THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS : CHANGE, CHALLENGES AND CHOICE

Size: px
Start display at page:

Download "THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE"

Transcription

1 THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS : CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve regulatory compliance PRIVACY ANALYTICS Nothing personal.

2 INTRODUCTION Healthcare organizations are experiencing greater demand than ever to share data, both internally and externally. Yet, despite the need for sophisticated methods, organizations are relying on rudimentary approaches to managing the privacy and security of their data, leaving them and their patients at risk. In order to begin addressing this gap, the industry must identify what challenges healthcare organizations face and what methods are used when sharing sensitive information. The following summarizes the key findings from The State of Data Sharing for Healthcare Analytics : Change, Challenges and Choice. The survey was launched earlier this year by Privacy Analytics, in collaboration with the Electronic Health Information Laboratory, a group that conducts theoretical and applied research on the de-identification of health information. The survey assessed the state of data sharing in healthcare and the challenges in disclosing data for secondary use. Secondary use of health data applies to protected health information (PHI) that is used for reasons other than direct patient care, such as data analysis, research, safety measurement, public health, payment, provider certification or marketing. Healthcare organizations lack maturity in how they currently utilize their data 1, but data analytics in healthcare is taking hold. Investments made through the HITECH Act and other programs accelerated the adoption of technology, transforming healthcare in recent years. Vast amounts of data are now captured in electronic medical records, medical monitoring tools and information portals. One outcome has been a flood of requests for this sensitive information. From internal groups that want to monitor clinical quality to external organizations that aim to integrate data from various systems, healthcare organizations want to gain a comprehensive view of their patients and encourage innovation. Moving beyond individual data silos to integrated data systems that support decision-making and innovative research holds great promise, but progress to implement this has been slow. While staff, from executives to front-line workers, see the potential of data analytics, most are unsure of how to reconcile the need for detailed and high-quality data with privacy regulations. Because many individuals lack familiarity with advanced methods of de-identifying data, they are releasing information that has been stripped of its usefulness or even worse sharing data in a way that puts them at an unacceptably high risk of a breach. 1

3 FINDINGS AT A GLANCE THERE IS A LACK OF TOTAL CONFIDENCE IN THE ABILITY TO PROTECT PRIVACY. More than two out of three respondents lack complete confidence in their organization s ability to share data without putting privacy at risk. THE DEMAND FOR DATA IS GROWING AS FAST AS THE AMOUNT OF DATA BEING COLLECTED. More than half of the respondents plan to increase the volume of data stored or shared within 12 months and two-thirds currently release data for secondary use. INDIVIDUALS LACK FAMILIARITY WITH ADVANCED METHODS OF DE-IDENTIFYING DATA. As a result, they release information that has been stripped of its usefulness or share data in a way that puts them at an unacceptably high risk of a breach. MOST ORGANIZATIONS USE APPROACHES THAT CAN RESULT IN HIGH RISK DATASETS. More than 75 percent of respondents said that their organization uses one or more of the following: data-sharing agreements, data masking or Safe Harbor. HEALTHCARE ORGANIZATIONS ARE SLOWLY STARTING TO MONETIZE DATA ASSETS. One in six says they share data with other organizations for profit. 2

4 SURVEY PARTICIPANTS A total of 271 individuals completed the online survey between July and September The respondents held various levels of seniority in their organization, from the C-level (33%) to managers (40%) and employees (28%). Approximately one in three individuals surveyed is responsible for privacy and compliance in their organization. Another 23% work in the IT department. Others identified themselves as researchers, clinicians, project managers, analysts and consultants. This diversity reflects the broad spectrum of individuals involved in privacy decision-making. Respondents were mainly located in the U.S. (75%) and Canada (18%), with a small number of individuals located in Europe (4%), Asia (3%) and other regions. LEGAL 5% PRIVACY 14% OTHER 42% COMPLIANCE 16% RESPONDENT ROLES IT 23% RESPONDENT JOB ROLES Other includes individual cross-appointed to more than one role, as well as those involved in management, research, clinical roles, finance, and marketing. 3

