Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Size: px
Start display at page:

Download "Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use"

Transcription

1 Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013

2 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing Web-based Patient Portals... 3 Meaningful Use Incentives... 3 Increased Penalties... 4 Government Audit & Oversight... 4 Sharing the Risk: Business Associate and Subcontractor Obligations... 5 Securing Patient Portals... 6 Patient Portal Security Requirements... 6 Trend Micro Web App Security... 7 Conclusion

3 Abstract Information security has evolved into a mission-critical function for healthcare organizations amid the tumult of industry reform, innovation, and regulatory upheaval. A nationwide move towards Electronic Health Record (EHR) systems, web-based platforms for patient and provider access to information, increased regulation, provider consolidation, and the increasing need to share health information between patients, providers, and payers all point toward the need for robust information security protections. At the same time, changes in federal legislation are offering lucrative incentives for implementing EHRs and patient portals, and those who do not vigilantly protect patient information stored in EHRs and web-based portals face increasingly stiff penalties. With the emergence of e-health networks offering web-based services, the future success of healthcare is likely to depend on how effectively patients can obtain and manage their health related information over the web in a secure manner. This challenge is further amplified by the growing complexity of patient data management practices including outsourcing the development and implementation of web-based platforms to third party Business Associates and their subcontractors. The Carrot and the Stick: Incentives and Penalties for Securing Web-based Patient Portals Meaningful Use Incentives The Health Information Technology for Economic and Clinical Health (HITECH) Act and recently released HIPAA Omnibus Rule seek to improve health care delivery and patient care by encouraging electronic access to personal health information across the continuum of care, including via web-based patient portals. HITECH takes a carrot-and-stick approach to promote the mandated conversion to EHRs and implementation of web-based patient portals. The act provides a healthy carrot of $19.2 billion in incentive payments to promote EHR adoption, primarily funneled through Medicare and Medicaid reimbursement as incentive payments for the Meaningful Use of certified EHR technology. Each physician can qualify for a total of up to $44,000 over five years through Medicare or up to $63,750 over six years from Medicaid dependent upon satisfying annual qualification criteria. At the same time, the Meaningful Use requirements call for increased security and privacy controls to bolster patient confidence and adoption of EHR technology in order to qualify for incentives. Stage 2 of Meaningful Use specifically requires the implementation and adoption of a secure web-based patient portal to facilitate patient access to health information. 3

4 Increased Penalties The HITECH Act and HIPAA Omnibus Rule have acknowledged the increased risk associated with storing and transmitting electronic Protected Health Information (PHI) by introducing strong penalties (a heavy stick ) for healthcare providers and their Business Associates and subcontractors who fail to meet the HIPAA Security and Privacy Rule mandates. Prior to the enactment of the HITECH Act, the imposition of civil penalties under HIPAA was limited to a maximum of $100 per violation and $25,000 for all violations of an identical requirement or prohibition occurring within the same calendar year. Enacted in February 2009, HITECH increased the range at minimum of $100 up to $50,000 per violation, with maximum penalties for violations of the same HIPAA provision of $1.5 million per year. Additionally, criminal penalties of up to $250,000 and up to 10 years in prison for HIPAA violations not only apply to healthcare covered entities but also to employees and other individuals. The Omnibus Rule, effective in 2013, ups the ante even further by allowing for fines of up to $1.5 million per violation, regardless of how many violations occur concurrently within a given calendar year. As if the regulatory non-compliance penalties did not already supply sufficient motivation for compliance with security requirements, the Meaningful Use incentive provisions also threaten reduced reimbursement, starting in 2015 for entities who have not met the requirements for securing EHRs and patient portals. Government Audit & Oversight In addition to more proactive oversight underway via the new regulations, both federal and state governments have also been actively investigating possible violations and filing suit for breaches that have been reported to the Department of Health and Human Services (HHS) under HITECH. Several entities are empowered to investigate and audit security compliance including the Office for Civil Rights (OCR), Center for Medicare and Medicaid Services (CMS), and State Attorneys General. Under HITECH, money collected in civil penalties is funneled back into OCR s enforcement budget. The act also permits state attorneys general to bring civil actions for HIPAA violations, making wider oversight and enforcement far more likely than prior years under HIPAA. 4

