5 HIPAA-Compliant Best Practices for Mobile Devices in Healthcare

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "5 HIPAA-Compliant Best Practices for Mobile Devices in Healthcare"

Transcription

1 5 HIPAA-Compliant Best Practices for Mobile Devices in Healthcare How to Enhance Patient Services Without Sacrificing Patient Privacy A FreedomPACS White Paper for the Healthcare Industry with a Special Focus on Radiology This white paper will help healthcare professionals, organizations and services to: Describe how mobile platforms are shaping the industry in terms of communication, workflow, diagnosis and patient care. Weigh the advantages and disadvantages of this technology in the healthcare environment. Understand privacy and security issues in light of HIPAA, HITECH and other laws. 4 5 Identify and implement specific physical, technological and administrative solutions and strategies to ensure legal compliance. Outline how mobile medical trends apply to radiology. 1

2 CONTENTS 5 HIPAA-Compliant Best Practices for Mobile Device Usage in Healthcare Executive Summary 3 Best Practice #1 Understand the Role of Mobile Platforms in the Medical Industry 4 Best Practice #2 Identify the Benefits of Mobile Devices in Healthcare 6 Best Practice #3 Know the Legal Issues Regarding Patient Privacy and Security 8 Best Practice #4 Avoid the Common Pitfalls of Mobile Device Usage 11 Best Practice #5 Minimize Risk with Administrative, Physical & Technological Strategies and Solutions 12 Conclusions 14 Research Sources 15 About FreedomPACS 15 2

3 EXECUTIVE SUMMARY Mobile device usage is on the rise. How should radiology and healthcare facilities respond to this trend? Society has exploded into the mobile age with handheld e-readers, tablet PCs and smartphones. People of all ages and backgrounds are using ipads, Androids, Kindles, Blackberrys and Galaxy Tabs for personal and professional reasons. In fact, mobile subscribers worldwide recently topped 5 billion. 1 Mobile Trend on the Rise In Healthcare It isn t surprising, then, that mobile platforms have also found their way into radiology and healthcare. Consider these recent usage and technology statistics: Approximately 2 out of 3 doctors 2 now operate a tablet while on the job. Over 80% of physicians use a mobile device (tablet or smartphone) at work. 3 Usage is popular among radiology residents: 74% own smartphones and 37% own tablets. 4 The Apple App Store features an inventory of nearly 14,000 medical applications for patients and clinicians. Physicians, nurses and other healthcare professionals incorporate mobile technology into their everyday routine. The convenience and portability of these devices help with communication, workflow, patient engagement and even diagnosis. Privacy and Security Concerns The efficiency of mobile platforms, however, is counterbalanced by various patient privacy and security concerns. Improper usage can trigger costly violations of the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health) laws. In light of these benefits and risks, how should radiology and the broader healthcare industry respond? This white paper addresses 5 best practices for utilizing mobile devices in healthcare and radiology: Understand the role of mobile platforms in the medical industry. Identify and harness the benefits of mobile devices. Know the legal issues regarding patient privacy and security. Avoid the common pitfalls of mobile device usage. Minimize risk with administrative, physical and technological strategies and solutions. 1 Applied Radiology 2 American Medical Association 3 American Bar Association 4 American College of Radiology 3

4 Best Practice #1: Understand the Role of Mobile Platforms in the Medical Industry Medical students, clinicians and patients are harnessing mobile technology in record numbers. By now, to say healthcare is going mobile is an understatement. This technology is a popular topic at professional medical conventions, including both the Radiological Society of North America (RSNA) and Healthcare Information and Management Systems Society (HIMSS). Residents and fully trained clinicians use at least one mobile device to learn their trade and carry out their work. Likewise, patient demand for medical apps is skyrocketing. Role in Health Education The role of mobile devices in med school goes way beyond the fact that many students and residents use them in their personal lives. Stanford University, the University of California-Irvine and multiple others have incorporated them into their medical programs. These institutions are embracing mobile technology in response to how professionals are now practicing their trade and with the goal of improved communication among clinicians, staff workers and patients alike. Professional Uses Among other things, physicians, nurses and other health practitioners use these devices to: View medical images. Access electronic health records. Measure and monitor patient vitals. Conduct medical research. Engage patients and track follow-up. Assist in making clinical decisions. Educate others on medical topics. Respond to emergency situations. Communicate with coworkers. Complete routine office tasks. For instance, referring physicians and radiologists use tablets to transmit medical images and communicate in real time about their findings. The high pixel resolution of tablets can aid radiologists in interpreting those images. Also, a mobile platform can function like a wireless doctor s bag if armed with the right medical apps. They help clinicians measure vitals, make diagnoses, remotely monitor patients or serve as portable, comprehensive health reference guides. 4

