1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

New Privacy and Security Certifications Fifth Annual HIPAA Summit Baltimore, MD October 30, 2002.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Information Security Policies and Standards

HIPAA TRANSACTIONS HIPAA Summit IV 2002 UPDATE. HHS Office of General Counsel l Donna Eden l Office of the General Counsel l Department of Health and.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Informed Consent and HIPAA Tim Noe Coordinating Center.

12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

5 TH National HIPAA Summit HIPAA Vendor Readiness SIEMENS/HDX Presentation 1 November 2002 Don Bechtel HDX Compliance Officer Co-chair WEDI SNIP Transactions.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

State of Iowa Enterprise HIPAA Compliance

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

STANDARDS OVERVIEW Wednesday, April 30, 2015 KAREN RECZEK, STANDARDS COORDINATION OFFICE, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

WEDI ICD-10 Update National Committee on Vital and Health Statistics Subcommittee on Standards June 10, 2014 Jim Daley, Chairman, WEDI Director, IT Risk.

Eliza de Guzman HTM 520 Health Information Exchange.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

HIPAA Vendor Readiness Siemens/HDX Audio Telecast July 24, 2002.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

1 HIPAA Administrative Simplification Standards Yesterday, Today, and Tomorrow Stanley Nachimson CMS Office of HIPAA Standards.

NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society.

Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.

DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.

One Academic Medical Center’s Response to HIPAA David McKelvey DUHS January 12, 2001.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Healthcare Security Professional Roundtable John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions, Inc.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

ASCA Transaction Extension and Resources to Help Extending Your Compliance Deadline for Transactions & Code Sets April 19, 2002 Steven S. Lazarus, PhD,

SEVESO II transposition and implementation: Possible approaches and lessons learned from member states and new member states SEVESO II transposition and.

HIPAA COMPLIANCE IN WASHINGTON STATE Vicki Hohner Washington State Dept. of Health March 15, 2002.

Extending Your Compliance Deadline for Transactions & Codes Sets Developing your Compliance Plan for a Smoother Transition and to Avoid Potential Medicare.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

HIPAA Yesterday, Today and Tomorrow? Dianne S. Faup Office of HIPAA Standards Centers for Medicare & Medicaid Services.

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

CMS Administers and regulates Medicare

EMPLOYER HIPAA COMPLIANCE STRATEGIES HIPAA Summit Audio Conference

A Practical Risk-Based Approach

Analysis of the Final HIPAA Security Rule

Countdown to Compliance

Health Care: Privacy in a Digital Age

Presented by: Steven S. Lazarus, PhD, FHIMSS

HIPAA Security Standards Final Rule

Making Your IRBs and Clinical Investigators HIPAA-Ready

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Presentation transcript:

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

June 6, 2002Presenter - Chris Apgar, CISSP2 Presentation Overview HIPAA & Data Security Challenges & Deadlines Opportunities & Tactics Resources Contact Information

June 6, 2002Presenter - Chris Apgar, CISSP3 Data Security 4Risk Assessment 4Policy & procedure development 4Training & awareness 4Contingency Plan 4Information access control (“need to know”) 4Audit & certification 4Documentation 4Record access (release management & file access) 4Personnel security & authentication 4Chain of Trust/Business Associate Agreement 4Security & privacy management 4Security incident response 4Physical security Impact Overview

June 6, 2002Presenter - Chris Apgar, CISSP4 Data Security Rule likely not final no earlier than 3Q 2002 Privacy Rule requires data security but regulatory definition not finalized In some cases court decisions have established draft rule as de facto standard

June 6, 2002Presenter - Chris Apgar, CISSP5 Final privacy rule without security rule creates confusion and hampers compliance Coordination between plans, providers, business associates and regulators complicated Lack of industry scalable standards Lack of internal documentation & process Limited resources & time (Privacy Rule does require security) Challenges & Deadlines

June 6, 2002Presenter - Chris Apgar, CISSP6 Need to require security assurances from business associates but lack final standard “Just another IS project/regulatory requirement” No final rule increases the challenge of dedicating the resources Vendor reliance's – how do they spell security? Legal hindrances, contract changes & new litigation – courts & attorneys won’t go away Challenges & Deadlines

June 6, 2002Presenter - Chris Apgar, CISSP7 Medicaid & Medicare: What standards will be applied? No published enforcement guidelines Political turf battles (federal/state/local) – the war to define security mandates Security certification not standard in healthcare & accreditation bodies want to get into the act Challenges & Deadlines

June 6, 2002Presenter - Chris Apgar, CISSP8 Privacy official & data security officer – grant authority and establish strong communication channels Complete risk assessment & gap analysis – point out costs of litigation and security failure Clearly and reasonably define what is needed when Senior management support required Apply appropriate project management methodology Opportunities & Tactics

June 6, 2002Presenter - Chris Apgar, CISSP9 The better the documentation, the better the protection only if followed & current Standardize, simplify and enforce – cultural change required! Minimize exceptions to defined processes and boilerplate forms Opportunities & Tactics

June 6, 2002Presenter - Chris Apgar, CISSP10 Education & training required Good security more process & culture than technology Review technical solutions & fit to organizational need Document protected health information storage, transmission, etc. process – how strong are your walls? Opportunities & Tactics

June 6, 2002Presenter - Chris Apgar, CISSP11 Develop contingency plan - what happens if the attorneys arrive or something goes wrong? Strengthen internal & external partnerships – participate in developing standards Keep current Remain flexible Opportunities & Tactics

June 6, 2002Presenter - Chris Apgar, CISSP12 Join industry/government HIPAA task force (local WEDI SNIP) Partner with state Medicaid agency If business associate, collaborate with other “business associates” Surf the web and network with colleagues & competitors Above all maintain a sense of humor! Opportunities & Tactics

June 6, 2002Presenter - Chris Apgar, CISSP13 Resources HHS HIPAA Web Site: National Institute of Health (regulatory information): HealthExec Online (HIPAA): SANS Institute:

June 6, 2002Presenter - Chris Apgar, CISSP14 Resources Workgroup for Electronic Data Interchange: CPRI-Host Resource Center: host.orghttp:// host.org HIPAA Assessment: icahipaa_earlyview_tool.htm icahipaa_earlyview_tool.htm Thomas Legislative Guide:

June 6, 2002Presenter - Chris Apgar, CISSP15 Resources American Association of Health Plans: American Medical Association: American Hospital Association: American Health information Management Association: American Health Quality Association:

June 6, 2002Presenter - Chris Apgar, CISSP16 Question & Answer Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan (503) (voice) (503) (fax)