Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United.

Published byAmy Huddle Modified over 9 years ago

Similar presentations

Presentation on theme: "© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United."— Presentation transcript:

1 © Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior, express written permission of Clearwater Compliance LLC. You may not alter or remove any copyright or other notice from copies of this content. For reprint permission and information, please direct your inquiry to bob.chaput@clearwatercompliance.com bob.chaput@clearwatercompliance.com

2 © Clearwater Compliance LLC | All Rights Reserved Legal Disclaimer 2 Legal Disclaimer. This information does not constitute legal advice and is for educational purposes only. This information is based on current federal law and subject to change based on changes in federal law or subsequent interpretative guidance. Since this information is based on federal law, it must be modified to reflect state law where that state law is more stringent than the federal law or other state law exceptions apply. This information is intended to be a general information resource regarding the matters covered, and may not be tailored to your specific circumstance. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND ADVICE PROVIDED HEREIN IN CONSULTATION WITH YOUR LEGAL OR OTHER ADVISOR, AS APPROPRIATE. The existence of a link or organizational reference in any of the following materials should not be assumed as an endorsement by Clearwater Compliance LLC.

3 © Clearwater Compliance LLC | All Rights Reserved Instructional Module 8: How to Create a Culture of Compliance 3

4 © Clearwater Compliance LLC | All Rights Reserved Module 8. Overview 4 3.Learning Objectives Addressed In This Module – Describe real breach experiences that motivate organizations – Articulate the Breach Notification process and how to operate efficiently and effectively – Develop a plan to take advantage of Breach as an opportunity to engage senior management – Learn and understand that privacy, security and compliance are, ultimately, people issues – Recognize that culture drives practice - - not tools and rules – Know that you can lead from anywhere and that only sustainable change actually transforms people and processes 1.“How to Create a Culture of Compliance” 2.Instructional Module Duration = 60 minutes

5 © Clearwater Compliance LLC | All Rights Reserved Policy defines an organization’s values & expected behaviors; establishes “good faith” intent People must include talented privacy & security & technical staff, engaged and supportive management and trained/aware colleagues following PnPs. Procedures or processes – documented - provide the actions required to deliver on organization’s values. Safeguards includes the various families of administrative, physical or technical security controls ( including “guards, guns, and gates”, encryption, firewalls, anti-malware, intrusion detection, incident management tools, etc.) Balanced Compliance Program Four Critical Dimensions Clearwater Compliance Compass™ 5

6 © Clearwater Compliance LLC | All Rights Reserved 9 Actions to Take Now 6 4.Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A)) 5.Complete a HIPAA Security Evaluation (= compliance assessment) (45 CFR § 164.308(a)(8)) 6.Complete Technical Testing of Your Environment (45 CFR § 164.308(a)(8)) 7.Implement a Strong, Proactive Business Associate / Management Program (45 CFR §164.502(e) and 45 CFR §164.308(b)) 8.Complete Privacy Rule and Breach Rule compliance assessments (45 CFR §164.530 and 45 CFR §164.400) 9.Document and act upon a remediation plan 1.Set Privacy and Security Risk Management & Governance Program in place (45 CFR § 164.308(a)(1)) 2.Develop & Implement comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530 and 45 CFR §164.316) 3.Train all Members of Your Workforce (45 CFR §164.530(b) and 45 CFR §164.308(a)(5)) Demonstrate Good Faith Effort!

7 © Clearwater Compliance LLC | All Rights Reserved How to Build a Culture of Compliance 7

8 © Clearwater Compliance LLC | All Rights Reserved What is a Culture of Compliance? 8 The backdrop, the standard, the expectation ‘Guardrails’ placed by society, employers, peers.

9 © Clearwater Compliance LLC | All Rights Reserved Where does it come from? 9 From the top down – It is learned – Applies to everyone – Consistently – Enforced by ALL – Real sanctions And the bottom up – If you are doing it right

10 © Clearwater Compliance LLC | All Rights Reserved Why A Culture of Compliance? Anyone can make something happen... But you have to keep it happening. This is how sustainable change happens – Personally – Organizationally No one can do it alone – Every member of your work force has to a Privacy and Security Officer 10

11 © Clearwater Compliance LLC | All Rights Reserved Good Culture is Good Business 11 Breaches cost money – Total net cost of 10,000 records lost w/breach insurance at 80% of direct costs = $1,560,000 1 Loss of Reputation Loss of Patients Loss of Quality of Care Building culture – Requires consistency – “Is like a Chinese water torture” Asking Questions/Making Suggestions There is a return on Investment for good privacy and security 1 American National Standards Institute: “The Financial Management of Cyber Risk”

12 © Clearwater Compliance LLC | All Rights Reserved Then and Now David’s world Pre-HIPAA (Privacy issued pre- compliance; Security no published No burning platform Little awareness of Privacy and Security issues, concerns Senior leadership: Not our problem Under staffed, under budgeted The old healthcare paradigm Meredith’s world Post-HIPAA, Post Omnibus Enforcement, fines, media attention Everyone knows what can happen Senior leadership: I’ll hire someone to take care of it Under staffed, under budgeted Drastic changes in care delivery models and reimbursement Incredible new pressures on providers 12

13 © Clearwater Compliance LLC | All Rights Reserved And what hasn’t changed This is a people issue... Not technological This is about behaviors and habits... Not rules This is about understanding what you can and can’t do and how to do it... Not keeping people from doing what they need to do This is, ultimately about taking care of people (patients, staff, workforce, physicians/caregivers) 13

Download ppt "© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Educational Specialists Performance Evaluation System

Educational Specialists Performance Evaluation System
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,

SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United.

© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United.

Similar presentations

Ads by Google