Easing the Burden of Healthcare Compliance

Size: px
Start display at page:

Download "Easing the Burden of Healthcare Compliance"

Transcription

1 Easing the Burden of Healthcare Compliance In This Paper Federal laws require that healthcare organizations that suspect a breach of sensitive data launch an investigation into the matter For many mid-sized organization in and around the healthcare industry these investigations are slow, costly, and hamper productivity Affordable software tools now exist to conduct remote investigations quickly without paying a third-party service provider esecurity Planet Executive Brief A QuinStreet Executive Brief. 2014

2 The Healthcare Compliance Landscape Much of the news surrounding healthcare in recent years has centered on the Affordable Care Act (ACA), which radically changes the way healthcare is provided to millions of Americans. At more than 2,000 pages long, there is plenty in the ACA to keep healthcare professionals, insurers, and lawyers busy for some time to come. Care providers, compliance officers, and legal departments are all too aware that the ACA is only the latest in a series of legislation and regulations to affect the healthcare industry over the past 20 years. The healthcare industry has been faced with a steady stream of compliance regulations since the Health Insurance Portability and Accountability Act (HIPAA) was passed in Given the pervasive use of information technology in society in general, and in the healthcare industry in particular, it does not take long for new regulations to impact the IT systems used by healthcare providers and others in the industry. The push toward electronic health records (EHRs), which were legislated into law as part of the 2009 economic stimulus package with the Health Information Technology for Economic and Clinical Health (HITECH) Act, is a perfect example. Clinicians did not spend years hauling stacks of paper records from room to room because they enjoyed the exercise. The healthcare industry relies heavily on legacy IT systems, which require a great deal of time and expense to adapt to 21st-century technology and regulations. Despite the efficiencies of EHRs, it required, quite literally, an act of Congress to convince some healthcare providers they needed to make the transition. Adapting IT infrastructures to comply with any number of healthcare regulations often requires the use of outside contractors, consultants, and others that need access to systems that store and process sensitive data. It also requires that employees of healthcare organizations become accustomed to new technology, which in many cases is more portable than what they previously used. Healthcare employees are now armed with tablets and laptops that travel with them, are left in parked cars and hotel rooms, forgotten on public transit, or left at home when they take a vacation. Data that previously existed on paper can now easily be sent anywhere using unsecure methods, like consumer cloud services. Between contractors and employees, there is a great deal of risk surrounding the privacy and security of sensitive data in the healthcare industry. When a breach is suspected, the law requires that healthcare organizations quickly launch an investigation to find the source and scope of the issue. These investigations can be quite costly, to say nothing of the penalties for the breach itself and the damage to reputation and brand. 1