5 Understand the Role of Mobile Platforms in the Medical Industry Patient Uses Of the nearly 14,000 medical apps offered through Apple s App store, the majority of them are geared toward the public. 5 Health insurance companies are even sending out how-to guides to members on the benefits of mobile technology. Patients are responding, using them to take a more proactive role in personal health, including: Tracking fitness goals. Assessing general medical topics. Pricing prescriptions and finding generic equivalents. Monitoring certain conditions and vital signs through apps between visits. Accessing their electronic health records and even their clinician s diagnostic notes (when available). Scheduling appointments and contacting their physician directly about their case. 5 Applied Radiology 5

6 2 Best Practice #2: Identify the Benefits of Mobile Devices in Healthcare Between 66 and 83% of doctors use a mobile device at work to improve workflow and offer better overall service to patients. 6 As multi-functional tools, mobile platforms are advantageous to radiologists and other healthcare professionals, as well as patients. The benefits of this technology are numerous: saving time, enhancing communication, streamlining workloads, increasing patient engagement and even saving lives in emergencies. Saving Time and Improving Workflow Tablets, for example, save medical employees about 1.2 hours a day, 7 reports one recent study. Clinicians have all the necessary information at their fingertips; they don t have to waste time tracking it down from multiple sources. With mobile devices, health personnel can quickly investigate medications, contact insurance companies, access electronic health records and study medical images. This technology also cuts down the traditional lag time between referring physicians and radiologists. Because mobile devices serve as portable imaging viewers, they literally untie radiologists from traditional workstations, giving them yet another tool with which to efficiently interpret and deliver X-ray, CT, MRI and ultrasound studies. Connecting with Patients Medical professionals credit mobile platforms with increased patient engagement. For instance, during examinations, doctors can easily pull up medical images or research on their tablets to directly illustrate medical concepts, conditions or treatments to patients without ever leaving their side. Using the right safety protocols and permissions, this information can also be quickly shared with patients via mobile devices in-between clinical visits. 6 American Medical Association and American Bar Association 7 American Medical Association 6

7 2 Identify the Benefits of Mobile Devices in Healthcare In fact, the quantity of medical apps now on the market is evidence of the growing demand for a personalized, team-oriented approach to healthcare. And, as previously mentioned, patients are just as likely to take the initiative, using mobile technology to play an active role in their own health and well being as never before. Enhanced Service and Response Time Mobile devices allow health practitioners to provide a higher level of service when they re off-site. Clinicians can receive and respond to real-time vitals and status reports on their patients from virtually anywhere. They can also be instantly notified if a patient s condition turns critical. For example, when clinicians are waiting on the interpretations of medical images from off-site radiologists, mobile platforms can be lifesavers: decreasing turnaround time by making both referring physicians and radiologists more accessible. Furthermore, because certain medical apps can function like traditional medical monitoring devices, health personnel can offer even more care in emergency situations. 7

8 3 Best Practice #3: Know the Legal Issues Regarding Patient Privacy and Security In light of increased enforcement of HITECH and HIPAA policies, secure mobile device usage is a growing concern for healthcare providers and facilities. With the universalization of electronic health records looming by 2015, enforcement of patient privacy and security laws is at an all-time high. Improper mobile device usage in a healthcare setting can trigger expensive violations of those laws, specifically the regulations outlined under the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA and HITECH Overview On Aug. 21, 1996, HIPAA standardized national privacy and security requirements concerning patient health records. This legislation gave individuals increased access to their personal medical information and more influence over how that information is shared and used among insurers, health personnel, medical facilities and the like. Nothing in the federal law, however, prevents states from giving patients more rights and safeguards than those outlined under HIPAA. The goal of HITECH, enacted on Feb. 17, 2009, is to make all medical records electronic by Until that time, incentives are available to health entities that adopt this electronic format and the necessary technology to develop and sustain it. After 2015, those same entities face penalties for non-compliance. Consequently, electronic health information creates new privacy and security concerns. As a result, HITECH extends the scope of HIPAA in terms of stricter disclosure, notification and safety provisions 8 to minimize, prevent and handle any breaches of protected health information (PHI). These provisions even extend beyond the medical industry to certain parties who handle, store or transmit electronic PHI. 8 U.S. Department of Health & Human Services 8