5 Sharing the Risk Business Associate and Subcontractor Obligations The risk of incurring penalties associated with patient data breaches is further exacerbated by the growing trend of healthcare organizations outsourcing EHR and patient portal solutions to third party Business Associates. According to a recent HITRUST Alliance report, 21% of healthcare security breaches in 2012 implicated a third party Business Associate. Healthcare organizations are also challenged with a lack of resources needed to effectively manage, evaluate, and continuously monitor Business Associate security compliance including patient portal web applications while maintaining focus on delivering quality patient care. The HITECH and the Omnibus Rule widened the net of compliance obligations by expanded the definition of a Business Associate to include organizations that transmit and routinely access PHI, such as health information exchange organizations, web application providers, and IT hosting vendors. Previously, Business Associates were liable only under the terms of their contracts, but under HITECH, Business Associates are subject to direct government oversight and civil and criminal penalties for HIPAA violations. Additionally, the HIPAA Omnibus Rule also expands many of these requirements to the subcontractors of Business Associates, resulting in the rollout of modified Business Associate Agreements to reflect these new obligations. 5

6 Securing Patient Portals Patient Portal Security Requirements The Meaningful Use Stage 2 criteria focus on patient engagement to provide better care. The aim of this requirement is to make health information more accessible to the individuals, and to provide patient with the means to communicate electronically with health care providers via patient portals. However, this also makes the web application the direct link to sensitive enterprise information including PHI. Patient portals, combined with EHRs, allow clinicians to communicate directly with their patients, also extending to them capabilities to schedule appointments, refill prescriptions, access lab results, and pay bills. Stage 2 of MU requires that a secure web-based patient portal be established and sets out specific standards to demonstrate that the portal is being used by both providers and a substantial number of patients to meet following measures: 1. Provide secure messaging between patients and providers 2. Allow patients the ability to access and download their electronic information in a secure manner 3. Deliver reminders for preventive and follow-up care 4. Provide patients with specific educational materials 5. Conduct a risk assessment of the patient portal must to ensure that appropriate security controls are in place to protect patient information in alignment with HIPAA / HITECH / Omnibus requirements For healthcare professionals participating in the Centers for Medicare & Medicaid Services (CMS) EHR incentive programs, the deadline for meeting Stage 2 criteria is right around the corner. A technical solution for assessing and remediating security risks specific to web-based platforms and portals is an essential component to achieving these compliance objectives. Security scanning and remediation tools allow healthcare organizations and Business Associates to demonstrate continual risk assessment of their web-based platforms and avoid jeopardizing incentive payments or incurring significant financial penalties. 6

7 Trend Micro Web App Security Trend Micro Web App Security was developed to address today s complex threat environment, providing a complete suite of security capabilities designed to detect threats and vulnerabilities, and protect web applications and patient portals in a single integrated solution without the cost and effort of traditional approaches. Trend Micro Web App Security as a Service delivers: Complete Intelligent Application Testing o Provides organizations a complete suite of scanning products to identify and quickly remediate vulnerabilities for both in-house hosted and third party / Business Associate web applications and portals o Offers comprehensive testing of patient portal platforms (operating system, server, network) with over 50,000 checks o Allows scanning to be done on-demand or run continuously to assess third party Business Associate web applications Integrated Detection and Protection o Provides continuous monitoring of security controls for patient portals and other third party web applications, ensures vulnerabilities are quickly identified (industry average is 231 days to find) and minimizes the time to respond to security threats with the ability to quickly block new attacks Unlimited SSL o Allows customers to deploy SSL for patient and provider portals and other online applications to improve security and patient trust while significantly reducing infrastructure costs related to managing multiple SSL certificates o Integrates SSL health checking into the detection capabilities of the solution, allowing for time saving checks for configuration errors and certificate expiration for third party / Business Associate web applications including EHRs and patient/provider portals Integrated Management Console o Unlike other security offerings, platform and application vulnerability detection and protection is accomplished via a single integrated console including logging and reporting for internal and third party applications to substantially simplify operation and reduce resource requirements o Monitors web application reputation for third party Business Associate web applications to ensure reputation and categorization issues are identified and resolved 7