3 The Regulations Here are three regulations currently affecting organizations working in or supporting the healthcare industry. HIPAA: Violating the privacy and security regulations set forth in HIPAA can result in civil and criminal penalties. HIPAA uses a tiered system of civil penalties, the lowest of which governs an individual that did not know (and with reasonable diligence would not have known) he or she violated HIPAA. Fines in this tier range from $100 per violation to $50,000 per violation. The fines increase from there (with a cap for annual maximum fines in place): Violation due to reasonable cause and not willful neglect: $1,000 minimum/$50,000 maximum per violation Violation due to willful neglect but corrected within required time period: $10,000 minimum/$50,000 maximum per violation Violation due to willful neglect and not corrected: $50,000 per violation HIPAA fines can add up quickly. In April 2014, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it collected a total of $1,975,220 from just two entities to resolve potential violations of the HIPAA Privacy and Security Rules. Both cases involved data stored on mobile electronic devices that went missing and was not properly protected. Criminal penalties for HIPAA violations which usually center on knowingly violating the law, obtaining information under false pretenses, buying or selling data, and more range from up to $50,000 to $250,000 in fines and prison terms of one to 10 years. The International Classification of Diseases, 10th Revision (ICD-10): This is the system physicians and other providers use to code all diagnoses, symptoms, and procedures. IDC-9 had some 13,000 codes; IDC-10 has more than 68,000 codes, twice as many categories, and gets into specific details, such as separate codes for the right and left leg of a patient. HHS originally required implementation by Oct. 1, On April 1, 2014, President Obama signed a law that prevents HHS from establishing ICD- 10 as the standard before Oct. 1, As you might expect, IT systems across the healthcare industry need to be re-programmed before the new codes can be used, and because the codes affect systems across the healthcare landscape (when a doctor bills an insurance company, each needs to use the same codes, for example), adoption needs to be synchronized for the system to work properly. Unlike HIPAA, the risk around which the adoption of ICD-10 revolves is more business-oriented as opposed to legal. Failure to comply with ICD-10 can result in the inability to bill and receive payments if the new standard is not adopted. The potential loss of revenue can cripple a healthcare organization from a financial standpoint. The work required to implement ICD-10 might also require the use of consultants or contractors who have access to IT systems, creating a potential security risk. The HITECH ACT: As mentioned earlier, the HITECH Act was passed in 2009 as part of an economic stimulus package, with the hope that firms in the healthcare industry would have to buy software and create opportunities for jobs related to the meaningful use of healthcare IT, especially the conversion to EHRs. Since EHRs present new risks around patient privacy and data breaches, part of the HITECH Act strengthened the HIPAA fines and penalties (mentioned above). In addition to previously mentioned risks related to HIPAA violations, firms that don t demonstrate meaningful use of EHRs by 2015 could face non-compliance penalties. On the other hand, starting in 2011, the HITECH Act offered financial incentives for organizations that did demonstrate meaningful use of EHRs, so there is something to be gained by complying with the regulations. 2

4 Regulation Commonly known as When What Risk for healthcare organizations The Health HIPAA Enacted Aug. 21, Far-reaching Civil and criminal Insurance 1996 healthcare bill penalties for Portability and that is perhaps disclosing sensitive Accountability Act best known for information; of 1996 provisions that corrective actions protect the security to protect privacy and privacy of and security. Civil data like personal penalties as high as healthcare records $50,000 per violation The International ICD-10 By federal law, Establishes Business risk Classification of cannot become extensive new around loss of Diseases, 10th new standard system for coding revenue when non- Revision before Oct. 1, all diagnoses, compliance leads 2015 symptoms, and to an inability to procedures in the receive payments healthcare industry Health Information HITECH Act Enacted Feb. Aims to expand the Expands the HIPAA Technology for 17, 2009, as part use of healthcare IT, requirements Economic and of the American including the use around privacy and Clinical Health Act Recovery and of electronic health security, updates Reinvestment records HIPAA penalties, Act of 2009 and imposes new requirements for notifications of breaches Summary of important healthcare industry regulations In April 2014, the U.S. Department of Health and Human Services OCR collected $1,975,220 from just two entities to resolve potential HIPAA violations. 3

5 Who is at Risk? Large healthcare organizations such as those that run large hospitals or multiple hospitals, or health insurance providers clearly have a lot to lose if they fail to comply with any of the regulations mentioned above. These organizations, however, employ small armies of lawyers, establish entire departments devoted to compliance issues, and have the resources to bring in outside help if needed. Because of the amount of data they handle, investigations into how information is handled or the circumstances surrounding a breach or possible breach are rather routine. Mid-sized organizations that operate in the healthcare industry are not quite as fortunate. They often lack the internal resources to easily conduct investigations of data breaches. In addition, they are rarely equipped financially to weather the cost of investigations and potential penalties. Some of these mid-sized healthcare organizations are firms that run clinics and large private practices. But they do not need to be directly involved in providing healthcare to incur risk. An entire ecosystem of businesses exists to provide services to healthcare organizations and their patients, including records management businesses that serve healthcare organizations, firms that provide medical billing services to healthcare providers, and law offices that handle medical-related claims and lawsuits that require them to handle healthcare records. These firms also need to manage their risk and find ways to ease the burden of compliance. For these organizations, violating regulations like HIPAA and paying fines are just part of the risk. Complaints require investigations, so healthcare organizations are liable for the time and costs of an investigation even when no wrongdoing is eventually found. Between April 2003 and March 31, 2014, HHS received more than 94,445 HIPAA complaints and resolved 94 percent of them. More than 22,000 of those cases were resolved through investigation and enforcement. For 10,057 of those complaints, an investigation was required but no violation was found. More than 56,000 complaints were not eligible for enforcement. In the same timeframe, the two most common HIPAA complaints revolve around impermissible uses and disclosures of protected health information and a lack of safeguards for protected health information. The most common healthcare industry entities that need to take corrective action in that timeframe are general hospitals, outpatient facilities, health plans, and pharmacies. How Investigations are Typically Handled When many of these mid-sized healthcare organizations need to conduct an investigation into a possible breach involving sensitive data, they turn to a service provider that specializes in such investigations. For a handsome fee, these contractors will travel to the site(s) involved, take possession of any computers, storage 4