9 3 Know the Legal Issues Regarding Patient Privacy and Security Mobile Platform Considerations Smartphone and tablet usage need to be in compliance with these two laws, especially the HIPAA Security Rule. This rule permits PHI to be shared electronically, but also requires appropriate administrative, physical and technical safeguards to be in place before doing so. Because a mobile device can record transmitted data in its memory or SIM card, PHI shared in this manner is vulnerable. PHI can be at risk because smartphones and tablets are compact and portable. 9 Although the portability and size are benefits, these two features also make it easier for: Health professionals to use personal mobile devices, instead of professional ones to share PHI. Personal devices are often not equipped with sufficient security safeguards, including passcodes and encryption, and can easily be used on unprotected public wireless networks. Mobile devices to be stolen, used by the wrong party or lost. Smartphones and tablets in healthcare usage need to be in compliance with the HIPAA Security Rule. 9 American Bar Association 9

10 Who Regulates Mobile Device Usage in Healthcare? HIPAA and HITECH aren t the only acronyms the medical industry needs to be aware of regarding mobile device usage. Five federal agencies each have a role in ensuring that when this technology is employed in a healthcare setting, all parties involved developers, transmitters, medical institutions and professionals are playing by the rules. Federal Communications Commission (FCC) Devices and systems based on radio-frequency fall under this agency s jurisdiction. The FCC oversees certain technological aspects of mobile platforms and their carrier networks. Federal Trade Commission (FTC) This agency prohibits developers and distributors of mobile technology from withholding significant information or falsely marketing devices and apps to the medical industry and the public alike. Food and Drug Administration (FDA) Because the FDA is responsible for protecting the public health, mobile devices used for medical diagnostic purposes fall under its authority. This agency regulates these platforms both in terms of safety and effectiveness. National Institute of Standards and Technology (NIST) Although non-regulatory, NIST helps establish guidelines for the secure use of technology, including computers and mobile devices. Many industries voluntarily adopt these guidelines as minimum standards, best practices and benchmarks. Office of Civil Rights (OCR) As part of the U.S. Department of Health and Human Services, this agency ensures that the healthcare industry complies with HIPAA. Like computers, mobile platforms must be used in such a way that sensitive health information remains protected and private. Source: Health IT Exchange s The ABCs of Federal Regulation for Mobile Devices in Healthcare 10

11 4 Best Practice #4: Avoid the Common Pitfalls of Mobile Device Usage In addition to legal considerations, healthcare facilities and professionals need to ensure that their technical infrastructure, IT support, development and internal policies are mobile-specific. Although privacy and security of protected health information should be the top two concerns of the medical industry, mobile device usage also raises other practical concerns. These involve defining or expanding internal policies, technical resources and task capabilities. In-House Mobile Policies Apparently, although usage on the job is high, only 38% of the participants in a HIMSS survey reported that their employer had implemented a sufficient mobile strategy. 10 To counteract this situation, an in-house policy needs to address mobile technology specifically and meet the following objectives: 1. Adhere to HIPAA s administrative safeguards, ensuring the integrity of protected health information (detailed in the next section). 2. Be available to all employees and necessary third parties (business associates, vendors, etc.) 3. Dedicate resources to stay on top of emerging developments in mobile technology, including new medical apps and devices. 4. Ensure that there are adequate technical resources in place (support and connectivity) to provide optimal mobile platform usage. Technical Considerations Legal considerations and insufficient internal policies may pose challenges; however, the lack of technical staff was the number one reason cited in another HIMSS study. 11 As with any technology used in a professional setting, medical facilities and organizations need sufficent IT professionals to oversee the facility s technology tools and wireless network capacity in terms of number of users, safety and productivity. Task Suitability When legal, employer and technical issues are resolved, healthcare professionals need to ensure that the device is suited to the task at hand. If the computer is the best medium for efficiency or workflow, then the accessibility of the mobile device may be secondary. 10 Applied Radiology 11 American Medical Association 11