8 Conclusion Healthcare organizations are becoming increasingly dependent on web-based technologies such as patient portals to improve patient engagement and address government incentive and regulatory requirements. Organizations are also beginning to understand that HITECH/HIPAA compliance and information security risk assessments are not one-time events and must be implemented as part of a continual security monitoring and remediation program. The impact of lapses in security can be staggering and can cause significant financial harm, reputational damage, and loss of consumer confidence. As such, healthcare organizations must continuously work to identify web application weaknesses for EHRs and patient portals to defend against increasingly sophisticated external threats. The complexity of managing security requirements for third party hosted applications on web and mobile platforms further compounds the security compliance conundrum for healthcare entities. Automated web application security solutions such as Trend Micro Web App Security serve a critical role in supporting the development of robust information security programs to protect patient information for both in-house and third party hosted web applications. Trend Micro Web App Security provides a flexible and repeatable way to perform continual security risk assessments of patient portals and web-based healthcare platforms to demonstrate compliance with federal regulations and incentive programs and protect patients from the harm associated with health information exposure. 8

9 About Meditology Meditology Services LLC is a healthcare-focused advisory services firm with core principles of quality, integrity, loyalty and value. Our executive team has an average of 15 years of consulting and operational experience in healthcare with provider and payer clients nationally of varying size and complexity. We understand the importance of relationships and derive much of our business from a long list of satisfied clients who value the quality of our work products combined with the professionalism, approach, and innovative solutions we bring to our engagements. About Trend Micro As a global leader in cloud security, Trend Micro develops security solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we deliver top-ranked security that fits our customers needs, stops new threats faster, and protects data in physical, virtualized, and cloud environments. For More Information Contact: Meditology Services LLC 5256 Peachtree Road, Suite 190 Atlanta, GA Tel. (404)

Securing Patient Portals

Securing Patient Portals Securing Patient Portals What you need to know to comply with HIPAA Omnibus and Meaningful Use Brian Selfridge, Partner, Meditology Services, LLC Blake Sutherland, VP Enterprise Business, Trend Micro Brian

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

Meaningful Use and Security Risk Analysis

Meaningful Use and Security Risk Analysis Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper ARRA HITECH Stimulus HIPAA Security Compliance Reporter White Paper ARRA HITECH AND ACR2 HIPAA SECURITY The healthcare industry is in a time of great transition, with a government mandate for EHR/EMR systems,

More information

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer

More information

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered

More information

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

More information

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system

Overview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system Contents Overview... 3 Why Should We Hack Our Own Systems?... 4 Healthcare is a Soft Target... 4 How About Those Compliance Requirements... 5 Breach Avoidance: Compliance Is Not Enough... 6 Supporting

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Bill Moran and Betta Sherman

Bill Moran and Betta Sherman Compliance TODAY July 2013 a publication of the health care compliance association www.hcca-info.org How an eye doctor s son sees compliance an interview with Stephen Kiess Assistant General Counsel for

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

The HIPAA Omnibus Final Rule

The HIPAA Omnibus Final Rule WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

CA Technologies Healthcare security solutions:

CA Technologies Healthcare security solutions: CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA

More information

Architecting Security to Address Compliance for Healthcare Providers

Architecting Security to Address Compliance for Healthcare Providers Architecting Security to Address Compliance for Healthcare Providers What You Need to Know to Help Comply with HIPAA Omnibus, PCI DSS 3.0 and Meaningful Use November, 2014 Table of Contents Background...

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

More information

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Building Trust and Confidence in Healthcare Information. How TrustNet Helps Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)

More information

BEYOND THE EHR MEANINGFUL USE, CONTENT MANAGEMENT AND BUSINESS INTELLIGENCE

BEYOND THE EHR MEANINGFUL USE, CONTENT MANAGEMENT AND BUSINESS INTELLIGENCE WHITE PAPER BEYOND THE EHR MEANINGFUL USE, CONTENT MANAGEMENT AND BUSINESS INTELLIGENCE By Richard Nelli, Senior Vice President and Chief Technical Officer, Streamline Health PAGE 2 EXECUTIVE SUMMARY When

More information

2/27/2014. Meaningful Use as it Relates to HIPAA Compliance. Objectives and Agenda. Understand the statutory and regulatory background and purpose

2/27/2014. Meaningful Use as it Relates to HIPAA Compliance. Objectives and Agenda. Understand the statutory and regulatory background and purpose Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

January 30, 2015. Dear Dr. De Salvo:

January 30, 2015. Dear Dr. De Salvo: January 30, 2015 Karen DeSalvo, MD, MPH, MSc National Coordinator Office of National Coordinator for Health IT Department of Health and Human Services 200 Independence Ave, SW Washington, DC 20201 Dear

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

InfoGard Healthcare Services. 2015 InfoGard Laboratories Inc.

