Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.

Published byDouglas Sims Modified over 8 years ago

Similar presentations

Presentation on theme: "What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions."— Presentation transcript:

1

2 What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions & Code Sets –Security

3 Administrative Simplification nPrivacy – April 14, 2003 - implemented nTransaction Standards and Code Sets – October 16, 2003 - implemented nSecurity – April 20, 2005 – it’s right around the corner

4 Goals of Administrative Simplification nProtect the security and privacy of patient information nImprove efficiency and effectiveness by standardizing electronic transmissions of: –Financial transactions –Administrative transactions

5 Who is covered by HIPAA? n“Covered Entity” –Health Care Providers –Clearinghouses –Health Plans nBusiness Associates –Entity that does a task on our behalf and, –Utilizes Protected Health Information (PHI) –Examples: Temp agencies, Medical Director, Pharmacy consultant

6 What does HIPAA Protect? nProtected Health Information PHI –Created or received by a health care provider AND –Involves past, present, or future treatment OR –Payment for such services, AND –Identifies the individual (IIHI) AND –Transmitted or maintained in ANY form

7 What is the Security Rule?

8 Important Security Facts nOnly applies to e-PHI nRequires a Risk Assessment nRequires a more Technical Solution nEffective April 20, 2005

9 What does the Security Rule Protect? nElectronic Protected Health Information (e-PHI) –Created or received by a health care provider AND –Involves past, present, or future treatment OR –Payment for such services, AND –Identifies the individual AND –Transmitted by or maintained in ELECTRONIC MEDIA

10 Security Rule Core Requirements Covered Entities must ensure the confidentiality, integrity, and availability (CIA) of e-PHI they create, receive, maintain, or transmit.

11 Security Rule Core Requirements Covered Entities must protect against any reasonably anticipated threat or hazard to the security or integrity of e-PHI.

12 Security Rule Core Requirements Covered Entities must protect against any anticipated uses or disclosures of e-PHI that are not permitted under the law.

13 Security Rule Core Requirements Covered Entities must ensure compliance with the Security rule by all it’s workforce members.

14 Security Rule Components Three Categories: nAdministrative Safeguards nPhysical Safeguards nTechnical Safeguards

15 Security Rule Components nStandards – General requirement that must be complied with. Example: Contingency Planning nImplementation Specifications – Detailed or specific method or approach to meet a Standard. Example: Data backup plan, disaster recovery plan nImplementation Specifications can be either Required or Addressable. (But none are optional)

16 Security Rule - Administrative Focuses on Security Management Process designed to: –Prevent –Detect –Contain –and Correct Security Violations

17 Security Rule - Administrative nStandards Include: –Security Management Process –Assigning Security Responsibility –Workforce Security –Information Access Management –Security Awareness/Training –Security Incident Reporting –Contingency Planning –Evaluation of Security Measures

18 Security Rule - Physical Focuses on protecting e-PHI from: –Unauthorized Disclosure –Modification –Destruction

19 Security Rule - Physical nStandards include: –Facility Access Controls –Workstation Use –Workstation Security –Device and Media Controls

20 Security Rule - Technical Focuses on Technological Measures to ensure: –Confidentiality –Integrity –Availability

21 Security Rule - Technical nStandards Include: –Access Control Measures –Audit Controls –Integrity Controls –Person or Entity Authentication Controls –Transmission Security Measures

22 Where do we begin? Conduct a Risk Assessment

23 What is a Risk Assessment? A Risk Assessment will provide information needed to make risk management decisions regarding the degree of security remediation.

24 Components of the Risk Assessment nIdentifies Risks, Threats and Vulnerabilities that may occur if appropriate security measures are not put in place nIdentifies potential confidentiality, integrity and availability issues nIdentifies the impact and probability of a risk nIdentifies mitigation options

25 What is a Risk, Threat and Vulnerability? n Risk – What can happen if a threat exploits a vulnerability. n Threat – Who or what can cause an undesirable event. n Vulnerability – How a weakness in technology or organizational process can be exploited by a threat.

26 What is CIA? n Confidentiality – e-PHI disclosed to unauthorized persons n Integrity – e-PHI modified by unauthorized persons n Availability – e-PHI unavailable to authorized persons

27 What is Impact and Probability? n Impact – The effect a particular incident would have. Measured high, medium or low. n Probability – Likelihood of an incident occurring. Measured high, medium or low.

28 Risk Assessment Let’s discuss an example of a risk, threat and vulnerability.

29 Scenario nYou are in an unfamiliar City nDecide to take a night time walk nStreet is dark – no pedestrians; no traffic nYou are all alone nExcessive Graffiti on the walls

30 Scenario nWhat is the Risk? –(What might happen) nWhat is the Threat? –(Who) nWhat is the Vulnerability? –(How could it happen)

31 Scenario nWhat is the Risk? (What might happen) –You might be attacked –You might be robbed nWhat is the Threat? (Who) –A mugger nWhat is the Vulnerability? (How could it happen) –You are in a strange location –You don’t know your way around

32 Where do we document the findings? Risk Assessment Matrix

33 What is the Risk Assessment Matrix? nDocuments the analysis performed for each Standard and Implementation Specification. nOne Matrix for each e-PHI instance.

34 Risk Assessment Let’s look at the Risk Assessment Matrix

35 Risk Assessment

36 What is My Role in the Risk Assessment? nIdentify Risks, Threats and Vulnerabilities nIdentify potential Confidentiality, Integrity and Availability outcomes nDetermine Potential and Impact of Risks nIdentify Mitigation Alternatives nHelp Implement Solutions

37 Now what? nIdentify Teams for each e-PHI Application nConduct Brainstorming Sessions nComplete the Risk Assessment Matrix nSelect Mitigation Plans nImplement Corrective Actions nMonitor to Ensure Compliance

38 Anything Else? Work together to ensure our organization is HIPAA Compliant by April 20, 2005

39

Download ppt "What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Health information security & compliance

Health information security & compliance
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google