5 KEY FINDINGS The State of Data Sharing for Healthcare Analytics : Change, Challenges and Choice market survey reveals that, while healthcare organizations are seeing a surge in the demand to share data for secondary use, data analytics in healthcare is still immature. As a result, organizations can expect to feel mounting pressure to bring their data storage and sharing practices in line with emerging industry standards. HITRUST, the Institute of Medicine, PhUSE and the Canadian Council of Academies have all put forward guidelines that recommend the use of risk-based de-identification when disclosing PHI for secondary uses. The major findings of this survey reflect overall trends being seen in healthcare analytics. Results found here are consistent with those of surveys conducted by other reputable groups with interests in data security and privacy. One finding from the survey revealed that more than two out of three respondents lack complete confidence in their organization s ability to responsibly share data for secondary uses without putting individual privacy at risk. This is almost identical to a recent ISACA survey that found only 29% of privacy professionals are very confident in their enterprise s ability to ensure the privacy of its sensitive data. 2 To gain insight into healthcare organizations need to protect patient privacy, the challenges faced, and the approaches currently being used, the survey presented questions in three sections: Basics of data sharing, Current uses of data, and Challenges. The main findings from each section are presented below. 4

6 BASICS OF DATA SHARING Respondents see demand for their data coming from a variety of sources, both internal and external, and many already release data for secondary use. Internal uses of data include any data sharing within the organization that is not for providing care, such as quality assurance for products and fraud detection. While external data sharing occurs primarily with academic institutions for research and analysis, there is interest in greater sharing with other outside organizations, too. External uses of data include any use of data by an outside organization, such as for revenue or reporting purposes. Nearly two-thirds (62%) of respondents indicated that their organization currently releases data for secondary use. A majority (56%) are also planning on increasing the volume of data they share in the next 12 months, regardless of whether or not they already share data with others. Respondents who expressed an interest in de-identification said that it is primarily due to increased demand to share data externally (45%) and the desire to make use of sensitive data internally (41%). Other reasons include validation for compliance (26%), software testing (17%) and research (4%). The majority of respondents who already share data, either within their organization only or with another firm externally, are interested in sharing data externally in the future with academic institutions and researchers (46%). A large portion of respondents is interested in sharing data externally in the future with pharmaceutical companies (27%) and device manufacturers (14%). Health records are the leading type of data being stored or shared (55%) by respondents, followed by medical claims data (44%), trial data (36%), membership enrollment (33%), survey responses (33%), and device data (23%). In summary, demand for data is on the rise, including for organizations that only use data internally. It is important for organizations using data for any type of secondary purpose, including internal uses such as quality assurance, to protect it. 5

7 INTEREST IN USING DE-IDENTIFICATION Using data internally Sharing data externally Compliance and validation Software testing Research Percentage of respondents TYPES OF DATA BEING SHARED Health records Medical claim data Survey responses Membership or enrollment data Trial data Device data Percentage of respondents 6

8 CURRENT USES OF DATA Survey respondents indicated that they anticipate the demand for data to grow in the foreseeable future, with a few already starting to monetize their data. Those who have started monetizing data are slightly more inclined to use Safe Harbor de-identification strategies, but most are relying on data sharing agreements and masking techniques only. While Safe Harbor substantially reduces the risk Regardless of whether or not they currently share data, the majority of respondents foresee an increase in their data sharing practices within the next year. of re-identification, it does not provide the same level of rigor as risk-based de-identification thereby putting organizations at an unnecessarily high risk of a data breach. While data are often being used for secondary analysis such as research or fraud detection (60%), the largest use is for primary analysis, including quality assurance (72%). This finding is in line with a HealthLeaders Media survey conducted earlier this year showing the top analytic use of data is improving clinical quality. 3 The move towards monetizing data assets will be propelled by changes to hospital reimbursements. The shift to pay-for-performance models means CURRENT USES OF DATA Sharing for primary analysis Sharing for secondary analysis Sharing for profit Percentage of respondents 7

9 that providers will likely see declining reimbursements in the near term. Health insurers will also feel the pinch, caught between health providers and their clients. As business fundamentals become more important, data analytics will give insights on ways to cut costs and improve efficiencies. 4 But, expect these players to increasingly look to monetization of their data as a way to generate new revenues. The proportion of respondents that have begun monetizing their data assets (19%) is in line with research from Gartner that reported 30 percent of U.S. businesses will monetize their information assets by When it comes to data management practices, two-thirds of respondents are managing the majority of their data sharing practices in-house. When asked to identify their current data management practices, more than 75 percent of respondents said that their organization uses one or more approaches that could result in unknown data privacy compliance and risk, such as data-sharing agreements (50%) and data masking (31%). The use of Safe Harbor methodology is also on the rise (28%). Although Safe Harbor is recommended by regulators, it represents a minimum standard for de-identification that can leave data vulnerable to a breach. One in 13 respondents said their organization currently uses no data management practices. DATA MANAGEMENT TECHNIQUES Data sharing agreements Masking Safe Harbor de-identification Anonymization or de-identification Third party de-identification Not sure/none Percentage of respondents 8

