Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014
|
|
- Wilfrid Wade
- 8 years ago
- Views:
Transcription
1 Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014
2 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright Winxnet, Confidential and Proprietary.
3 Introduction Christopher Claudio Co-Founder / CEO Winxnet Winxnet - national leader in HIT consulting IT & EHR Outsourcing, consulting and management for healthcare organizations, IDNs and hospitals 70+ employees, 4 locations southeast New England Board of Trustees Maine Medical Center (637 bed Tertiary hospital largest in State of Maine) EPIC executive committee MaineHealth (top 100 IDN) Multiple IT Governance and Strategy committees for primary care and specialty/sub-specialty practices Microsoft, Cisco and Citrix certified engineer 3 Copyright Winxnet, Confidential and Proprietary.
4 Session Overview HIT Budgeting 101 the core considerations Foundational budgeting / IT Governance Myths that cost your practice money Security and compliance planning EHR budgeting today and in the future HIT Where are we going? Q & A 4 Copyright Winxnet, Confidential and Proprietary.
5 HIT Budgeting 101 The Foundation The Budget Process Physician and administrative leadership involvement IT Steering committee / exec committee Strategic plan alignment An Annual Process Start at least 3 months before fiscal Capex v. Opex analysis Document it (Strategic IT Plan) Plan for change (10% variance) 5 Copyright Winxnet, Confidential and Proprietary.
6 HIT Budgeting 101 Continued Capital expenses to always budget for: Hardware / Software / Networking Projects Telecommunications EHR Upgrades Training Security/Compliance audit Operating expenses to always budget for: EHR / Application maintenance Cloud Services Telecommunications IT Management / Support Security and Compliance 6 Copyright Winxnet, Confidential and Proprietary.
7 10 Myths That May Cost Your Practice $ 1. PC / device / laptop lifecycles are every 3 years 2. Software lifecycles are every 1-3 years 3. Maintenance/warranty support required for every device 4. Cloud solutions are always cheaper 5. HIPAA police don t exist 6. My vendors are compliant because they told me 7. Data storage is expensive 8. My EHR is certified so I am HIPAA compliant 9. Changing EHRs will fix everything 10. My EHR vendor will address the problems 11. My EHR data is getting backed up 7 Copyright Winxnet, Confidential and Proprietary.
8 Privacy vs. Security Privacy Rule: Sets the standards for who may have access to PHI Security Rule: Sets the standards for ensuring that only those who should have access to EPHI will actually have access Security: far more documentation and updates required The messy one, and ongoing, ever changing Privacy Rule applies to PHI which may be electronic, oral or paper form Security Rule applies only to EPHI 8 Copyright Winxnet, Confidential and Proprietary.
9 That was then In 2010, there were 212 major healthcare breaches. 5.4 million patients How and Where: 49% of ephi data breaches from lost or stolen mobile devices 81% of providers use mobile devices to access and/or store patient data 49% of providers do not protect mobile devices containing patient data 9 Copyright Winxnet, Confidential and Proprietary.
10 This is Now From , there were 540 major healthcare breaches. 21 million patients 400% increase 10 Copyright Winxnet, Confidential and Proprietary.
11 2011 By the Numbers* 149 breaches of protected health information (PHI) 10,841,802 patient health records affected 49,396 average # of patient records per breach in 2011 (80% incr. over 2010) 59% of all patient records breached involved a business associate (vendor) 39% occurred on a laptop or other portable device 25% occurred on a desktop PC or server 60% resulted from malicious intent (theft, hacking) 97% increase in total records breached, % increase in records breached involving a business associate, % growth in records breached due to loss the top 5 major incidents resulted in 57% of all patient records breached 20 the top 20 major incidents resulted in 88% of all patient records breached 11 Copyright Winxnet, Confidential and Proprietary. *Minimum of 500 Individuals Affected
12 2012 By the Numbers* 192 breaches of protected health information (PHI) 2,983,984 patient health records affected in % increase in # of large breaches in 2012 over % decrease in # patient records 67% of all breaches a result of theft or loss 57% of all patient records breached involved a business associate 5X Historically, breaches at business associates have impacted 5 times as many patients records as those at a covered entity 38% of incidents were as a result of an unencrypted laptop or other portable electronic device 63.9% of all records breached in 2012 resulted from the 5 largest incidents 780,000 number of records breached in the single largest incident of Copyright Winxnet, Confidential and Proprietary. *Minimum of 500 Individuals Affected
13 2013 By the Numbers* 199 breaches of protected health information (PHI) 7,095,145 patient health records breached in % increase in number of patient records breached % percent of the total records breached in 2013 resulted from the 5 largest incidents 4,029,530 records breached in the single largest incident 83.2% of 2013 of patient records breached in 2013 resulted from theft 22.1% of breach incidents in 2013 resulted from unauthorized access 35% of 2013 incidents were due to the loss or theft of an unencrypted laptop or other portable device ~20 of PHI breaches have involved a business associate each year from % of patient records breached involved a BA 13 Copyright Winxnet, Confidential and Proprietary. *Minimum of 500 Individuals Affected
14 Breach Numbers* - Summarized 804 breaches of protected health information (PHI) since ,276,385 patient health records affected since % breaches involving BA % of total patient records breached involving BA % of total patient records breached involving BA Copyright Winxnet, Confidential and Proprietary. *Minimum of 500 Individuals Affected
15 HIT Security and Best Practices Assessing Your Risk IT Governance Technology Encryption / Mobile Device Mgmt (MDM) Summary 15 Copyright Winxnet, Confidential and Proprietary.
