4itsure Cisco Dumps
Health Insurance Portability and Accountability Act
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
Health Insurance Portability and Accountability Act
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
National Congress on Health Care Compliance
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Security Risk Assessment (SRA)
Presentation transcript:

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions & Code Sets –Security

Administrative Simplification nPrivacy – April 14, implemented nTransaction Standards and Code Sets – October 16, implemented nSecurity – April 20, 2005 – it’s right around the corner

Goals of Administrative Simplification nProtect the security and privacy of patient information nImprove efficiency and effectiveness by standardizing electronic transmissions of: –Financial transactions –Administrative transactions

Who is covered by HIPAA? n“Covered Entity” –Health Care Providers –Clearinghouses –Health Plans nBusiness Associates –Entity that does a task on our behalf and, –Utilizes Protected Health Information (PHI) –Examples: Temp agencies, Medical Director, Pharmacy consultant

What does HIPAA Protect? nProtected Health Information PHI –Created or received by a health care provider AND –Involves past, present, or future treatment OR –Payment for such services, AND –Identifies the individual (IIHI) AND –Transmitted or maintained in ANY form

What is the Security Rule?

Important Security Facts nOnly applies to e-PHI nRequires a Risk Assessment nRequires a more Technical Solution nEffective April 20, 2005

What does the Security Rule Protect? nElectronic Protected Health Information (e-PHI) –Created or received by a health care provider AND –Involves past, present, or future treatment OR –Payment for such services, AND –Identifies the individual AND –Transmitted by or maintained in ELECTRONIC MEDIA

Security Rule Core Requirements Covered Entities must ensure the confidentiality, integrity, and availability (CIA) of e-PHI they create, receive, maintain, or transmit.

Security Rule Core Requirements Covered Entities must protect against any reasonably anticipated threat or hazard to the security or integrity of e-PHI.

Security Rule Core Requirements Covered Entities must protect against any anticipated uses or disclosures of e-PHI that are not permitted under the law.

Security Rule Core Requirements Covered Entities must ensure compliance with the Security rule by all it’s workforce members.

Security Rule Components Three Categories: nAdministrative Safeguards nPhysical Safeguards nTechnical Safeguards

Security Rule Components nStandards – General requirement that must be complied with. Example: Contingency Planning nImplementation Specifications – Detailed or specific method or approach to meet a Standard. Example: Data backup plan, disaster recovery plan nImplementation Specifications can be either Required or Addressable. (But none are optional)

Security Rule - Administrative Focuses on Security Management Process designed to: –Prevent –Detect –Contain –and Correct Security Violations

Security Rule - Administrative nStandards Include: –Security Management Process –Assigning Security Responsibility –Workforce Security –Information Access Management –Security Awareness/Training –Security Incident Reporting –Contingency Planning –Evaluation of Security Measures

Security Rule - Physical Focuses on protecting e-PHI from: –Unauthorized Disclosure –Modification –Destruction

Security Rule - Physical nStandards include: –Facility Access Controls –Workstation Use –Workstation Security –Device and Media Controls

Security Rule - Technical Focuses on Technological Measures to ensure: –Confidentiality –Integrity –Availability

Security Rule - Technical nStandards Include: –Access Control Measures –Audit Controls –Integrity Controls –Person or Entity Authentication Controls –Transmission Security Measures

Where do we begin? Conduct a Risk Assessment

What is a Risk Assessment? A Risk Assessment will provide information needed to make risk management decisions regarding the degree of security remediation.

Components of the Risk Assessment nIdentifies Risks, Threats and Vulnerabilities that may occur if appropriate security measures are not put in place nIdentifies potential confidentiality, integrity and availability issues nIdentifies the impact and probability of a risk nIdentifies mitigation options

What is a Risk, Threat and Vulnerability? n Risk – What can happen if a threat exploits a vulnerability. n Threat – Who or what can cause an undesirable event. n Vulnerability – How a weakness in technology or organizational process can be exploited by a threat.

What is CIA? n Confidentiality – e-PHI disclosed to unauthorized persons n Integrity – e-PHI modified by unauthorized persons n Availability – e-PHI unavailable to authorized persons

What is Impact and Probability? n Impact – The effect a particular incident would have. Measured high, medium or low. n Probability – Likelihood of an incident occurring. Measured high, medium or low.

Risk Assessment Let’s discuss an example of a risk, threat and vulnerability.

Scenario nYou are in an unfamiliar City nDecide to take a night time walk nStreet is dark – no pedestrians; no traffic nYou are all alone nExcessive Graffiti on the walls

Scenario nWhat is the Risk? –(What might happen) nWhat is the Threat? –(Who) nWhat is the Vulnerability? –(How could it happen)

Scenario nWhat is the Risk? (What might happen) –You might be attacked –You might be robbed nWhat is the Threat? (Who) –A mugger nWhat is the Vulnerability? (How could it happen) –You are in a strange location –You don’t know your way around

Where do we document the findings? Risk Assessment Matrix

What is the Risk Assessment Matrix? nDocuments the analysis performed for each Standard and Implementation Specification. nOne Matrix for each e-PHI instance.

Risk Assessment Let’s look at the Risk Assessment Matrix

Risk Assessment

What is My Role in the Risk Assessment? nIdentify Risks, Threats and Vulnerabilities nIdentify potential Confidentiality, Integrity and Availability outcomes nDetermine Potential and Impact of Risks nIdentify Mitigation Alternatives nHelp Implement Solutions

Now what? nIdentify Teams for each e-PHI Application nConduct Brainstorming Sessions nComplete the Risk Assessment Matrix nSelect Mitigation Plans nImplement Corrective Actions nMonitor to Ensure Compliance

Anything Else? Work together to ensure our organization is HIPAA Compliant by April 20, 2005

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.