10 However, one in five respondents says that their organization has taken steps to reduce risk by using expert determination de-identification software or third-party de-identification. This type of de-identification represents the most stringent data protection available. These organizations are more likely to be handling health records (57%), medical claims data (51%) or trial data (51%), some of the most sensitive types of data being handled today. While this small subset of organizations that handle sensitive data understands the complexities around data sharing, many more are leaving themselves open to unnecessary levels of risk and noncompliance. CURRENT CONCERNS IN DATA SHARING Re-identification concerns Cost Low knowledge on managing data Low knowledge on sharing and software Lack of data use policy No concerns Percentage of respondents MOST IMPORTANT ELEMENTS OF A PRIVACY SOLUTION Certifying compliance Granular high-quality data Tool fits into current infrastructure Tool is simple Able to understand risk of re-identification Rated by importance (10 being the most important) 9

11 CHALLENGES Healthcare organizations are slowly beginning to unlock their data for secondary uses. Faced with requests for sensitive information, they must balance the demand for high-quality, granular data with requirements for privacy compliance. Unfortunately, two out of three respondents lack complete confidence in their organization s ability to share data without putting individual privacy at risk. The demand for data, combined with the magnitude of PHI being collected in electronic medical records, medical monitoring apps and other healthcare networks, makes this a cause for concern. Healthcare is a heavily regulated environment where failure to act with care not only puts patient privacy at risk but exposes the organization to legal, financial and reputational penalties if there is a breach. Confidence in protecting privacy is correlated to an organization s data management practices. Respondents whose organizations use de-identification software or third-party de-identification services are more likely to have complete confidence in the ability to responsibly share data for secondary use. Respondents whose organizations use de-identification software or services are more likely to have complete confidence in the ability to responsibly share data for secondary use. Nearly half (48%) of the respondents cited preventing patient re-identification as a key challenge when storing and sharing data, with concern greatest among those who already share their data. Additional challenges include low staff knowledge on managing data safely (26%), low staff knowledge of data sharing practices and tools (25%), cost concerns (24%), 10

12 and lack of organizational policies (23%). Combined, low staff knowledge issues were identified as a challenge by fully half (51%) of the respondents. This is consistent with other surveys that found overcoming insufficient skills in analytics to be the top tactical challenge to performing analytics. 6 Knowledge gaps are a major concern and more education and training on de-identification and best practices in data management are needed at many organizations. When asked about privacy discussions within their own organizations and the benefits of data management solutions, reduced risk of privacy breaches and security were cited most often, followed closely by confidence in regulatory compliance. Subsequently, when asked about the importance of various privacy solutions, the most highly rated is the Ability to certify that data is compliant. This was found to be Very Important by more than 41% of the respondents. The ability to maintain the granularity of data was also frequently identified (by 32%) as Very Important. Thus, it would appear that healthcare organizations are seeking ways to responsibly share high-quality data while ensuring that they meet regulatory compliance. De-identification [allows us] to provide growth for our corporate culture of compliance. -Anonymous survey respondent In summary, respondents noted that their chief concern of protecting patients from re-identification is difficult to solve given a lack of knowledge and a lack of policy to achieve compliance. 11

13 CONCLUSION The growing demand to share health data brings with it growing risks. The proliferation of PHI and subsequent requests for data is pushing the boundaries of compliance as organizations try to satisfy demand. The response has been to err on the side of caution and keep data locked away. Unfortunately, most organizations still rely on rudimentary data management approaches, such as data sharing agreements and masking, that fail to fully comply with data protection laws and which fall far short of emerging standards that have universally recommended the need for risk-based de-identification when sharing data for secondary purposes. The number of organizations yet to embrace these more advanced approaches to data management is indicative of the slow pace of change in the industry, particularly when it comes to information technology. Without a staff that is fully knowledgeable of the tools and techniques to share data safely, organizations will continue to lack confidence in their ability to protect privacy when disclosing data. This should spur organizations to reduce their reliance on ad hoc practices and seek out education and expertise on better ways to responsibly share sensitive data. The results of the market survey are indicative of the gap between regulatory requirements and the industry s preparation to meet them, as was noted in a Deloitte Brief on privacy and security of protected health information. 7 The HITECH Act introduced a requirement for periodic audits of covered entities and business associates to check compliance with HIPAA Privacy, Security and Breach Notification Rules. The importance of ongoing risk analysis will be a central feature of these audits. A pilot audit program conducted in 2013 showed that few healthcare organizations had appropriate controls in place and that the industry needed to significantly improve its security and privacy programs. With the permanent audit program about to come into existence, 8 the clock has run out on organizations that have delayed the implementation of rigorous, risk-based privacy protocols and practices. Those who are in charge of storing and sharing PHI know that they must do so responsibly. The responses to this survey echo their struggles to prevent patient re-identification and meet regulatory compliance. Many organizations feel unprepared to responsibly store and share data for secondary purposes, and thus, are unable to advance analytics in their organization. Those organizations that have taken steps to improve their understanding of de-identification and follow emerging standards, like the Health Information Trust Alliance (HITRUST) and PhUSE guidelines, are in an advantageous position in the emerging field of healthcare analytics. They will benefit from the ability to broadly share data with small downside risk and confidently monetize their data. 12

