Healthcare Information Management: A New Urgency

Size: px
Start display at page:

Download "Healthcare Information Management: A New Urgency"

Transcription

1 Healthcare Information Management: A New Urgency A Proofpoint White Paper threat protection compliance archiving & governance secure communication

2 Contents The Problem: Too much information, too little management...3 Healthcare Regulatory Requirements... 4 Information Management Drivers for Healthcare Providers... 4 Regulatory Compliance...4 ediscovery/litigation Preparedness...4 Worker Productivity...5 Information Security/Privacy...5 Proactive Healthcare Information Management... 6 How Proofpoint Can Help In Proactive Healthcare Information Management...7 About Proofpoint... 9 Glossary: Summary of Regulations Impacting Information Governance in the Healthcare Industry / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

3 The Problem: Too much information, too little management In June 2011, IDC published a report titled Extracting Value from Chaos where they estimated that by the end of that year, the amount of existing digital information world-wide will surpass 1.8 Zettabytes or 1,800 Exabytes. In their 2012 follow-on report titled: The Digital Universe in IDC estimated that world-wide digital information was doubling every two years meaning that by the end of 2014, the total amount of existing digital data would surpass 7 Zettabytes or 7,000 Exabytes. This unrestrained growth is making it extremely difficult for organizations to capture, manage, store, share and dispose of information in any meaningful way - without additional capabilities. Absent an explicit regulatory mandate, many health care organizations have followed the information management practice of keeping everything forever, relying on employees to manage their own information, which in most cases, meant they didn t manage it at all. This practice leads to what many refer to as covert archiving where individuals end up keeping just about everything in their own unmanaged repositories, including file shares, systems, SharePoint systems, rouge personal clouds and external social networking sites. These covert archives effectively lock most of the organization s information away from IT and Records Management and yields dark data ; unmanaged data permeating the enterprise. This is the root of the information overload problem. In the 2013 AIIM Industry Watch report, 49% of survey respondents said that they had experienced issues with regulatory authorities due to a lack of complete electronic information. AIIM Industry Watch: Information Governance records, risks and retention in the litigation age As organizations have put off addressing this growing problem, they are quickly reaching a point of no return. This unrestrained information build-up in organizations raises the cost of storage, exposes sensitive information, negatively affects employee productivity, raises the cost and risk of ediscovery and puts regulatory compliance at risk. Many organizations have now reached an inflection point; get control of your information to enable security, compliance, and innovation, or continue down the current path of information anarchy and pay the consequences. Within the healthcare industry, this strategy is costly. The healthcare industry generates huge amounts of information, the majority of which fall into a rapidly changing regulatory landscape including clinical data, patient records, and financial information. New healthcare laws like the Affordable Care Act (Obama Care) and existing laws like the Health Insurance Portability and Accountability Act (HIPAA), mandate that healthcare providers have an ethical, professional, legal, and business responsibility to protect, secure and manage the information in their care. Inadequate information management processes which can lead to inadvertent release of PHI can trigger serious consequences including massive fines, loss of business due to negative publicity, lawsuits, forfeiture of accreditation, and loss of shareholder equity. Under the new HIPAA Final Omnibus Rule, covered entities and business associates responsible for violating HIPAA privacy and security rules by failing to safeguard patient protected health information could face a potential of up to $1.5 million in annual fines 2. Security related incidents cost U.S. hospitals $1.6 billion each year or an average $810,000 per security breach. Healthcare IT News: Healthcare s slack security costs $1.6B 1 THE DIGITAL UNIVERSE IN 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in the Far East 2 Healthcare IT News: HIPAA data breaches climb 138 percent 3 / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