InfoGard Healthcare Services. 2015 InfoGard Laboratories Inc. InfoGard Healthcare Services 10 Steps To Protect My Covered Entity From Breach Your Presenters Alan Martin Account Manger Marvin Byrd Security Engineer Test and Certification Laboratory Healthcare Payment

More information

Document Imaging Solutions. The secure exchange of protected health information.

Document Imaging Solutions. The secure exchange of protected health information. The secure exchange of protected health information. 2 Table of contents 3 Executive summary 3 The high cost of protected health information being at risk 4 The compliance officer s dilemma: keeping PHI

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery

More information

Health Information Technology

Health Information Technology Background Brief on September 2014 Inside this Brief Terminology Relevant Federal Policies State HIT Environment, Policy, and HIT Efforts Staff and Agency Contacts Legislative Committee Services State

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

Guided HIPAA Compliance

Guided HIPAA Compliance Guided HIPAA Compliance HIPAA Solutions for Office Managers and Practitioners SecurityMetrics We protect business Since its founding in 2000, privately-held SecurityMetrics has grown from a small security

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.

More information

Santa Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid

Santa Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid Santa Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid February 11, 2011 Chris Apgar, CISSP President Overview ARRA & Meaningful Use Rule Overview

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

Converged Infrastructure: Meeting the New Challenges of Healthcare IT

Converged Infrastructure: Meeting the New Challenges of Healthcare IT WHITE PAPER Converged Infrastructure: Meeting the New Challenges of Healthcare IT Sponsored by: VCE Lynne Dunbrack March 2015 IDC HEALTH INSIGHTS OPINION Healthcare IT will play a central role in achieving

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

HIPAA Summit. March 10, 2011. Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC

HIPAA Summit. March 10, 2011. Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC HIPAA Summit March 10, 2011 Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC The Secretary shall provide for periodic audits to ensure that covered entities and business associates

More information

Secure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion

Secure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report

More information

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746

More information

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow.

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow. Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN Jonathan Krasner www.beinetworks.com www.hipaasecurenow.com Healthcare IT Landscape Meaningful Use Incentives Technology Advances

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

Compliance, Incentives and Penalties: Hot Topics in US Health IT

Compliance, Incentives and Penalties: Hot Topics in US Health IT Compliance, Incentives and Penalties: Hot Topics in US Health IT Table of Contents Introduction... 1 The Requirements... 1 PCI HIPAA ARRA Carrot and Stick How does third party assurance fit into the overall

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur

More information

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a

More information

HIPAA compliance audit: Lessons learned apply to dental practices

HIPAA compliance audit: Lessons learned apply to dental practices HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers

More information

Best Practices in HIPAA Security Risk Assessments

Best Practices in HIPAA Security Risk Assessments BUSINESS WHITE PAPER Best Practices in HIPAA Security Risk Assessments Safeguard your protected health information (PHI) and mitigate the risk of a data breach or loss. WHITEPAPER Best Practices in HIPAA

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions

More information

SECURETexas Health Information Privacy & Security Certification Program FAQs

SECURETexas Health Information Privacy & Security Certification Program FAQs What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare

More information

The Medicare and Medicaid EHR incentive

The Medicare and Medicaid EHR incentive Feature The Meaningful Use Program: Auditing Challenges and Opportunities Your pathway to providing value By Phyllis Patrick, MBA, FACHE, CHC Meaningful Use is an area ripe for providing value through

More information

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013.