12 5 Best Practice #5: Minimize Risk with Administrative, Physical and Technological Strategies and Solutions To ensure that mobile platform usage does not infringe on patient privacy and security rights, HIPAA requires appropriate administrative, physical and technical safeguards to be implemented. With the rise of mobile device usage and legal enforcement of patient privacy regulations, the risk of violations is increasing. Radiology and the wider healthcare industry need to adopt the recommended safeguards outlined under the HIPAA Security Rule to mitigate that risk. Administrative Safeguards The law defines safeguards as strategies that provide management, accountability and oversight structure, 12 including: Addressing the issue of personal mobile devices in the workplace. Periodically training new and existing staff on safe mobile platform use and educating them about HIPAA requirements, consequences, updates and best practices. Instituting a secure technical environment for mobile devices. Carrying out regular audits to ensure compliance with legal requirements and employer policies. Technical and Physical Safeguards Technical safeguards refer to solutions that protect against unauthorized use whether intentional or unintentional of mobile platforms. These include installing passcodes or firewalls, encrypting protected health information (PHI) and other sensitive data and deleting such data after each use. Technical safeguard best practices are: Staying on top of security software updates. Avoiding file sharing applications and open Wi-Fi networks. Researching new medical apps and downloads carefully before installation. Employing encrypted networks and data storage with redundant back-ups off-site. 12 U.S. Department of Health & Human Services 12

13 5 Minimize Risk with Administrative, Physical and Technological Strategies and Solutions For example, one solution is to utilize cloud technology for the retrieval and storage of patient records including radiology studies. The off-site, daily data backup benefits of the cloud (encrypted for privacy) help fulfill HIPAA security criteria while allowing clinicians to efficiently exchange PHI from mobile devices to improve workflow. Physical safeguards mainly refer to protections against loss and theft. Between 2009 and 2011, the federal government reported that the health information of 1.9 million individuals was compromised due to stolen or misplaced mobile platforms. 13 Physical safeguards include: Maintaining a list of all devices used by clinicians and other staff to exchange private medical data. Securely storing these platforms when not in use. Installing remote wiping and location technology tools in case of loss or theft. Employ encrypted networks and data storage with redundant back-ups off-site. 13 U.S. Department of Health & Human Services as accessed from the American Bar Association 13

14 CONCLUSIONS Implementing best practices on mobile device usage enables radiology and the wider healthcare industry to enhance patient care without sacrificing patient privacy. Balanced Approach The growing trend of mobile device usage among radiologists, healthcare professionals and patients presents many benefits and challenges. In light of the current legal and technological environment, healthcare facilities can be best served by taking a discerning, balanced approach. Mobile-specific internal policies, protocol and IT support need to be instituted that reduce the likelihood of HIPAA and HITECH privacy and security violations; however, it is key that these policies continue to enable the documented advantages of mobile technology, including saving time, improving workflow and communication, enhancing service and increasing patient engagement. In Review: Best Practices for Using Mobile Devices Medical professionals in radiology and throughout the healthcare industry can have both security and efficiency by adopting the five best practices for mobile platform usage: Best Practice #1: Understand the Role of Mobile Platforms in the Medical Industry Best Practice #2: Identify the Benefits of Mobile Devices in Healthcare Best Practice #3: Know the Legal Issues Regarding Patient Privacy and Security Best Practice #4: Avoid the Common Pitfalls of Mobile Device Usage Best Practice #5: Minimize Risk with Administrative, Physical and Technological Strategies and Solutions Implementation Steps Following three steps will put medical facilities, professionals and healthcare providers on the right track for implementing safeguards as outlined under federal law. 1. Examine current technical resources and data protection strategies. 2. Stay informed of trends, regulations and legal developments, like the HIPAA final omnibus rule. 3. Adapt internal policies in response to mobile platform and technology trends. This will ensure that all can harness the benefits of mobile platforms while simultaneously avoiding the potential security pitfalls of this technology. 14

15 Research Sources The content for this white paper was obtained from the following: 1. American Bar Association 2. American Medical Association 3. Applied Radiology 4. Becker s Hospital Review 5. Health IT Exchange 6. National Institute of Standards and Technology 7. Radiology Today Magazine 8. Radiological Society of North America 9. U.S. Department of Health & Human Services About FreedomPACS FreedomPACS a medical picture archiving and communication system (PACS) that provides convenient access and archiving of radiology images from multiple modalities. Using cloud or server technology, FreedomPACS incorporates DICOM standards and is accessible on both PCs, Macs, and mobile platforms. FreedomPACS Cloud offers secure, HIPAA-compliant off-site storage for radiology images. Available with or without a PACS system, this affordably priced resource harnesses the protection and efficiency of the cloud. It provides instant access and an optional cross-platform diagnostic viewer. FreedomPACS is owned by MN Systems, a medical software development company, based in Southfield, Michigan, formed from a joint venture between ALZ, Inc. and the Michigan Head and Spine Institute (MSHI). The company provides practical, cost-effective software solutions for the healthcare industry. PACS To learn more about these and other leading-edge medical software solutions, contact FreedomPACS at , or 15