4 Healthcare Regulatory Requirements Several new regulations as well as recent changes/additions to existing regulations will make 2014 a year of change and increased risk for healthcare providers. These changes include the HIPAA Omnibus Final Rule, which extends HIPAA security rules, strengthens the limitations on use of PHI for marketing purposes, and expands the obligations to protect PHI to Business Associates. Additionally, the Affordable Care Act (ACA) has created a number of new reporting obligations impacting providers who treat Medicare and Medicaid patients. See the glossary at the end of the document for a detailed description of the healthcare related regulations. Information Management Drivers for Healthcare Providers The amount of data the average healthcare worker creates and comes into contact with on a daily basis makes it difficult to for them to effectively manage individually. Because of that, healthcare providers are in need of solutions that can enforce retention/ disposition policies, control information access for privacy, and protect information through secure storage repositories and encryption technologies. Healthcare organizations look to information management technology to solve a range Figure 1: Healthcare Information Management Drivers of issues usually including regulatory requirements, litigation support/ediscovery, worker productivity, and information security and privacy. These challenges can cost the healthcare provider a great deal of money and raise the risk of non-compliance. Regulatory Compliance The same regulatory bodies discussed in the previous section conduct compliance audits to ensure records retention and security/privacy guidelines are being followed which in turn place increasing pressure on healthcare providers to better manage their information infrastructure. An effective information management capability will ensure that regulated information is captured, stored, secured, managed, and made available for review if requested. ediscovery/litigation Preparedness For most healthcare organizations, lawsuits are a common occurrence that continues to be a major expense. An ediscovery request seeks any information which could support the plaintiff s case against them. It is the responsibility of the party responding to a discovery request to make a good faith attempt to find all potentially relevant information and turn it over to the opposing counsel. Because healthcare providers are required via regulatory edict Under HIPAA, the provider has 30 days from receipt of a patient s request to access medical records, to provide the medical records to the patient. 4 / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

5 to retain large amounts of information, healthcare related discovery can be especially costly and time consuming. In practice this can translate to thousands of review hours totaling millions of dollars for a single case. Much like the regulatory challenge mentioned above, an information management program will ensure all information is managed and stored in a way as to enable fast and comprehensive ediscovery response. Worker Productivity The human element of healthcare expense amounted to approximately 56% 3 of every dollar spent in While labor is by far the largest expense in healthcare, it has experienced little gain in productivity over the last 20 years unlike other sectors. One reason is the paperwork and reporting requirements required by regulatory agencies, insurance companies, and the legal industry. The HITECH Act of 2009 is an attempt to improve worker productivity by motivating the adoption of electronic health records (EHR) to improve patient care but also enable improved information management among healthcare entities. The logical next step is to incorporate these benefits into a larger information management program to positively influence worker productivity. Nearly 1 in 5 Healthcare providers experienced a security breach and about 1 in 8 have had at least 1 case of medical identity theft. Modern Healthcare, 2/20/2014 Information Security/Privacy The original HIPAA Security Rule established stringent national standards to protect individuals electronic personal health information which is created, received, used, or maintained by a covered healthcare entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI. The HITECH Act was created to speed the movement from paper-based medical records to electronic health records (EHR) and supporting technology. Because of HITECH, the movement to EHR has progressed. The HITECH Act required the Department of Health and Human Services to publish and update annually, suggested practices and procedures that could be used to ensure EHR and PHI is unusable and unreadable to entities and individuals not authorized to access sensitive data. A preferred method of securing PHI is with the use of encryption technology. Adopting encryption technology as the preferred method of rendering PHI unreadable, unusable, and indecipherable to unauthorized individuals is important because if PHI is encrypted in the suggested manner, a safe haven is created from the costly reporting requirements if a breach occurs or data is lost, stolen, misplaced or a hack is attempted. The definition of a data breach was updated in in the HIPAA/HITECH final ruling in 2013 to: a data breach will have occurred if there has been any unauthorized acquisition, access, use, or disclosure of protected health information (PHI) unless it can be proved that the likelihood that the PHI has been compromised is low 4. Without the safe haven protection, the maximum penalty for a HIPAA violation is now $50,000 per violation and $1.5 million for multiple identical violations. A healthcare entity can claim a complete defense only if the violation was not due to willful neglect and corrected within thirty days of when the violation was discovered by the entity. Because is becoming an essential tool for providers and patients to communicate, security/privacy concerns must be addressed so that and attachment security can be ensured. To guarantee patient privacy is preserved (and provider liability reduced), policy-based /attachment encryption functionality will need to be quickly adopted. 3 The New England Journal of Medicine: Rethinking Health Care Labor 4 Final ruling for HIPAA/HITECH Act protects patients from data breaches Notable HIPAA Data Breaches in 2013 Advocate Medical Group People Affected: 4,029,530 Date of Breach: 7/15/2013 Stolen laptops AHMC Healthcare People Affected: 729,000 Date of Breach: 10/12/2013 Stolen laptops Indiana Social Services Administration People Affected: 187,533 Dates of Breach: 04/06-05/21/2013 Mailing mishap Cogent Healthcare, Inc. People Affected: 32,151 Dates of Breach: 05/05-06/24/2013 Patient history was stored on a non-secure site Delta Dental of Pennsylvania People Affected: 14,829 Date of Breach: 3/20/2013 Mailing mishap 5 / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