6 drives, or equipment they need, and conduct an investigation of the matter. Organizations with the resources to handle such an investigation internally may take many of the same steps. Either way, there are a number of disadvantages to the way these investigations are currently handled, including the time it takes, the costs, the travel, and the disruption to the business when hard drives, workstations, and other assets are unavailable. How EnCase Enterprise Can Help EnCase Enterprise from Guidance Software is a powerful tool that can be used by healthcare organizations and associated firms to conduct remote investigations into possible breaches. It allows organizations to easily search, collect, and preserve the data on servers and workstations connected to their network without taking physical possession of a device. Rather than outsourcing an investigation to a third party, healthcare organizations that use EnCase Enterprise can allow their own security professionals, incident response teams, or litigation specialists to investigate a possible breach in less time and with fewer expenses. EnCase Enterprise can be used remotely, which means healthcare HIPAA violations due to willful neglect that are corrected within the required time period carry a fine ranging from $10,000 to $50,000 per violation firms that are de-centralized or EnCase Enterprise servlet essentially operate multiple locations can take remains dormant on the machine advantage of their in-house expertise until needed. It is then activated by even if it is located in a different an investigator and works behind physical location than the one involved the scenes to uncover the activity in an investigation. This ability to that took place on the equipment remotely conduct an investigation and may possibly shed light on also means investigations can be a possible compliance violation. completed more quickly and there is The data is collected and stored in no need to pay for travel expenses. the background, invisible to users, allowing normal business activities to A thorough investigation related continue undisturbed. to compliance with healthcare regulations can take a toll on the To further protect against risk and productivity of employees. Business to establish the integrity of the must go on despite an ongoing information collected as part of the investigation, and when employees investigation, EnCase Enterprise have their workstations or laptops collects potential evidence in a taken away, it often negatively forensically sound manner and impacts their productivity. preserves it in a court-accepted format that proves the chain of custody. To eliminate such downtime, EnCase Enterprise relies on a small servlet Many mid-sized healthcare that is installed on every machine organizations outsource investigations and server connected to the network. of compliance issues because EnCase Enterprise is not monitoring they lack access to the tools they software; it does not track user need or find them priced for larger activity in real-time. Instead, the organizations or specialists. EnCase 5

7 Enterprise is available at a price point designed to appeal to mid-sized organizations that lack an army of compliance officers and investigators. Given the potential penalties and other costs involved in performing investigations, mid-sized healthcare organizations can achieve positive return on their investment in EnCase Enterprise after just a few uses. Conclusion The healthcare industry has seen an increase in regulation over the past 20 years, which means healthcare organizations are devoting a significant number of resources to their compliance efforts. Regulations regarding patient privacy, the increased use of EHRs, and upgrades to existing technology often mean employees need to be re-trained and outsiders brought in, both of which increase the risk of data breaches or other incidents that incur costly penalties. Many mid-sized organizations in the healthcare industry currently outsource their investigations of potential breaches and other compliance issues to third-party specialists, or they conduct costly, time-consuming investigations using internal resources that can negatively affect normal business operations. EnCase Enterprise from Guidance Software is an affordable, easy-to-use tool that allows mid-sized healthcare organizations to remotely conduct investigations into breaches without incurring the costs of travel, outside experts, or business downtime. It can be used by security experts, litigation experts, and compliance officers to collect and store information from any server or workstation on the network and preserve that information for successful use in legal proceedings. To learn more about EnCase Enterprise, visit: enterprise. 6