16 Enhance Patient Services Without Sacrificing Patient Privacy FreedomPACS by MN Systems Northwestern Highway, Suite 100 Southfield, Michigan Phone: Fax: Website: Facebook: Twitter: by MN Systems (Owner of FreedomPACS ) This white paper is for informational purposes only and represents the opinion of MN Systems based on the sources provided. The company retains all rights to the white paper, which is accurate as of the publication date, March Duplication, in whole or in part, via any medium is prohibited with the prior permission of MN Systems. 16

Three Business Challenges Every Medical Practice Needs to Know About

Three Business Challenges Every Medical Practice Needs to Know About Three Business Challenges Every Medical Practice Needs to Know About As medical practices adapt to increasing technology, security and government requirements, it can be a challenge to serve patients effectively

More information

HIPAA compliance audit: Lessons learned apply to dental practices

HIPAA compliance audit: Lessons learned apply to dental practices HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers

More information

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones

More information

Mobile Device Management for CFAES

Mobile Device Management for CFAES Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

HIPAA Security Rule Changes and Impacts

HIPAA Security Rule Changes and Impacts HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing

More information

HEALTHCARE IN THE CLOUD

HEALTHCARE IN THE CLOUD HEALTHCARE IN THE CLOUD SPI Innovations offers cloud computing services to healthcare providers in hopes of providing a breadth of solutions, including increased security, accessibility and productivity.

More information

THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY

THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY EXECUTIVE SUMMARY Email is a critical business communications tool for organizations of all sizes. In fact, a May 2009 Osterman Research survey

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

The CIO s Guide to HIPAA Compliant Text Messaging

The CIO s Guide to HIPAA Compliant Text Messaging The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Four-step plan for HIPAA-compliant electronic communications. A road map for secure clinical communications

Four-step plan for HIPAA-compliant electronic communications. A road map for secure clinical communications Four-step plan for HIPAA-compliant electronic communications A road map for secure clinical communications September 2014 Contents 1. Perform a formal risk analysis 3 2. Develop a risk management strategy

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Golder Cat-Scan & MRI Center Automates Imaging Center Workflows

Golder Cat-Scan & MRI Center Automates Imaging Center Workflows CASE STUDY Golder Cat-Scan & MRI Center Automates Imaging Center Workflows any health information system any application, for any specialty, anywhere endless possibilities TEXAS QUICK FACTS GOLDER CAT-SCAN

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

SOOKASA WHITEPAPER HIPAA COMPLIANCE. www.sookasa.com

SOOKASA WHITEPAPER HIPAA COMPLIANCE. www.sookasa.com SOOKASA WHITEPAPER HIPAA COMPLIANCE www.sookasa.com Demystifying HIPAA Compliance in the Cloud Healthcare s challenges There s no shortage of signals that the healthcare industry is under pressure: To

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

INTRODUCTION TO HIPAA COMPLIANCE UNDERSTAND YOUR PATHWAY TO HIPAA COMPLIANCE

INTRODUCTION TO HIPAA COMPLIANCE UNDERSTAND YOUR PATHWAY TO HIPAA COMPLIANCE INTRODUCTION TO HIPAA COMPLIANCE UNDERSTAND YOUR PATHWAY TO HIPAA COMPLIANCE INTRODUCTION TO HIPAA COMPLIANCE 2 ABOUT HIPAA COMPLIANCE Health Insurance Portability and Accountability Act (HIPAA) compliance

More information

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer

More information

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group HOW TO REALLY IMPLEMENT HIPAA Presented by: Melissa Skaggs Provider Resources Group WHAT IS HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104 191, 110 Stat. 1936,

More information

Meaningful Use and Security Risk Analysis

Meaningful Use and Security Risk Analysis Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

HIPAA, PHI and Email. How to Ensure your Email and Other ephi are HIPAA Compliant. www.fusemail.com