14 METHODOLOGY Privacy Analytics sent a survey invitation to approximately 8500 professionals in their database who have responsibilities around PHI. Recipients work in a variety of settings, including hospitals and other healthcare providers, at healthcare payers, pharmaceutical and device manufacturers, research organizations and public agencies. Responses were collected from 339 professionals over a nine-week period from July to September Of those 271 individuals completed the survey, forming the dataset used in this report. The margin of error for the results is +/- 5.2%, at the edge of a 95-percent confidence interval. In order to gather responses anonymously, the online survey software SurveyMonkey was used. A link to the survey was sent to recipients via and was also posted to the Privacy Analytics website. Four out of five people who initiated the survey accessed it via the link in their . 13

15 REFERENCES 1 International Institute for Analytics and HIMSS Analytics. (2014, February 24). The State of Analytics Maturity for Healthcare Providers: The DELTA TM Powered Analytics Assessment Benchmark Report. HIMSS Analytics. Retrieved from 2 ISACA (2015). Keeping a Lock on Privacy: How Enterprises Are Managing Their Privacy Function. ISACA. Retrieved from 3 HealthLeaders Media (2015, April). IT and the Analytics Advantage: Managing Data to Master Risk. HealthLeaders Media. Retrieved from content/tec /intelligence-report-slideshow-it-and-the-analytics-advantagemdashmanaging-data-to-master-risk 4 Prewitt, Edward (2012, June). HealthLeaders Media Breakthroughs: The Promise of Healthcare Analytics. HealthLeaders Media. Retrieved from com/breakthroughs/281331/the-promise-of-healthcare-analytics 5 Gartner (10 January, 2013). Gartner Predicts 30 Percent of Businesses Will Be Monetizing Their Information Assets Directly by Retrieved from newsroom/id/ HealthLeaders Media (2015, April). IT and the Analytics Advantage: Managing Data to Master Risk. HealthLeaders Media. Retrieved from content/tec /intelligence-report-slideshow-it-and-the-analytics-advantagemdashmanaging-data-to-master-risk 7 Deloitte Center for Health Solutions. (2014). Issue Brief: Update: Privacy and Security of Protected Health Information Omnibus Final Rule and stakeholder considerations. Deloitte LLP. Retrieved from 8 Dvorak, Katie (2015, September 3). OCR picks vendor for second phase of HIPAA audit program. FierceHealthIT. Retrieved from 14

16 PRIVACY ANALYTICS Nothing personal.

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD

The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD A PRIVACY ANALYTICS WHITEPAPER The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD De-identification Maturity Assessment Privacy Analytics has developed the De-identification

More information

De-identification, defined and explained. Dan Stocker, MBA, MS, QSA Professional Services, Coalfire

De-identification, defined and explained. Dan Stocker, MBA, MS, QSA Professional Services, Coalfire De-identification, defined and explained Dan Stocker, MBA, MS, QSA Professional Services, Coalfire Introduction This perspective paper helps organizations understand why de-identification of protected

More information

SECURETexas Health Information Privacy & Security Certification Program FAQs

SECURETexas Health Information Privacy & Security Certification Program FAQs What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing

More information

Degrees of De-identification of Clinical Research Data

Degrees of De-identification of Clinical Research Data Vol. 7, No. 11, November 2011 Can You Handle the Truth? Degrees of De-identification of Clinical Research Data By Jeanne M. Mattern Two sets of U.S. government regulations govern the protection of personal

More information

Customer Success Story. Central Logic. Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance.

Customer Success Story. Central Logic. Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance. Customer Success Story Central Logic Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance. Page 2 of 6 Central Logic Comprehensive SRA helps healthcare

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

Upcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies?

Upcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies? Upcoming : How Prepared and Confident are Medical Practices and Billing Companies? - Presented by NueMD a complete medical billing and practice management software solution company has partnered with Porter

More information

Anonymizing Unstructured Data to Enable Healthcare Analytics Chris Wright, Vice President Marketing, Privacy Analytics

Anonymizing Unstructured Data to Enable Healthcare Analytics Chris Wright, Vice President Marketing, Privacy Analytics Anonymizing Unstructured Data to Enable Healthcare Analytics Chris Wright, Vice President Marketing, Privacy Analytics Privacy Analytics - Overview For organizations that want to safeguard and enable their

More information

Secure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion

Secure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report

More information

Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud

Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud Featuring the results of the Privacy and Security Survey, March 2011 Since the passage of the

More information

Protecting your brand in the cloud Transparency and trust through enhanced reporting

Protecting your brand in the cloud Transparency and trust through enhanced reporting Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

Accenture Risk Management. Industry Report. Life Sciences

Accenture Risk Management. Industry Report. Life Sciences Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive

More information

The Rising Opportunity for CMO-CIO Collaboration in the Pharmaceutical Industry

The Rising Opportunity for CMO-CIO Collaboration in the Pharmaceutical Industry Accenture Life Sciences Rethink Reshape Restructure for better patient outcomes The Rising Opportunity for CMO-CIO Collaboration in the Pharmaceutical Industry Demographics Life Sciences Pharma/Biotech:

More information

The Business Case for Using Big Data in Healthcare

The Business Case for Using Big Data in Healthcare SAP Thought Leadership Paper Healthcare and Big Data The Business Case for Using Big Data in Healthcare Exploring How Big Data and Analytics Can Help You Achieve Quality, Value-Based Care Table of Contents

More information

CA Technologies Healthcare security solutions:

CA Technologies Healthcare security solutions: CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA

More information

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for

More information

Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments

Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments View the Replay on YouTube Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments FairWarning Executive Webinar Series October 31, 2013 Today s Panel Chris Arnold

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA AHLA B. HIPAA Compliance Audits Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA Anna C. Watterson Davis Wright Tremaine LLP Washington, DC Fraud

More information

IRB Month Investigator Meeting April 2014

IRB Month Investigator Meeting April 2014 April 2014 AUDITS TRENDS EMR COMPLIANCE PRACTICES EMR FEDERAL REGULATIONS MONITORING REGULATORY SECURITY THREATS ACADEMI CINA BREACHES REVIEW COMPUTING MOBILE CLOUD HIPAA CENTER OPERATION S RESEARCH C

More information

An Executive Overview of GAPP. Generally Accepted Privacy Principles

An Executive Overview of GAPP. Generally Accepted Privacy Principles An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business

More information

Consumer Goods and Services

Consumer Goods and Services Accenture Risk Management Industry Report Consumer Goods and Services 2011 Global Risk Management Point of View Consumer Goods and Services 2011 Global Risk Management Point of View Consumer Goods and

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

HIPAA and HITRUST - FAQ

HIPAA and HITRUST - FAQ A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are

More information

Patient Engagement Series: 2014 Patient Portal Study. HIMSS Analytics

Patient Engagement Series: 2014 Patient Portal Study. HIMSS Analytics Patient Engagement Series: 2014 Patient Portal Study HIMSS Analytics October 2014 Introduction 2014 HIMSS Analytics Patient Engagement Study 1 Patient Engagement has emerged as an area of great interest

More information

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014 OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2 Linda Sanches, MPH Senior Advisor, Health Information Privacy HCCA Compliance Institute March 31, 2014 Agenda Background Audit Phase

More information

TOP 10 Security Questions Introduction Breaches and other privacy and security incidents in healthcare are on the rise due to the vast size of the industry and the oneoffs of protected health information

More information

Special report Healthcare

Special report Healthcare Special report Healthcare Customer-Centric Healthcare: Best Practices for CIOs and CISOs Changing healthcare regulations, and the increasing number of security breaches, have healthcare technology leaders

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview

More information

State of Compliance 2014 Healthcare provider industry brief

State of Compliance 2014 Healthcare provider industry brief Delve into the full analysis of the 2014 State of Compliance Survey at: pwc.com/us/ stateofcompliance State of Compliance 2014 Healthcare provider industry brief Introduction The healthcare provider industry

More information

A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I

A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I IT Management Advisory A Privacy Officer s Guide to Providing Enterprise De-Identification Services Ki Consulting has helped several large healthcare organizations to establish de-identification services