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

White Paper #6. Privacy and Security

White Paper #6. Privacy and Security The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America

More information

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C. HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results

More information

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability

More information

Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs

Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs Providence Health & Services is committed to using technology and evidence-based practices to deliver the highest quality care in

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

HIPAA: AN OVERVIEW September 2013

HIPAA: AN OVERVIEW September 2013 HIPAA: AN OVERVIEW September 2013 Introduction The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was enacted on August 21, 1996. The overall goal was to simplify and streamline

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

Ready or Not: OCR s Second Round of HIPAA Audits Are Just Around the Corner

Ready or Not: OCR s Second Round of HIPAA Audits Are Just Around the Corner Ready or Not: OCR s Second Round of HIPAA Audits Are Just Around the Corner OPRA 2015 Fall Conference November 4, 2015 Presented By: Lisa Pierce Reisz Vorys, Sater, Seymour and Pease LLP 614.464.8353 lpreisz@vorys.com

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

The Case For HIPAA Risk Assessment. Leader s Guide

The Case For HIPAA Risk Assessment. Leader s Guide 4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

2012 HIPAA Privacy and Security Audits

2012 HIPAA Privacy and Security Audits Office of the Secretary Office for Civil Rights (OCR) 2012 HIPAA Privacy and Security Audits Linda Sanches OCR Senior Advisor, Health Information Privacy Lead, HIPAA Compliance Audits OCR 1 Agenda Background

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

Somansa Data Security and Regulatory Compliance for Healthcare

Somansa Data Security and Regulatory Compliance for Healthcare Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents 2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)

More information

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

More information

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com

Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Healthcare Compliance: How HiTECH May Affect Relationships with Business Associates Presented by: Leslie Bender, CIPP General Counsel/CPO The ROI Companies www.theroi.com Legal Disclaimer This information

More information

OCR/HHS HIPAA/HITECH Audit Preparation

OCR/HHS HIPAA/HITECH Audit Preparation OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

Meaningful Use and Security Risk Analysis

Meaningful Use and Security Risk Analysis Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?

More information

Best Practices in HIPAA Security Risk Assessments

Best Practices in HIPAA Security Risk Assessments BUSINESS WHITE PAPER Best Practices in HIPAA Security Risk Assessments Safeguard your protected health information (PHI) and mitigate the risk of a data breach or loss. WHITEPAPER Best Practices in HIPAA

More information

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act HIPAA Health Insurance Portability & Accountability Act This presentation and materials provided are for informational purposes only. Please seek legal advisor assistance when dealing with privacy and

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper ARRA HITECH Stimulus HIPAA Security Compliance Reporter White Paper ARRA HITECH AND ACR2 HIPAA SECURITY The healthcare industry is in a time of great transition, with a government mandate for EHR/EMR systems,

More information

HIPAA Update Focus on Breach Prevention

HIPAA Update Focus on Breach Prevention HIPAA Update Focus on Breach Prevention Objectives By the end of this program, participants should be able to: Identify top reasons why breaches occur Review the breach definition and notification process

More information

Will the Feds Really Buy Me an EHR?