HIPAA, PHI and Email. How to Ensure your Email and Other ephi are HIPAA Compliant. www.fusemail.com How to Ensure your Email and Other ephi are HIPAA Compliant How to Ensure Your Email and Other ephi Are HIPAA Compliant Do you know if the patient appointments your staff makes by email are compliant with

More information

THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY

THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY THE IMPORTANCE OF EMAIL ENCRYPTION IN THE HEALTHCARE INDUSTRY EXECUTIVE SUMMARY Email is a critical business communications tool for organizations of all sizes. In fact, a May 2009 Osterman Research survey

More information

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and

More information

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA/HITECH Compliance Using VMware vcloud Air Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the

More information

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment (SRA) Tool User Guide Version Date: March 2014

More information

Regulations and compliance for enterprise mhealth applications

Regulations and compliance for enterprise mhealth applications Regulations and compliance for enterprise mhealth applications Contents Mobilizing healthcare applications 4 Security Concerns and Challenges 5 Defining the application 'Does your mobile app need FDA approval?

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

Preparing for the HIPAA Security Rule

Preparing for the HIPAA Security Rule A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS

REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS REGULATIONS AND COMPLIANCE FOR ENTERPRISE MOBILE HEALTH APPLICATIONS Author: Dilip Chatulingath A RapidValue Solutions Whitepaper Contents Mobilizing healthcare applications 01 Security concerns and challenges

More information

HIPAA Requirements and Mobile Apps

HIPAA Requirements and Mobile Apps HIPAA Requirements and Mobile Apps OCR/NIST 2013 Annual Conference Adam H. Greene, JD, MPH Partner, Washington, DC Use of Smartphones and Tablets Is Growing 2 How Info Sec Sees Smartphones Easily Lost,

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

DISCLAIMER. HIPPAA Notice of Privacy. HIPAA Notice of Privacy Practices Printable PDF. Effective November 1, 2015

DISCLAIMER. HIPPAA Notice of Privacy. HIPAA Notice of Privacy Practices Printable PDF. Effective November 1, 2015 DISCLAIMER Direct Medical Imaging LLC (DMI) dba Pembina High Field MRI provides scanning and services, including an interpretation of the scan by a board certified radiologist. DMI cannot and does not

More information

OCR/HHS HIPAA/HITECH Audit Preparation

OCR/HHS HIPAA/HITECH Audit Preparation OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education

More information

Easing the Burden of Healthcare Compliance

Easing the Burden of Healthcare Compliance Easing the Burden of Healthcare Compliance In This Paper Federal laws require that healthcare organizations that suspect a breach of sensitive data launch an investigation into the matter For many mid-sized

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015 What Every Organization Needs to Know about Basic HIPAA Compliance and Technology April 21, 2015 Who are these handsome fellas? Jamie Wolbeck (VP Of Operations) jamiew@sccnet.com Ron Shelby (Sr. Account

More information

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them Mobile Security Top Five Security Threats for the Mobile Enterprise and How to Address Them Today s countless mobile devices present tangible opportunities to drive measurable and substantial value for

More information

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Table of Contents Introduction... 3 1. Data Backup: The Most Critical Part of any IT Strategy...

More information

7i Imaging on Demand PACS Solution FAQ s

7i Imaging on Demand PACS Solution FAQ s 7i Imaging on Demand PACS Solution FAQ s Standards: 1. Do you use any proprietary software to manage the images? No, our image management software manages the images and is fully DICOM compliant with no

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information

A 5-STEP PLAN TO PREPARE FOR HEALTHCARE. A Complimentary White Paper from

A 5-STEP PLAN TO PREPARE FOR HEALTHCARE. A Complimentary White Paper from A 5-STEP PLAN TO PREPARE FOR BYOD IN HEALTHCARE A Complimentary White Paper from A 5-step plan to prepare for BYOD in health care A Complimentary White Paper from Healthcare Business & Technology Nearly

More information

Telemedicine: Opportunities and Challenges

Telemedicine: Opportunities and Challenges Telemedicine: Opportunities and Challenges An Everbridge White Paper Introduction Physicians face an increasing array of non-clinical demands on their time in some practices doctors spend as much time

More information

Applying Information Lifecycle Management Strategies Enables Healthcare Providers to Accelerate Clinical Workflow