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

The IBM data governance blueprint: Leveraging best practices and proven technologies

The IBM data governance blueprint: Leveraging best practices and proven technologies May 2007 The IBM data governance blueprint: Leveraging best practices and proven technologies Page 2 Introduction In the past few years, dozens of high-profile incidents involving process failures and

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

Voice Documentation in HIPAA Compliance

Voice Documentation in HIPAA Compliance Voice Documentation in HIPAA Compliance An OAISYS White Paper Americas Headquarters OAISYS 7965 South Priest Drive, Suite 105 Tempe, AZ 85284 USA www.oaisys.com (480) 496-9040 CONTENTS 1 Introduction 2

More information

Accelerating Clinical Trials Through Shared Access to Patient Records

Accelerating Clinical Trials Through Shared Access to Patient Records INTERSYSTEMS WHITE PAPER Accelerating Clinical Trials Through Shared Access to Patient Records Improved Access to Clinical Data Across Hospitals and Systems Helps Pharmaceutical Companies Reduce Delays

More information

The Use of Patient Records (EHR) for Research

The Use of Patient Records (EHR) for Research The Use of Patient Records (EHR) for Research Mary Devereaux, Ph.D. Director, Biomedical Ethics Seminars Assistant Director, Research Ethics Program & San Diego Research Ethics Consortium Abstract The

More information

De-Risking the Impacts to Payer Organizations from ICD-10 Conversion

De-Risking the Impacts to Payer Organizations from ICD-10 Conversion De-Risking the Impacts to Payer Organizations from ICD-10 Conversion De-Risking the Impacts to Payer Organizations from ICD-10 Conversion Top Three Risks CMOs, CFOs, and CIOs Need to Eliminate White Paper

More information

Accelerating Time to Market with the Power of Cloud-Based Integration

Accelerating Time to Market with the Power of Cloud-Based Integration Accelerating Time to Market with the Power of Cloud-Based Integration Now more than ever before, flat revenue and increased development costs have made time-to-market a crucial factor in profitability

More information

Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW

Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW By Mike McAlpen, 8x8 Executive Director of Privacy, Security and Compliance The Champion For Business

More information

2016 OCR AUDIT E-BOOK

2016 OCR AUDIT E-BOOK !! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that

More information

Healthcare Horizons Webinar Series:

Healthcare Horizons Webinar Series: Healthcare Horizons Webinar Series: HIPAA and HITECH Enforcement Pete Enko peter.enko@huschblackwell.com 816.983.8312 Steve James steve.james@huschblackwell.com 816.983.8374 Husch Blackwell LLP Before

More information

Advancing Analytics in Your Organization

Advancing Analytics in Your Organization Advancing Analytics in Your Organization Sarah Shillington Leidos Health, EVP Annette Savage Leidos Health, Senior Solutions Manager Bryan Fiekers HIMSS Analytics, Director leidoshealth.com Uniting 25

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

From Overload to Impact: An Industry Scorecard on Big Data Business Challenges

<Insert Picture Here> From Overload to Impact: An Industry Scorecard on Big Data Business Challenges From Overload to Impact: An Industry Scorecard on Big Data Business Challenges July 17, 2012 Contents Introduction 3 Methodology 4 Key Take Aways 5 Findings 6 Industry Opportunities

More information

Secure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC

Secure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC Learning Objectives After this session, the learner should

More information

Solutions For. Information, Insights, and Analysis to Help Manage Business Challenges

Solutions For. Information, Insights, and Analysis to Help Manage Business Challenges Solutions For Health Plans Information, Insights, and Analysis to Help Manage Business Challenges Solutions for Health Plans Health plans are challenged with controlling medical costs, engaging members

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

CrossPoint for Managed Collaboration and Data Quality Analytics

CrossPoint for Managed Collaboration and Data Quality Analytics CrossPoint for Managed Collaboration and Data Quality Analytics Share and collaborate on healthcare files. Improve transparency with data quality and archival analytics. Ajilitee 2012 Smarter collaboration

More information

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system

More information

OCR HIPAA AUDITS THEY RE BACK!

OCR HIPAA AUDITS THEY RE BACK! OCR HIPAA AUDITS THEY RE BACK! Chris Apgar, CISSP 2016 OVERVIEW OCR Audit Program Overview What to Expect if OCR s Auditors Show Up Potential Penalties and Other OCR Actions How to Prepare for an Audit

More information

The HIPAA Audit Program

The HIPAA Audit Program The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance

More information

Customer Data and Reputational Risk in the Pharmaceutical Industry

Customer Data and Reputational Risk in the Pharmaceutical Industry 1 Customer Data and Reputational Risk in the Pharmaceutical Industry Sensitive Data: A Chain of Trust Organizations of all types, from banks to government agencies to healthcare providers, are taking steps

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

More information

Am I a Business Associate?