Will the Feds Really Buy Me an EHR? Steven Waldren, MD, David C. Kibbe, MD, MBA, and Jason Mitchell, MD Will the Feds Really Buy Me an EHR? and Other Commonly Asked Questions About the HITECH Act The economic stimulus package offers $19

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

Achieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On

Achieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On 1 TABLE OF CONTENTS The Challenges of HIPAA and HITECH Compliance

More information

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security

More information

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation WHY YOU NEED TO COMPLY. HIPAA UPDATE 2014: WHY AND HOW YOU MUS T C OMPL Y 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its longawaited Omnibus Rule 2 implementing regulations

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164]

GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164] GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164] OCR HIPAA Privacy The following overview provides answers to

More information

Business Associate Management Methodology

Business Associate Management Methodology Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates

More information

Section 2: HIPAA and the HITECH Act

Section 2: HIPAA and the HITECH Act Section 2: HIPAA and the HITECH Act 1 Introduction to HIPAA and the HITECH Act The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed on February 17, 2009 as part of

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Table of Contents Introduction... 3 1. Data Backup: The Most Critical Part of any IT Strategy...

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information

Signed into law on February 17, 2009, the Stimulus Package known

Signed into law on February 17, 2009, the Stimulus Package known Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

The Hi-Tech Balancing Act: Securely Walking the Tightrope of Patient Care

The Hi-Tech Balancing Act: Securely Walking the Tightrope of Patient Care WHITE PAPER: THE HITECH BALANCING ACT The Hi-Tech Balancing Act: Securely Walking the Tightrope of Patient Care October 2009 By John McNeely President and CEO Sword & Shield Enterprise Security, Inc. [

More information

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014

HIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014 HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors

More information

Isaac Willett April 5, 2011

Isaac Willett April 5, 2011 Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013 Office of the Secretary Office for Civil Rights () HIPAA Enforcement Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services December 18, 2013 Presentation Overview s investigative

More information

Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements

Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements Sara Kashing, JD, Staff Attorney July/August 2012 The Therapist If you are considered a Covered Entity

More information

Business Associates and HIPAA

Business Associates and HIPAA Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act

More information

EXECUTIVE REPORT. Why Healthcare Providers Seek Out New Ways To Manage and Utilize Big Data

EXECUTIVE REPORT. Why Healthcare Providers Seek Out New Ways To Manage and Utilize Big Data EXECUTIVE REPORT Why Healthcare Providers Seek Out New Ways To Manage and Utilize Big Impact of Healthcare Regulations on the Center The HIPAA and HITECH acts, along with the Affordable Care Act, are changing

More information

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY. REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746

More information

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015 What Every Organization Needs to Know about Basic HIPAA Compliance and Technology April 21, 2015 Who are these handsome fellas? Jamie Wolbeck (VP Of Operations) jamiew@sccnet.com Ron Shelby (Sr. Account

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur

More information

HIPAA Employee Compliance Program TRAINING MANUAL

HIPAA Employee Compliance Program TRAINING MANUAL HIPAA Employee Compliance Program TRAINING MANUAL Training Manual to Assist Employees in HIPAA Compliance January 2013 Program For HIPAA Compliance Plan Goal The purpose of this manual is to instruct our

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability

More information

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky

More information

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.

HIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq. HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

Getting Hip to the HIPAA and HITECH Act Compliance

Getting Hip to the HIPAA and HITECH Act Compliance Getting Hip to the HIPAA and HITECH Act Compliance NaNotchka M. Chumley, D.O., M.P.H. Family Medicine Physician Los Angeles, CA Integrating Global Trade & Logistic and Cybersecurity Westin St. Francis,

More information

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Building Trust and Confidence in Healthcare Information. How TrustNet Helps Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

HIPAA Compliance: Efficient Tools to Follow the Rules

HIPAA Compliance: Efficient Tools to Follow the Rules Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

Bridging the HIPAA/HITECH Compliance Gap

Bridging the HIPAA/HITECH Compliance Gap CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According

More information

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions

More information

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow.

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow. Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN Jonathan Krasner www.beinetworks.com www.hipaasecurenow.com Healthcare IT Landscape Meaningful Use Incentives Technology Advances

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

Orbograph HIPAA/HITECH Compliance, Resiliency and Security

Orbograph HIPAA/HITECH Compliance, Resiliency and Security Orbograph HIPAA/HITECH Compliance, Resiliency and Security Version 1.0 August 2013 Legal Notice This document is delivered subject to the following conditions and restrictions: The document contains proprietary

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information