16 Assessing Your Risk Physical Logistical/Administrative Technical Procedural Organizational 16 Copyright Winxnet, Confidential and Proprietary.
17 IT Governance Measurable Repeatable Accountable Good Systems/Tools (SIEM) The Right People 17 Copyright Winxnet, Confidential and Proprietary.
18 Technology News Flash No Single Solution Firewalls Intrusion Detection/Prevention Reporting (SIEM) Encryption Hardware Resting data / PHI Messaging Security Policies Passwords length/complexity/duration/storage (not) Enforcement Systems Management Tools/Best Practices (see IT Governance) Technology can t beat common sense be smart/teach 18 Copyright Winxnet, Confidential and Proprietary.
19 Mobile Device Management / Encrypt USB Locks / Physical Locks GPS Locate Remote Wipe Encryption All Devices BYOD Policing / Management Clinical Device Management Education 19 Copyright Winxnet, Confidential and Proprietary.
20 Security / Compliance Top 5 Budget Items 1. HIPAA security risk analysis (annually) 2. Encryption All Devices (Clinical Device Management/Ancillary) 3. Install a Security Information and Event Management (SIEM) tool 4. Managed Security Services 5. Staff Training / Documentation of Policies and Procedures 20 Copyright Winxnet, Confidential and Proprietary.
21 EHR Budgeting 1. Support and Maintenance 2. Upgrades (ICD10, MU) 3. Interfaces 4. BI / ACO Reporting 21 Copyright Winxnet, Confidential and Proprietary.
22 HIT Future 1. EMR vendor consolidation 2. HIE collapse into IDNs (public to private HIE) 3. Rigorous reimbursement criteria expansion PCMH Capitation 4. Interface innovation 22 Copyright Winxnet, Confidential and Proprietary.
23 QUESTIONS & COMMENTS
A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK
A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK Chris Apgar Andy Nieto 2015 OVERVIEW How to get started assessing your risk What your options are how to protect PHI What s the
More informationThe Must Have Tools To Address Your Compliance Challenge
The Must Have Tools To Address Your Compliance Challenge Industry leading Education October 21 - Top 5 tools to help you achieve HIPAA compliance November 11 - Saving time and money through web-based benefits
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationAre You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives
Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationPart 14: USB Port Security 2015
Part 14: USB Port Security This article is part of an information series provided by the American Institute of Healthcare Compliance in response to questions we receive related to Meaningful Use and CEHRT
More informationOCR UPDATE Breach Notification Rule & Business Associates (BA)
OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the
More informationJoe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
More informationHIPAA: Compliance Essentials
HIPAA: Compliance Essentials Presented by: Health Security Solutions August 15, 2014 What is HIPAA?? HIPAA is Law that governs a person s ability to qualify immediately for health coverage when they change
More informationMedicaid Enterprise Systems Conference 2012
Medicaid Enterprise Systems Conference 2012 Best Practices for Using HIT and HIEs to Keep PHI Secure in an Increasingly Mobile and Technical World Presenters: Charles Sutton, Senior Executive Health Product
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security
More informationPlease Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax
Please Read This business associate audit questionnaire is part of Apgar & Associates, LLC s healthcare compliance resources, Copyright 2014. This questionnaire should be viewed as a tool to aid in evaluating
More informationLocking Down the Cloud for Healthcare. Kurt Hagerman Chief Information Security Officer
Locking Down the Cloud for Healthcare Kurt Hagerman Chief Information Security Officer SECURITY TRENDS Healthcare businesses are fighting REAL threats Threats are growing over time by percent of breaches
More informationWHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE
WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationPatient Privacy and Security. Presented by, Jeffery Daigrepont
Patient Privacy and Security Presented by, Jeffery Daigrepont Jeffery Daigrepont, SVP No Financial Conflicts to Report Jeffery Daigrepont, Senior Vice President of The Coker Group, specializes in health
More informationHIPAA Risk Assessments for Physician Practices
HIPAA Risk Assessments for Physician Practices Eric Sandhusen Corporate Compliance Director and Privacy Officer Lloyd Torres Director of Ambulatory HIM DISCLAIMER The statements and opinions presented
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationData Security in a Mobile, Cloud-Based World
Data Security in a Mobile, Cloud-Based World Jacob Buckley-Fortin CEO ehana What we ll cover Trends Risks Recommendations 1 Trends Mobile Has Taken Over Trend #1 2 3 450 million users worldwide Adopted