Am I a Business Associate? Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have

More information

9 Trends that will Transform Purchase-to-Pay in 2015 An IOFM White Paper

9 Trends that will Transform Purchase-to-Pay in 2015 An IOFM White Paper 9 Trends that will Transform Purchase-to-Pay in 2015 An IOFM White Paper Executive Summary While the global economy is beginning to bounce back, organizations are still faced with a heightened pressure

More information

The State of Analytics Maturity for Healthcare Providers

The State of Analytics Maturity for Healthcare Providers The State of Analytics Maturity for Healthcare Providers The DELTA Powered TM Analytics Assessment Benchmark Report - February 24, 2014 - The International Institute for Analytics and HIMSS Analytics iianalytics.com

More information

Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective

Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective July 23, 2013 Gerry Hinkley, Pillsbury Allen Briskin, Pillsbury Pillsbury Winthrop Shaw Pittman LLP

More information

Preparing for and Responding to an OCR HIPAA Audit

Preparing for and Responding to an OCR HIPAA Audit Preparing for and Responding to Carole Klove Carole.Klove@ucsfmedctr.or g Gerry Hinkley gerry.hinkley@pillsburylaw.com SIXTH NATIONAL HIPAA SUMMIT WEST October 10-12, 2012 Overview Background What to expect

More information

Agile Master Data Management A Better Approach than Trial and Error

Agile Master Data Management A Better Approach than Trial and Error Agile Master Data Management A Better Approach than Trial and Error A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary Market leading corporations are

More information

Tracking the Operational and Financial Health of US Physician Practices

Tracking the Operational and Financial Health of US Physician Practices THE SECOND ANNUAL Tracking the Operational and Financial Health of US Physician Practices -2014 EDITION- sponsored by in partnership with www.carecloud.com/ppi 1 THE PRACTICE PROFITABILITY INDEX 2013 Edition

More information

2014 HIMSS Analytics Cloud Survey

2014 HIMSS Analytics Cloud Survey 2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation

More information

HIPAA Privacy, Security and Breach Notification Audits

HIPAA Privacy, Security and Breach Notification Audits HIPAA Privacy, Security and Breach Notification Audits Program Overview & Initial Analysis Verne Rinker JD, MPH 2013 NIST / OCR Security Rule Conference May 21-22, 2013 Program Mandate HITECH Act, Section

More information

ICD-10-CM TRANSITION PREPARE FOR CASH-FLOW IMPACT WHITE PAPER

ICD-10-CM TRANSITION PREPARE FOR CASH-FLOW IMPACT WHITE PAPER ICD-10-CM TRANSITION PREPARE FOR CASH-FLOW IMPACT AN WHITE PAPER Executive Summary Effective October 1, 2015, home health agencies must begin using ICD-10-CM medical codes instead of the current outdated

More information

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Second Annual Benchmark Study on Patient Privacy & Data Security

Second Annual Benchmark Study on Patient Privacy & Data Security Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report

More information

White Paper #6. Privacy and Security

White Paper #6. Privacy and Security The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

2014 Global Healthcare Information Interoperability 2013 North American SSL Certificate Customer Value Leadership Award Product Leadership Award

2014 Global Healthcare Information Interoperability 2013 North American SSL Certificate Customer Value Leadership Award Product Leadership Award 2013 2014 INSERT COMPANY LOGO HERE 2014 Global Healthcare Information Interoperability 2013 North American SSL Certificate Customer Value Leadership Award Product Leadership Award 2014 Frost & Sullivan

More information

CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information

CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information September 14, 2010 CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information 2010 Kroll Ontrack Inc. www.ontrackdatarecovery.com Agenda Introduction 1 Agenda Introduction

More information

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

More information

How Do Key Stakeholders View Transparency?