6 Proactive Healthcare Information Management One of the major challenges the healthcare industry continues to face is government regulations which require healthcare providers to capture, store, manage and protect sensitive data. They must also ensure that it s readily available whenever requested by patients or needed for compliance audits or ediscovery. With potential penalties of up to $1.5 million per occurrence for non-compliance, healthcare organizations are under pressure to ensure they are meeting all expectations. The benefits of proactive information management are now becoming widely acknowledged as the best method to ensure regulatory compliance as well as to reduce costs and lower overall risk when involved in litigation. There are several best practices known to reduce information management risk and cost associated with regulatory compliance and litigation preparedness. They are: 1. Reduce the number of information silos: Healthcare organizations tend to add technology over time to account for stresses on the enterprise due to growth, new regulatory requirements or both. Many times these technology additions fall short in working and communicating with other enterprise systems. This technology creep greatly complicates information management practices which in turn drive up overall cost and the risk of non-compliance. All new technology purchases should always include a discussion with key departments on how new purchase will impact the current information management strategy with the goal of a single platform for information management, regulatory compliance and litigation preparedness. 2. Identify, track, manage and control dark data: This usually unstructured data is usually created and managed by end-users and stored in local repositories unavailable to the rest of the organization and any information management functionality. Because dark data is not managed centrally, regulatory information is lost, deleted, and not made available for information requests by regulators. PII and PHI can be inadvertently leaked outside the organization multiplying monetary penalties and risk. 3. Limit the storage repositories end-users have access to: Create policies and adopt technology which enforces unstructured data storage to a single enterprise repository. Without technology to limit repositories, end-users can and will store sensitive and controlled data to their local hard disk, a personal share drive, removable storage devices, personal rogue clouds, social media sites or even personal accounts. 4. Implement clear Social media policy: Social media is a business tool but can also create compliance risk as HIPAA considers social the same as any other form of communication, subject to the same requirements for managing PHI. If social media use is an accepted business strategy, create a social media use policy, train all employees on it, and put systems in place to capture and report on organization related social media use. 6 / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

7 5. Monitor the creation and movement of ephi, EHR and all sensitive information: With the new, higher fines for security/privacy violations, sensitive information leakage, either through theft or inadvertent actions by employees, is a sizable liability that should be addressed as soon as possible. The ability to monitor those systems within the enterprise to accurately identify, report on and ensure sensitive information is being used and managed per official policy access controls in place, approved storage repositories are used, and encryption is in use - is key to avoiding leakage of sensitive information. Achieving best practices for sensitive information security/privacy is a two stage process. First, the ability to identify and monitor all sensitive information flowing through the enterprise and act on any policy departure and second, automation to ensure sensitive information is encrypted when in transit and easy decryption when the correct access rights are certified. The proper automation and policies/procedures will ensure inadvertent policy transgressions are caught and corrected. How Proofpoint Can Help In Proactive Healthcare Information Management Policies and procedures can only go so far if the amount and variety of information outpaces the ability of the human element to manually mange it. Policies and procedures will actually add additional work to the information management process if technology to automate much of the processes isn t adopted. To affectively meet the goal of proactive information management, six key elements should be addressed. They are: Detect ephi and other sensitive information. Figure 2: Key Elements of Proactive Information Management 7 / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