More informationHIPAA COMPLIANCE PLAN FOR 2013
HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt
More informationHIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012
HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationElectronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security
Electronic Communication In Your Practice How To Use Email & Mobile Devices While Maintaining Compliance & Security Agenda 1 HIPAA and Electronic Communication 2 3 4 Using Email In Your Practice Mobile
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationHIPAA Audits Are Happening. eroi
HIPAA Audits Are Happening. eroi Are You at Risk? efiling Advanced efile Form Completion Charting Host: Kathryn Ayers Wickenhauser Meaningful Use / HIPAA Compliance Consultant Kathryn.Wickenhauser@DatafileTechnologies.com
More informationHealthcare to Go: Securing Mobile Healthcare Data
Healthcare to Go: Securing Mobile Healthcare Data Lee Kim, Esq. SANS Mobile Device Security Summit 2013 May 30, 2013 Copyright 2013 Lee Kim 1 Why Information Security is Essential for Healthcare Safeguard
More informationHow to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents
More informationTop 20 IT Risks for the Healthcare Industry and How to Mitigate Them
Top 20 IT Risks for the Healthcare Industry and How to Mitigate Them By Raj Chaudhary, CRISC, CGEIT, and Robert L. Malarkey, CISSP, CISA Moving into 2015, the healthcare industry continues to undergo dramatic
More informationQ: How does a provider know if their Email system has encryption? Do big email services (gmail, yahoo, hotmail, etc.) have built-in encryption?
Q: How does a provider know if their Email system has encryption? Do big email services (gmail, yahoo, hotmail, etc.) have built-in encryption? A. Most e-mail systems do not include encryption. There are
More informationStraight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes
Watch the Replay Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes FairWarning Executive Webinar Series May 20, 2014 #AnytimeAudit Today s Panel Laura E. Rosas, JD, MPH
More informationManaging Mobile Device Security
Managing Mobile Device Security Kathy Downing, MA, RHIA, CHPS, PMP AHIMA Director Practice Excellence Objectives Understand how HIPAA and HITECH apply to mobile devices. Understand the oversight needed
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationPREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.
PREP Course #25: Hot Topics in Cyber Security and Database Security Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.edu Objectives Discuss hot topics in cyber security and database
More informationGetting Hip to the HIPAA and HITECH Act Compliance
Getting Hip to the HIPAA and HITECH Act Compliance NaNotchka M. Chumley, D.O., M.P.H. Family Medicine Physician Los Angeles, CA Integrating Global Trade & Logistic and Cybersecurity Westin St. Francis,
More informationHIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP
HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationView the Replay on YouTube. Sustainable HIPAA Compliance: Enhancing Your Epic Reporting. FairWarning Executive Webinar Series October 17, 2013
View the Replay on YouTube Sustainable HIPAA Compliance: Enhancing Your Epic Reporting FairWarning Executive Webinar Series October 17, 2013 Today s Panel Chris Arnold FairWarning VP of Product Management
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationIRONKEY CASE STUDIES. Healthcare Solutions
IRONKEY CASE STUDIES Healthcare Solutions HEALTHCARE Business Problem Healthcare providers, insurers and pharmaceutical companies, have a lengthening list of regulations and standards on protecting confidential
More informationHow To Find Out What People Think About Hipaa Compliance
Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients
HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationHELPFUL TIPS: MOBILE DEVICE SECURITY
HELPFUL TIPS: MOBILE DEVICE SECURITY Privacy tips for Public Bodies/Trustees using mobile devices This document is intended to provide general advice to organizations on how to protect personal information
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationDeveloping a Policy for Bring Your Own Device. Report to the Joint Legislative Oversight Committee on Information Technology
Developing a Policy for Bring Your Own Device Report to the Joint Legislative Oversight Committee on Information Technology Chris Estes State Chief Information Officer Office of Information Technology
More informationHIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates
HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationSecure Endpoint Management. Presented by Kinette Crain and Brad Lewis
Secure Endpoint Management Presented by Kinette Crain and Brad Lewis Brad Lewis Brad Lewis - Service Specialist 14 years of IT experience In-House Support Manager Network Administrator Assessing Risk:
