Presentation is loading. Please wait.

Presentation is loading. Please wait.

Healthcare IT Security and Compliance

Published byTimothy Cunningham Modified over 5 years ago

Similar presentations

Presentation on theme: "Healthcare IT Security and Compliance"— Presentation transcript:

1 Healthcare IT Security and Compliance
The New Trend in Healthcare IT

2 EHR 2.0 – Company Background
Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Consulting services to secure IT systems Education to increase staff awareness Best Practices Publications on HIPAA/HITECH Security Goal: To make compliance a painless and an enjoyable experience, while building capability and confidence.

3 Health Care Costs Out of Control
The cost of the patient care is increasing across the world; however, the increase is more pronounced in US compared to any other developed or developing country in the world. Currently, approximately 15% of the US GDP (Gross Domestic Product) is spent on healthcare (5). As a result, healthcare is distinctly the largest industry in the US economy. One trend is that the expenditure on healthcare in the US has continued to grow over time – 5% of GDP in 1960 to 15% GDP in 2010. There are many reasons for such an increase in costs – Demand for better care – The average cost for cancer treatment is near $60,000 (1). Triple drug antiretroviral cocktails used to treat HIV average $12,000 per year (2). The accumulation of costs for a heart attack victim from hospital admission to discharge is $23,000 (3). Aging population – increased life expectancy – we are living longer and some say, by being sick. 4% of population were older than 65 years in 1960 – it is forecasted to 25% by 2050. Poor Lifestyle – increasing waist lines long queues before physician offices. Chronic diseases such as diabetes, high blood pressure means continuous physician visits, daily medicines thus, increasing costs. These costs are projected to increase as baby boomer generation is now retiring. Health care in the United States is provided by many separate legal entities. Health care facilities are largely owned and operated by theprivate sector. Health insurance is now primarily provided by the government in the public sector, with 60-65% of healthcare provision and spending coming from programs such as Medicare, Medicaid, TRICARE, the Children's Health Insurance Program, and the Veterans Health Administration. In addition, health care costs are also increasing due to aging population, poor life style, misdiagnosis and slow adoption of the technology. Nuemorous research studies have demonstrated that the adoptation of technologies, for example IT, will not only improve the quality of health care but also improve work flow efficiencies of health care providers. Growth in Total Health Expenditure Per Capita, U.S. and Selected Countries, Source: Organization for Economic and Co-operation and Development (OECD), 2010 The cost of patient care is rising throughout the world with little correlation to quality of care in developed countries. Nowhere is this more evident than the US.

4 Why breaches? Don’t know or Don’t care Steal information
Use of Technology Publicity & Show off Accidents Average cost per compromised record is approximately $300 to $400 Average cost $7M plus Portable Media Account for 22% of breaches (HHS list) Service providers cause 44% of breaches

5 The American Recovery and Reinvestment Act of 2009 and HITECH

6 Medicare and Medicaid Meaningful Use Incentives
Penalties after For eligible professionals

7 OCR/HHS Audit Policies and procedures Risk Analysis and Management
Documentation Training BA Agreement and Contracts Risk Analysis and Management

8 Health Information Exchange (HIE)
An HIE automates the transfer of health-related information that is typically stored in multiple Organizations, while maintaining the context and integrity of the information being exchanged. An HIE provides access to and retrieval of patient information to authorized users in order to provide safe, efficient, effective and timely patient care. Formal organizations have been formed in a number of states and regions that provide technology, governance and support for HIE efforts. Those formal organizations are termed health Information organizations (HIO) or even regional health information organizations (RHIO). Key- Multi-directional

9 HIPAA Titles - Overview

10 HIPAA Security Rule Brief overview of this with emphasis on where we are going later.

11 Information Security Model
Confidentiality Limiting information access and disclosure to authorized users (the right people) Integrity Trustworthiness of information resources (no inappropriate changes) Availability Availability of information resources (at the right time) 11

12 Protected Health Information(PHI)
Individually Identifiable Health Information PHI

13 Trends in Healthcare IT
Informatics Collaboration Mobile Computing HIE

14 EMR and EHR systems CDC Survey

15 For Eligible Hospital & CAH

16 Risk Assessment Methodology Flowchart(NIST)
Step 1: System Characterization Hardware, Software, System Interfaces, Data and Information, People and System mission System boundary, functions, criticality and sensitivity Step 2: Threat Identification History of system attack, Data from intelligence agencies Threat Statement Step 3: Vulnerability Identification Reports from previous risk assessments, any audit comments, security requirements, security test results List of potential vulnerabilities Step 4: Control Analysis Current controls and planned controls List of current and planned controls Step 5: Likelihood determination Threat source motivation, threat capacity, Nature of vulnerability, current controls Likelihood rating Step 6: Impact Analysis Mission impact analysis, asset criticality assessment, data criticality, data sensitivity Impact rating Step 7: Risk Determination Likelihood of threat exploitation, magnitude of impact, adequacy of planned or current controls Risk and Associated risk levels Step 8: Control Recommendation Recommended controls Risk Assessment Methodology Flowchart(NIST)

17 HIPAA/HITECH Security Assessment Cycle
Find out where your business is weak Determine the compliance and security needs & gaps Put reasonable policies and business processes in place Implement the right technologies & processes to help with enforcement Re-evaluate on a periodic and consistent basis

18 Best Practices Framework
EHR 2.0 HIPAA Security Best Practices Framework 4. Prioritize & Select Key Control Areas 2. Assessment of existing safeguards, policies and procedures 1. Determine ePHI Systems, Activities and People 6. Documentation, Training and Reasssesment 5. Implement HIPAA Corrective Measures 3. Gap Analysis comparing existing vs. required HIPAA security rule The New Trend in Healthcare IT

19 Security – A Overarching Driver
Regulations &Standards Federal /State International Laws Reputation Value Compliance 19

20 What do we do … Education Consulting Toolkit Tools
Risk Analysis for Meaningful Use HIPAA /HITECH Security Assessment Federal Audit Advisory Services 1 Healthcare IT Security and Compliance Risk Assessment Mobile & Social Media Compliance 2 Consulting Toolkit Tools Best practices Checklist Policies and Procedures 3 The New Trend in Healthcare IT

21 THANK YOU! www.ehr20.com info@ehr20.com
The New Trend in Healthcare IT

Download ppt "Healthcare IT Security and Compliance"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.

EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Security Controls – What Works

Security Controls – What Works
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.

Similar presentations

Ads by Google