Applying Information Lifecycle Management Strategies Enables Healthcare Providers to Accelerate Clinical Workflow An EMC Healthcare Perspective Applying Information Lifecycle Management Strategies Enables Healthcare Providers to Accelerate Clinical Workflow By Roberta A. Katz Healthcare Information Technology Challenges........2

More information

HIPAA: Bigger and More Annoying

HIPAA: Bigger and More Annoying HIPAA: Bigger and More Annoying Instructor: Laney Kay, JD Contact information: 4640 Hunting Hound Lane Marietta, GA 30062 (770) 312-6257 (770) 998-9204 (fax) laney@laneykay.com www.laneykay.com OFFICIAL

More information

DGPeterson, LLC. HIPAA Security Auditors Report. Prepared for: Vigilant Medical, LLC Date: January 28, 2011. HIPAA Privacy & Security Consulting

DGPeterson, LLC. HIPAA Security Auditors Report. Prepared for: Vigilant Medical, LLC Date: January 28, 2011. HIPAA Privacy & Security Consulting DGPeterson, LLC HIPAA Privacy & Security Consulting HIPAA Security Auditors Report Prepared for: Vigilant Medical, LLC Date: January 28, 2011 DGPeterson, LLC Page 1 of 9 DGPeterson, LLC HIPAA Privacy &

More information

Six Steps Healthcare Organizations Can Take to Secure PHI on Mobile Devices

Six Steps Healthcare Organizations Can Take to Secure PHI on Mobile Devices Six Steps Healthcare Organizations Can Take to Secure PHI on Mobile Devices As an IT professional for a covered entity in the heavily regulated health care field, you no doubt worked hard building a secure

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

FIVE COMPELLING REASONS TO REEVALUATE YOUR TEST RESULTS PROCESS. spok.com

FIVE COMPELLING REASONS TO REEVALUATE YOUR TEST RESULTS PROCESS. spok.com SM FIVE COMPELLING REASONS TO REEVALUATE YOUR TEST RESULTS PROCESS In this ebrief we look at why increasing the efficiency of critical test results management (CTRM) is of vital importance for your organization

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

More information

What s New with HIPAA? Policy and Enforcement Update

What s New with HIPAA? Policy and Enforcement Update What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

NCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup

NCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NCHICA HITECH Act Breach Notification Risk Assessment Tool Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NORTH CAROLINA HEALTHCARE INFORMATION AND COMMUNICATIONS ALLIANCE, INC August

More information

The benefits you need... from the name you know and trust

The benefits you need... from the name you know and trust The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for

More information

Upcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies?

Upcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies? Upcoming : How Prepared and Confident are Medical Practices and Billing Companies? - Presented by NueMD a complete medical billing and practice management software solution company has partnered with Porter

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

HIPAA and Cloud IT: What You Need to Know

HIPAA and Cloud IT: What You Need to Know HIPAA and Cloud IT: What You Need to Know A Guide for Healthcare Providers and Their Business Associates GDS WHITE PAPER HIPAA and Cloud IT: What You Need to Know As a health care provider or business

More information

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013

HIPAA Enforcement. Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services. December 18, 2013 Office of the Secretary Office for Civil Rights () HIPAA Enforcement Emily Prehm, J.D. Office for Civil Rights U.S. Department of Health and Human Services December 18, 2013 Presentation Overview s investigative

More information

The HIPAA Omnibus Final Rule

The HIPAA Omnibus Final Rule WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Managing data security and privacy risk of third-party vendors

Managing data security and privacy risk of third-party vendors Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected

More information

AnswerNow Guides How New HIPAA Regulations Impact Medical Answering Services

AnswerNow Guides How New HIPAA Regulations Impact Medical Answering Services How New HIPAA Regulations Impact Recent updates to the Health Insurance Portability & Accountability Act of 1996 (known as HIPAA) have caused major waves throughout the healthcare and medical answering

More information

Q: How does a provider know if their Email system has encryption? Do big email services (gmail, yahoo, hotmail, etc.) have built-in encryption?

Q: How does a provider know if their Email system has encryption? Do big email services (gmail, yahoo, hotmail, etc.) have built-in encryption? Q: How does a provider know if their Email system has encryption? Do big email services (gmail, yahoo, hotmail, etc.) have built-in encryption? A. Most e-mail systems do not include encryption. There are

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act

More information

Business Associates and HIPAA

Business Associates and HIPAA Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business

More information