8 1. Monitor for and detect sensitive information including PHI: Unauthorized access and theft of sensitive information for both patients and employees are an ongoing liability for healthcare providers. However, PHI leakage also occurs from within the enterprise through the system and inadvertent employee disclosure. To stop sensitive information from leaving the corporate system, a data loss prevention (DLP) capability is needed. The right DLP solution will automatically scan and accurately identify sensitive content subject to the security/privacy policy and determine data transfer rights of all and attachments. The right DLP solution will also noticeably reduce the problems associated with false positives where the system identifies content as sensitive when in reality it is not. False positive identification can dramatically bog down systems if the false positive error rates are too high. Too many false positive tend to reduce reliance of these systems. 2. Encrypt PHI to enable secure doctor-patient communication: Effective doctor-patient communication is a central clinical function in building a successful doctor-patient relationship. This communication channel is important in the delivery of high-quality healthcare but can also be a risk if those communications are not protected. Because both Doctors and patients are not experts in encryption technology, the process should be seamless to both so that the exchange of information is trouble free and positive. Figure 3: Encryption/Decryption handled automatically 3. Manage HIPAA and Medicare Document Retention/Disposition periods: There are many documentation retention requirements under HIPAA, HITECH, ACA and OSHA to name just a few of the Federal regulatory laws. Also, each state produces their own document retention policies that dictate health related document retention for healthcare related activities. An automated system to capture and manage specific document types to specific retention periods tailored to the healthcare industry and regulatory requirements would relieve doctors, nurses, and administrators from the additional requirement of becoming records administrators. 4. Securely retain and track dark data: The Compliance, Governance and Oversight Counsel (CGOC) conducted a survey in 2012 that showed that on the average, 1% of organizational data is subject to litigation hold, 5% is subject to regulatory retention requirements and 25% had some business value. This means that approximately 69% of any organization s retained data potentially has no business value and could possibly be disposed of without legal, regulatory or business consequences. A large percentage of this potentially valueless information is considered ROT redundant, outdated or transitory and can raise the cost of compliance as well as ediscovery if not tracked, managed and disposed of when appropriate. Figure 4: CGOC breakdown on enterprise data 8 / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

9 5. Reduce or eliminate dependence on backup tapes: Backup tapes in the past were great disaster recovery tools. Many organizations began to use their backup process to create archives for regulatory retention. The obvious problem with this strategy is the cost and time to restore enough backup tapes to find the data requested in the regulatory information request. On the average, the cost to restore a backup tape and search it is approximately $500 per tape. If the information is spread across several tapes, the cost obviously rises. Additionally, ediscovery response can be even more expensive, costing an additional $20,000 per Gigabyte to cull and review documents for relevancy to a case. Many organizations have found that the cost of proactively tracking and managing all of your enterprise data is much less than the cost to reactively find and review it for legal discovery. 6. Effective use of the Cloud: As is the case for many organizations, IT staff within healthcare organizations must do more with less. Consequently, more have turned toward cloud solutions to improve TCO and reduce management hassle. But, for Legal and Compliance departments, moving to the cloud can raise questions about information access and control. In order to address these concerns, several cloud providers combines cloud storage with capabilities and expertise around content management, retention management, regulatory compliance, archiving, and ediscovery. These capabilities are critical to ensure that all client information is properly evaluated, managed, retained and defensibly disposed of based on the client s regulatory, legal, and business requirements. About Proofpoint Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance and secure communications. Organizations around the world depend on Proofpoint s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at 9 / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

10 Glossary: Summary of Regulations Impacting Information Governance in the Healthcare Industry HIPAA HIPAA Omnibus Final Rule HITECH ACT The Health Information Technology for Economic and Clinical Health Act The Affordable Care Act OSHA Occupational Health Services HIPAA establishes standardized processes and procedures for electronic data interchange (EDI), security, and confidentiality of all healthcarerelated data. HIPAA Records Retention: HIPAA does not prescribe how long records are to be retained, leaving that to the individual states. However, HIPAA administrative simplification rules require a covered entity, such as a physician billing Medicare, to retain required documentation for 6 years from the date of its creation or the date when it last was in effect, whichever is later. HIPAA requirements preempt State laws if state laws require shorter periods. The 2013 HIPAA Omnibus Final Rule covered changes to existing regulations such as the Health Information Technology for Economic and Clinical Health Act (HITECH), final regulations for breach notifications, and enhanced privacy protections required under the Genetic Health Nondiscrimination Act. The security rule requires providers to protect the confidentiality, integrity and availability of protected health information. Makes business associates and subcontractors of covered entities directly liable for compliance with the HIPAA Privacy and Security Rule requirements. Strengthens the limitations on the use and disclosure of PHI for marketing and fundraising purposes, and prohibits the sale of PHI without the individual s authorization. Adopts the additional HITECH Act enhancements to the Enforcement Rule, particularly regarding privacy breaches and penalties. HITECH imposes stringent regulatory requirements under the security and privacy rules of HIPAA. HITECH also increases civil penalties for a HIPAA violation. The HITECH Act created a tiered approach to civil monetary penalties for violations of HIPAA. The ACA directly affects employers, insurance companies, Medicare providers, and health care consumers. The ACA prescribes specific information retention requirements on healthcare providers treating Medicaid and Medicare patients as well as health insurance providers. Healthcare providers that offer occupational health services (OHS) have additional legal, retention and privacy requirements to consider. An OHS provider must decide, whether it is part of the practice of the healthcare organization or part of the administration (employer). This relationship defines how records are stored, who has access to which elements, and whether a signed release is needed. Proofpoint, Inc. 892 Ross Drive, Sunnyvale, CA Tel: / Proofpoint, Inc. Proofpoint is a trademark of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 03/14

