MU and HIPAA Compliance 101 Robert Morris VP Business Services Ion IT Group, Inc www.IonITGroup.com.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Risk Assessment Robert Morris VP Business Services Ion IT Group, Inc
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Presented by the Office of the General Counsel An Overview of HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
Are you ready for HIPPO??? Welcome to HIPAA
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
1 HIPAA Privacy & Security Overview Know HIPAA Presents.
Health information security & compliance
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
1 HIT Standards Committee Privacy and Security Workgroup: Recommendations Dixie Baker, SAIC Steven Findlay, Consumers Union August 20, 2009.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Security Controls – What Works
Information Security Policies and Standards
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Information Security Technological Security Implementation and Privacy Protection.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Network Security for End Users in Health Care Name of Presenter Title of Presenter.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
PHASE II OF HIPAA AUDIT PROGRAM June 2016 Presented by John P. Murdoch II, Esq. of Wilentz, Goldman & Spitzer, P.A. Two Industrial Way West Two Industrial.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
The Health Insurance Portability and Accountability Act 
iSecurity Compliance with HIPAA
Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.
By: Eamon Callahan and Wilston Johnston
HIPAA.
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
County HIPAA Review All Rights Reserved 2002.
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Introduction to the PACS Security
Presentation transcript:

MU and HIPAA Compliance 101 Robert Morris VP Business Services Ion IT Group, Inc

Agenda: 2

3 Sometimes we have to do things even when we don’t want to… Odie 12/15/2011

4 HIPAA Components Title 1 Portability Title II Admin Simplification Title III Med Savings Account Title IV Group Health Plan Provisions Title V Revenue Offset Provision Privacy since 4/03 EDI Security Compliant since 4/05 Transactions Code Sets Identifiers Use/Disclosure of PHI Individual Rights Administrative Requirements Admin Procedures Physical Safeguards Organizational Requirements Technical Safeguards HIPAA Components (est. 1996)

5 HIPAA Components (est. 1996) Title 1 Portability Title II Admin Simplification Title III Med Savings Account Title IV Group Health Plan Provisions Title V Revenue Offset Provision Privacy Compliant since 4/03 EDI Security Compliant since 4/05 Transactions Code Sets Identifiers Use/Disclosure of PHI Individual Rights Administrative Requirements Admin Procedures Physical Safeguards Technical Security Mechanisms Technical Security Service

Why Should We Care about Network Security? Potential for downtime and impact on patient care It’s both a State and Federal law The dreaded blank check scenario Possible fines for security breaches HIPAA requires we implement security measures to protect PHI on paper and electronically! Damage to reputation for security breaches (newspaper headlines) 6

Headlines July 07, 2010 Conn. AG, Health Net Reach Settlement Over Medical Data Breach On Tuesday, insurer Health Net reached a $250,000 settlement with Connecticut Attorney General Richard Blumenthal (D), who sued the company after it lost a computer hard drive in 2009, Dow Jones/Wall Street Journal reports. T he hard drive contained medical and financial information on about 500,000 members from the state. (Solsman, Dow Jones/Wall Street Journal, 7/6). 7

Headlines June 2, 2010 “Many of the major healthcare information breaches reported since last September, when the HITECH Breach Notification Rule took effect, have involved the theft or loss of unencrypted laptops and other portable devices.” Terrell Herzig is HIPAA security officer at UAB Health System in Birmingham, Ala. 8

Agenda: 9

10 Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. Meaningful Use Core Set verbiage says…

11 Aaaannd that means what??… Administrative Safeguards 1.You must have a Security Management Process - a)Implement Policies and procedures to prevent, detect contain and correct security violations. 2.Risk Analysis - a)Conduct and accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by the covered entity. 3.Risk Management - a)Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with (a). 4.Sanction Policy – a)Apply appropriate sanctions against workforce members who fail to comply with the security policies of the covered entity. 5.Information System Activity Review – a)Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. PS. Breach notification was effective 9/2009 Covered entities and business associates have the burden of proof to demonstrate that all required notifications have been provided or that a use or disclosure of unsecured protected health information did not constitute a breach. This section also requires covered entities to comply with several other provisions of the Privacy Rule with respect to breach notification.

How You Can Help Your Organization Keep the Network Secure 12

User Access Control and Password Guidance Unique User ID All system access with your ID is YOUR responsibility. Password Guidelines Passwords must be a combination of upper and lower case letters, number and special characters. 13 Automatic Logoff Your EHR session should terminate after 15 minutes of inactivity.  Always save your work before leaving your workstation !

Accounting for Disclosures Always indicate why treatment, payment, or authorization information is being disclosed. Minimum Necessary Rule: “…take reasonable steps to limit the use or disclosure of, and requests for, [PHI] to the minimum necessary to accomplish the intended purpose.” 14

Tasks for the IT Dept Role-Based Access: Manage who gets access to what. Firewall Review: Make sure that communication with the outside world is secure. Wireless Security: Manage who gets WiFi access. Antivirus: Manage software to keep viruses and malware at bay. Server/Workstation Updates: Make sure all software gets appropriate updates to mitigate problems. 15

Tasks for the IT Dept Backup: Keep a backup of all data, just in case! Backup Encryption: Make backup data unreadable to snoopers. Recovery: Have a plan in case disaster strikes! 16

Summary Protecting data is everyone’s responsibility. Understand HIPAA. Hold each other accountable. 17

18 Thank you for your time today! Robert Morris

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.