Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

Published byDwain Rodgers Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007."— Presentation transcript:

1 Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007

2 Compliance and Policies Facts: –Compliance is a continuous process –Businesses change –Processes continue to evolve –New technologies are implemented –Policies, if followed and implemented can protect the institution. –Compliance today does not mean compliance tomorrow.

3 Policies are moving Targets and must be revised to meet the challenges of the changing business and regulatory environments.

4 Florida Statute § 817.5681 Data Breach Notification Statute Cutting Edge Policies State/Federal The ever-changing regulatory environment…. HIPAA GLBA FERPA 21 CFR Part 11 CAN-SPAM ACT OF 2003 PCI FAIR CREDIT REPORTING ACT/FACTA PATRIOT ACT FRCP – E-discovery

5 Regulatory Issues Sensitive Information Identity Theft/ Medical Identity Theft –Increasing problem at Healthcare providers –Fraud Financial (Organizational) Data - (Confidential) Research data Intellectual Property (Research papers/innovations) Email –Student, Faculty and Staff (sent and received) JCAHO FDA Billing Compliance

6 Data Breach Notification Laws As of January 2007 – 35 states have enacted such laws to disclose security breaches involving personal information. Such laws are intended to protect consumers and hold organizations liable for the protection of personal information.

7 Institutional Response Ideally you need institutional privacy and information security practices Move away from the “siloed”, purely compliance approach It’s all about facilitating effective business processes and reducing risk Considerable opposition from “entrenched” areas This approach can only succeed with “hands on” C-level leadership –and evolution into an appropriate governance structure

8 Institutional Response Develop and implement an Enterprise Incident Response Plan Test the Enterprise Incident Response Plan to make sure it works Create procedures that allow the organization to respond in a timely, thoughtful and savvy manner that minimizes damage to the reputation and image of the institution.Create procedures that allow the organization to respond in a timely, thoughtful and savvy manner that minimizes damage to the reputation and image of the institution.

9 WORD TO THE WISE It is far less costly to prevent a data breach than it is to respond to one! According to SC Magazine and the Ponemon Institute, the estimated cost of a data breach is $182 per compromised record in addition to the indirect costs for lost employee productivity and opportunity costs related to customer loss which may add up to over $10 million dollars.

10 2008 CPT Changes How will it affect your Policies? Did you know that third party payors will pay for E-visits beginning in 2008? –An e-visit is an electronic alternative to a traditional office visit. Does your organization have policies that govern e- mail communications between physicians and their patients? Do you have a secure mail system or portal that allows for the exchange of encrypted E-PHI? Do you have policies to address what types of documentation are required to bill for an e-visit and what documentation must be maintained and for how long? NOTE: Unencrypted email should not include PHI or other sensitive information such as HIV, STDs, Substance Abuse, Domestic Violence or Psychotherapy Notes.

11 Policies & Compliance Keep it current Only implement policies with which your organization can comply Stay abreast of all current state and federal legislation that will affect your business Continually monitor your institution for new sites of service, changes in organizational structure, and new business units and practices Monitor your policies for compliance and adjust as needed. Disseminate changes and train the masses. Training and education are key to successful compliance programs.

12 Questions…….. Contact Information: Sharon A. Budman, MS Ed, CIPP Ishwar Ramsingh, MBA, CISSP, CISA, CISM Phone: 305-243-5000

Download ppt "Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.

Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,

PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

Similar presentations

Ads by Google