Information Governance Challenges and Solutions

Information Governance Challenges and Solutions Challenges and Solutions In this modern information age, organizations struggle with two things: the problem of too much electronic data and how to govern the data. Each year, the speed of information

More information

WHITE PAPER. Deficiencies in Traditional Information Management

WHITE PAPER. Deficiencies in Traditional Information Management WHITE PAPER Deficiencies in Traditional Information Management Table of Contents 3 Abstract 3 Information Management Defined 7 Problems with Traditional Approaches 8 Conclusion Table of Figures 5 Figure

More information

Financial Sector Information Management: Data Rich, Information Poor

Financial Sector Information Management: Data Rich, Information Poor Financial Sector Information Management: Data Rich, Information Poor threat protection compliance archiving & governance secure communication Contents The Problem: Data Proliferation vs. Information Control...3

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA compliance audit: Lessons learned apply to dental practices

HIPAA compliance audit: Lessons learned apply to dental practices HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

Somansa Data Security and Regulatory Compliance for Healthcare

Somansa Data Security and Regulatory Compliance for Healthcare Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

HIPAA Email Compliance & Privacy. What You Need to Know Now

HIPAA Email Compliance & Privacy. What You Need to Know Now HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

Addressing Legal Discovery & Compliance Requirements

Addressing Legal Discovery & Compliance Requirements Addressing Legal Discovery & Compliance Requirements A Comparison of and Archiving In today s digital landscape, the legal, regulatory and business requirements for email archiving continue to grow in

More information

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions Table of Contents Introduction... 3 1. Data Backup: The Most Critical Part of any IT Strategy...

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Proofpoint HIPAA Breach Report:

Proofpoint HIPAA Breach Report: Proofpoint HIPAA Breach Report: An Analysis of HITECH Breach Notifications and Settlements, Q1 2013 Healthcare Industry Update threat protection compliance archiving & governance secure communication Contents

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Healthcare Insurance Portability & Accountability Act (HIPAA)

Healthcare Insurance Portability & Accountability Act (HIPAA) O C T O B E R 2 0 1 3 Healthcare Insurance Portability & Accountability Act (HIPAA) Secure Messaging White Paper This white paper briefly details how HIPAA affects email security for healthcare organizations,

More information

HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply

HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply October 18, 2013 ACEDS Membership Benefits Training, Resources and Networking for the ediscovery Community Exclusive News and

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

Best Practices for DLP Implementation in Healthcare Organizations

Best Practices for DLP Implementation in Healthcare Organizations Best Practices for DLP Implementation in Healthcare Organizations Healthcare organizations should follow 4 key stages when deploying data loss prevention solutions: 1) Understand Regulations and Technology

More information

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS

DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS Overview. DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS A comprehensive and consistently applied document retention policy is necessary to reduce the risk of being charged with spoliation

More information

HIPAA/HITECH: A Guide for IT Service Providers

HIPAA/HITECH: A Guide for IT Service Providers HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing

More information

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA/HITECH Compliance Using VMware vcloud Air Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the

More information

Information Governance in the Cloud

Information Governance in the Cloud Information Governance in the Cloud TABLE OF CONTENTS Executive Summary...3 Information Governance: Building a Trusted Foundation for Business Content...5 The Challenge...5 The Solution....5 Content and

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

OCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013

OCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013 ISACA - North Texas Chapter April 11, 2013 Introduction 1 2 Basic components of HIPAA and HITECH legislation HITECH and rising breaches 3 4 OCR HIPAA audits Key findings of the pilot audits 5 Approaches