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationHIPAA Privacy and Security Requirements
600 East Superior Street, Suite 404 I Duluth, MN 55802 I Ph. 800.997.6685 or 218.727.9390 I www.ruralcenter.org HIPAA Privacy and Security Requirements Joe Wivoda CIO and HIT Consultant June 19, 2013 Purpose
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationBring Your Own Device
Bring Your Own Device A White Paper Prepared by Bob Wolverton, Ed Prepared by Bob Wolverton, EdD Northwest Regional Telehealth Resource Center bob@nrtrc.org www.nrtrc.org Bring Your Own Device What is
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationHave you ever accessed
HIPAA and Your Mobile Devices Not taking the appropriate precautions can be very costly. 99 BY MARK TERRY Alexey Poprotskiy Dreamstime.com Have you ever accessed patient data offsite using a laptop computer,
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Data Handling and Storage Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationHIPAA and Cloud IT: What You Need to Know
HIPAA and Cloud IT: What You Need to Know A Guide for Healthcare Providers and Their Business Associates GDS WHITE PAPER HIPAA and Cloud IT: What You Need to Know As a health care provider or business
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationChecklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @
Checklist for Breach Readiness Enabling a Resilient Organization Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Facts about breach violation impact
More informationDSHS CA Security For Providers
DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public
More informationHot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security
Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any
More informationHosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE
Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance
More informationInformation Security for the Rest of Us
Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationAVOIDING THE BREACH 5 Common Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
AVOIDING THE BREACH 5 Common Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk Chris Bowen, MBA, CISSP, CIPP/US, CIPT Founder, Chief Privacy & Security Officer The majority of breaches
More informationThe CIO s Guide to HIPAA Compliant Text Messaging
The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially
More informationHIPAA Security Balancing Security & Costs
HIPAA Security Balancing Security & Costs Balancing Security & Cost Threats Budget Priorities Top Threats Loss or Theft of Devices Workforce/Third Parties Threats from Workforce Members and Third Parties
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationHIPAA Requirements and Mobile Apps
HIPAA Requirements and Mobile Apps OCR/NIST 2013 Annual Conference Adam H. Greene, JD, MPH Partner, Washington, DC Use of Smartphones and Tablets Is Growing 2 How Info Sec Sees Smartphones Easily Lost,
More informationBring Your Own Device
Bring Your Own Device Save costs, deliver flexible working and manage the risks Gary Shipsey Managing Director 25 September 2014 Agenda Bring Your Own Device (BYOD) and your charity and how to avoid the
More informationSecure Mobile. Mark Blatt MD Global HealthCare Strategy Intel Corporation January 2011
Secure Mobile Computing Mark Blatt MD Director Global HealthCare Strategy Intel Corporation January 2011 Breaches Cost the Enterprise Risks are Growing, Costs are Increasing Prevention the Best Solution
More informationPREP Course #23: Privacy and IT Security for Researchers
PREP Course #23: Privacy and IT Security for Researchers Presented by: Emmelyn Kim, Office of Research Compliance & Debbie Wright, Office of Corporate Compliance CME Disclosure Statement The North Shore
More informationPrivacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:
HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationEnforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance
Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Iliana Peters, JD, LLM, HHS Office for Civil Rights Kevin
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationCyber Security An Exercise in Predicting the Future
Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures
More information= AUDIO. The Importance of Mobile Device Management in HIT. An Important Reminder. Mission of OFMQ 12/9/2015
The Importance of Mobile Device Management in HIT Mario Cruz OFMQ Chief Information Officer An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906 0123. Step 2: Enter code 2071585#.
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationDell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationSecurity Compliance, Vendor Questions, a Word on Encryption
Security Compliance, Vendor Questions, a Word on Encryption Alexis Parsons, RHIT, CPC, MA Director, Health Information Services Security/Privacy Officer Shasta Community Health Center aparsons@shastahealth.org
More information