How Do Key Stakeholders View Transparency? How Do Key Stakeholders View Transparency? Given the clear need for transparency, and the gaps towards achieving the level needed to create full accountability to drive lower costs and improved quality

More information

Personally Controlled Electronic Health Record System: Legislation Issues Paper

Personally Controlled Electronic Health Record System: Legislation Issues Paper Personally Controlled Electronic Health Record System: Legislation Issues Paper Introduction The AMA has reviewed the Personally Controlled Electronic Health Record System: Legislation Issues Paper. The

More information

valueoutcome July Preparing for Phase 2: The next generation of HIPAA audits Organizations will face enhanced privacy and security scrutiny

valueoutcome July Preparing for Phase 2: The next generation of HIPAA audits Organizations will face enhanced privacy and security scrutiny valueoutcome July 2014 Preparing for Phase 2: The next generation of HIPAA audits Organizations will face enhanced privacy and security scrutiny Highlights 1. In preparation for Phase 2 audits, covered

More information

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on

More information

The Directors Cut. The power of data: What directors need to know about Big Data, analytics and the evolution of information. www.pwc.

The Directors Cut. The power of data: What directors need to know about Big Data, analytics and the evolution of information. www.pwc. www.pwc.com/ca/acconnect The Directors Cut The power of data: What directors need to know about Big Data, analytics and the evolution of information December 201 This newsletter is brought to you by PwC

More information

Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Audit. Iliana L. Peters, J.D., LL.M. April 23, 2014

Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Audit. Iliana L. Peters, J.D., LL.M. April 23, 2014 Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Audit Iliana L. Peters, J.D., LL.M. April 23, 2014 OCR RULEMAKING UPDATE What s Done? What s to Come? What s Done: Interim Final Rules

More information

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both

More information

Secondary Uses of Health Data IMPAC s Oncology Data Alliance Program

Secondary Uses of Health Data IMPAC s Oncology Data Alliance Program Secondary Uses of Health Data IMPAC s Oncology Data Alliance Program NCVHS August 1, 2007 Joel Goldwein, MD Senior Vice President, Medical Affairs IMPAC Medical Systems Inc. IMPAC Medical Systems, Inc.

More information

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely

More information

NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES

NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES September, 2015 Derek E. Brink, CISSP, Vice President and Research Fellow IT Security and IT GRC Report Highlights p2 p4 p6 p7 SMBs need to adopt a strategy

More information

Healthcare IT Assurance Peace of Mind Through Privacy and Security Risk Management

Healthcare IT Assurance Peace of Mind Through Privacy and Security Risk Management Healthcare IT Assurance Peace of Mind Through Privacy and Security Risk Management By Dan Schroeder, CPA, MBA, CISA, CIA, PCI QSA, CISM, CIPP/US Dan.schroeder@hawcpa.com BRIEF CONTENTS HCIT IMPROVES THE

More information

3 rd Annual HIMSS Analytics Mobile Survey. February 26, 2014. www.himssanalytics.org

3 rd Annual HIMSS Analytics Mobile Survey. February 26, 2014. www.himssanalytics.org 3 rd Annual HIMSS Analytics Mobile Survey February 26, 2014 www.himssanalytics.org 2013 HIMSS Analytics Mobile Technology Survey Final Report February 26, 2014 For the first time in 2011, HIMSS explored

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

The Hi-Tech Balancing Act: Securely Walking the Tightrope of Patient Care

The Hi-Tech Balancing Act: Securely Walking the Tightrope of Patient Care WHITE PAPER: THE HITECH BALANCING ACT The Hi-Tech Balancing Act: Securely Walking the Tightrope of Patient Care October 2009 By John McNeely President and CEO Sword & Shield Enterprise Security, Inc. [

More information

Business Opportunity Enablement through Information Security Compliance

Business Opportunity Enablement through Information Security Compliance Level 3, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 Business Opportunity Enablement through Information Security Compliance Page No.1 Business Opportunity Enablement

More information

Analysing the US HIPAA legacy and future changes on the horizon

Analysing the US HIPAA legacy and future changes on the horizon Volume: 10 Issue: 2 Analysing the US HIPAA legacy and future changes on the horizon The US Department of Health and Human Services issued the long-awaited final omnibus rule under the Health Insurance

More information

Submitted via Federal erulemaking Portal

Submitted via Federal erulemaking Portal Response to Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for

More information

The economics of IT risk and reputation

The economics of IT risk and reputation Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global

More information

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents 2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)

More information

Healthcare Internal Audit: In a Time of Transition

Healthcare Internal Audit: In a Time of Transition The 2015 State of the Internal Audit Profession Study Healthcare Internal Audit: In a Time of Transition The healthcare industry in the United States is facing many challenges with the enactment of legislation

More information

2014 Mobile Devices Study

2014 Mobile Devices Study 2014 Mobile Devices Study HIMSS Analytics December 2014 1 Introduction The use of personal telecommunication mobile devices, such as smartphones and tablet computers, is pervasive in the United States.

More information