More information

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer

More information

Bridging the HIPAA/HITECH Compliance Gap

Bridging the HIPAA/HITECH Compliance Gap CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According

More information

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

What s new In the News Data Breach Discussion The 5 W s Risk Analysis: Why, What, how, When, and Who Common Issues Observed Q / A Session Purdue

What s new In the News Data Breach Discussion The 5 W s Risk Analysis: Why, What, how, When, and Who Common Issues Observed Q / A Session Purdue What s new In the News Data Breach Discussion The 5 W s Risk Analysis: Why, What, how, When, and Who Common Issues Observed Q / A Session Purdue Healthcare Advisors The # of data breaches is climbing The

More information

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Presented by Jack Kolk President ACR 2 Solutions, Inc. HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

Security Compliance, Vendor Questions, a Word on Encryption

Security Compliance, Vendor Questions, a Word on Encryption Security Compliance, Vendor Questions, a Word on Encryption Alexis Parsons, RHIT, CPC, MA Director, Health Information Services Security/Privacy Officer Shasta Community Health Center aparsons@shastahealth.org

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates Legal Update February 11, 2013 Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates On January 17, 2013, the Department of Health

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013

Cybersecurity for Meaningful Use. 2013 FRHA Annual Summit Setting the Health Care Table: Politics, Economics, Health November 20-22, 2013 Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,

More information

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why

More information

Joe Dylewski President, ATMP Solutions

Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare

More information

4/10/2015. Beyond Records ediscovery and Information Management. Speaker Bio. Where are we and how did we get here? DISCOVERING "DARK DATA"

4/10/2015. Beyond Records ediscovery and Information Management. Speaker Bio. Where are we and how did we get here? DISCOVERING DARK DATA Beyond Records ediscovery and Information Management DISCOVERING "DARK DATA" Speaker Bio Bill Tolson is the owner of Tolson Communications LLC, an information governance and ediscovery consulting and content

More information

what your business needs to do about the new HIPAA rules

what your business needs to do about the new HIPAA rules what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Regulatory Requirements, and insure a Safe Workplace

Regulatory Requirements, and insure a Safe Workplace Proposal to Healthcare Providers on how to adhere to Regulatory Requirements, and insure a Safe Workplace (Related to Patient Protection and Affordable Care Act PPACA) including: HIPAA, HITECH, ephi, and

More information

Document Imaging Solutions. The secure exchange of protected health information.

Document Imaging Solutions. The secure exchange of protected health information. The secure exchange of protected health information. 2 Table of contents 3 Executive summary 3 The high cost of protected health information being at risk 4 The compliance officer s dilemma: keeping PHI

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment 4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,

More information

NCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup

NCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NCHICA HITECH Act Breach Notification Risk Assessment Tool Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NORTH CAROLINA HEALTHCARE INFORMATION AND COMMUNICATIONS ALLIANCE, INC August

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher

More information

Director, Value Engineering

Director, Value Engineering Director, Value Engineering April 25 th, 2012 Copyright OpenText Corporation. All rights reserved. This publication represents proprietary, confidential information pertaining to OpenText product, software

More information

White Paper. HIPAA-Regulated Enterprises. Paper Title Here

White Paper. HIPAA-Regulated Enterprises. Paper Title Here White Paper White Endpoint Paper Backup Title Compliance Here Additional Considerations Title for Line HIPAA-Regulated Enterprises A guide for White IT professionals Paper Title Here in healthcare, pharma,

More information

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

The benefits you need... from the name you know and trust

The benefits you need... from the name you know and trust The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

HIPAA DATA SECURITY & PRIVACY COMPLIANCE

HIPAA DATA SECURITY & PRIVACY COMPLIANCE HIPAA DATA SECURITY & PRIVACY COMPLIANCE This paper explores how isheriff Cloud Security enables organizations to meet HIPAA compliance requirements with technology and real-time data identification. Learn

More information

2016 OCR AUDIT E-BOOK

2016 OCR AUDIT E-BOOK !! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Meaningful Use and Security Risk Analysis

Meaningful Use and Security Risk Analysis Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?

More information

Data Loss Prevention Program

Data Loss Prevention Program Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional

More information