Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Red Flag Rules: What they are? & What you need to do
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
NAU HIPAA Awareness Training
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
IT Security Challenges In Higher Education Steve Schuster Cornell University.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
© Chery F. Kendrick & Kendrick Technical Services.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Electronic Records Management: What Management Needs to Know May 2009.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
2015 ANNUAL TRAINING By: Denise Goff
HIPAA PRIVACY AND SECURITY AWARENESS.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
Privacy & Security Policy Meets Technology at the Crossroads: Best Practice Methods & Approaches to Developing Organizational Frameworks to Avoid Collision.
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.
The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Government Agency’s Name April Identity Theft is when someone steals your personal information and uses it as their own, usually for some financial.
Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
The Basics of Protecting Electronic Personal Health Information Greg Nance - CISSP, CRISC, CISA, ITIL Information Security Governance, Risk and Compliance.
An Update on FERPA and Student Privacy
Regulatory Compliance
Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.
Chapter 3: IRS and FTC Data Security Rules
Red Flags Rule An Introduction County College of Morris
CompTIA Security+ Study Guide (SY0-401)
Cyber Security: What the Head & Board Need to Know
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007

Compliance and Policies Facts: –Compliance is a continuous process –Businesses change –Processes continue to evolve –New technologies are implemented –Policies, if followed and implemented can protect the institution. –Compliance today does not mean compliance tomorrow.

Policies are moving Targets and must be revised to meet the challenges of the changing business and regulatory environments.

Florida Statute § Data Breach Notification Statute Cutting Edge Policies State/Federal The ever-changing regulatory environment…. HIPAA GLBA FERPA 21 CFR Part 11 CAN-SPAM ACT OF 2003 PCI FAIR CREDIT REPORTING ACT/FACTA PATRIOT ACT FRCP – E-discovery

Regulatory Issues Sensitive Information Identity Theft/ Medical Identity Theft –Increasing problem at Healthcare providers –Fraud Financial (Organizational) Data - (Confidential) Research data Intellectual Property (Research papers/innovations) –Student, Faculty and Staff (sent and received) JCAHO FDA Billing Compliance

Data Breach Notification Laws As of January 2007 – 35 states have enacted such laws to disclose security breaches involving personal information. Such laws are intended to protect consumers and hold organizations liable for the protection of personal information.

Institutional Response Ideally you need institutional privacy and information security practices Move away from the “siloed”, purely compliance approach It’s all about facilitating effective business processes and reducing risk Considerable opposition from “entrenched” areas This approach can only succeed with “hands on” C-level leadership –and evolution into an appropriate governance structure

Institutional Response Develop and implement an Enterprise Incident Response Plan Test the Enterprise Incident Response Plan to make sure it works Create procedures that allow the organization to respond in a timely, thoughtful and savvy manner that minimizes damage to the reputation and image of the institution.Create procedures that allow the organization to respond in a timely, thoughtful and savvy manner that minimizes damage to the reputation and image of the institution.

WORD TO THE WISE It is far less costly to prevent a data breach than it is to respond to one! According to SC Magazine and the Ponemon Institute, the estimated cost of a data breach is $182 per compromised record in addition to the indirect costs for lost employee productivity and opportunity costs related to customer loss which may add up to over $10 million dollars.

2008 CPT Changes How will it affect your Policies? Did you know that third party payors will pay for E-visits beginning in 2008? –An e-visit is an electronic alternative to a traditional office visit. Does your organization have policies that govern e- mail communications between physicians and their patients? Do you have a secure mail system or portal that allows for the exchange of encrypted E-PHI? Do you have policies to address what types of documentation are required to bill for an e-visit and what documentation must be maintained and for how long? NOTE: Unencrypted should not include PHI or other sensitive information such as HIV, STDs, Substance Abuse, Domestic Violence or Psychotherapy Notes.

Policies & Compliance Keep it current Only implement policies with which your organization can comply Stay abreast of all current state and federal legislation that will affect your business Continually monitor your institution for new sites of service, changes in organizational structure, and new business units and practices Monitor your policies for compliance and adjust as needed. Disseminate changes and train the masses. Training and education are key to successful compliance programs.

Questions…….. Contact Information: Sharon A. Budman, MS Ed, CIPP Ishwar Ramsingh, MBA, CISSP, CISA, CISM Phone:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.