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Business Associates have been part of the focus of the HIPAA regulations since 2003 when the privacy rule went

More information

HIPAA Security Risk Analysis for Meaningful Use

HIPAA Security Risk Analysis for Meaningful Use HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA

More information

Bridging the HIPAA/HITECH Compliance Gap

Bridging the HIPAA/HITECH Compliance Gap CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

Greenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013

Greenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013 Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies

More information

Ensuring Privacy & Security of Patient Information

Ensuring Privacy & Security of Patient Information Ensuring Privacy & Security of Patient Information Danika Brinda, Assistant Professor and REACH P&S Subject Matter Expert Jane McGrath, Program Manager REACH/Stratis Health Session 12, Thursday, June 12,

More information

Vendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire

Vendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

HIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13

HIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 HIPAA Changes 2013 Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 BEI Who We Are DC Metro IT Service Provider since 1987 Network Design/Upgrade Installation/Managed IT Services for small to medium-sized

More information

Privacy and Security: Meaningful Use in Healthcare Organizations

Privacy and Security: Meaningful Use in Healthcare Organizations Privacy and Security: Meaningful Use in Healthcare Organizations Phyllis A. Patrick, MBA, FACHE, CHC July 20, 2011 Webinar Essentials 1. Session is currently being recorded, and will be available on our

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

HIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com

HIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide

More information

The Case For HIPAA Risk Assessment. Leader s Guide

The Case For HIPAA Risk Assessment. Leader s Guide 4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,

More information

2013 Healthcare Compliance Benchmark Study

2013 Healthcare Compliance Benchmark Study 2013 Healthcare Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December of 2012, Compliance 360 (now part of SAI Global), conducted a survey among compliance professionals

More information

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents 2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

HIPAA in an Omnibus World. Presented by

HIPAA in an Omnibus World. Presented by HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters

More information

A smarter way to protect your brand. Copyright 2012 Compliance 360 All Rights Reserved

A smarter way to protect your brand. Copyright 2012 Compliance 360 All Rights Reserved A smarter way to protect your brand Minimizing Compliance Risks of Proactive OCR HIPAA Audits Copyright 2012 Compliance 360 All Rights Reserved Compliance 360 at a Glance Compliance, Risk and Audit Solutions

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information

Meaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM. www.getrealhealth.com

Meaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM. www.getrealhealth.com www.getrealhealth.com Meaningful Use Overview We are at the forefront of the patient engagement era. The American Recovery and Reinvestment Act of 2009 included the Health Information Technology for Economic

More information

Impact of Meaningful Use and Healthcare Transformation On Patient Access

Impact of Meaningful Use and Healthcare Transformation On Patient Access Impact of Meaningful Use and Healthcare Transformation On Patient Access Copyright 2011 BluePrint Healthcare IT. All rights reserved NAHAM Northeast Conference October 2011 Stamford, CT Introduction 1.

More information

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit Setting the Health Care Table: Politics, Economics, Health November 20-22, 2013 Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,

More information

Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments

Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments Regulatory and Risk Background When the Health Insurance Portability and Accountability Act Security Standard (HIPAA) was finalized

More information

The benefits you need... from the name you know and trust

The benefits you need... from the name you know and trust The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices

More information

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored

More information

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule ) HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address

More information

SOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information

SOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF SEPTEMBER 2014 Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT 94% of healthcare organizations

More information

Health Record Banking Alliance

Health Record Banking Alliance Health Record Banking Alliance From: William A. Yasnoff, MD, PhD, President, Health Record Banking Alliance To: Regulations.Gov Website at http://www.regulations.gov/search/regs/home.html#home Date: May

More information

2012 HIPAA Privacy and Security Audits

2012 HIPAA Privacy and Security Audits Office of the Secretary Office for Civil Rights (OCR) 2012 HIPAA Privacy and Security Audits Linda Sanches OCR Senior Advisor, Health Information Privacy Lead, HIPAA Compliance Audits OCR 1 Agenda Background

More information

Latest Changes in Healthcare Regulations and the IT Solutions Needed to Address Them

Latest Changes in Healthcare Regulations and the IT Solutions Needed to Address Them Latest Changes in Healthcare Regulations and the IT Solutions Needed to Address Them Five critical IT capabilities providers need to stay in front of today s evolving regulatory environment 1 Table of

More information

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)

More information

HIPAA: AN OVERVIEW September 2013

HIPAA: AN OVERVIEW September 2013 HIPAA: AN OVERVIEW September 2013 Introduction The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was enacted on August 21, 1996. The overall goal was to simplify and streamline

More information

Joe Dylewski President, ATMP Solutions

Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare

More information