Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud
|
|
- Eleanor Malone
- 2 years ago
- Views:
Transcription
1 Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud Featuring the results of the Privacy and Security Survey, March 2011
2 Since the passage of the HITECH Act, under the American Recovery and Reinvestment Act of 2009, efforts toward EHR adoption have increased significantly. Eighty-one percent of hospitals expressed their intent to qualify for payments under the Medicare and Medicaid EHR Incentive Programs, with about two-thirds expecting to enroll during the first stage of Meaningful Use (MU) in , according to the 2010 American Hospital Association s Annual Survey Database. A considerable amount of healthcare providers time and resources have been devoted to getting the basic EHR foundation in place. Meeting the objectives and measures for improving quality, safety, efficiency, care coordination, population and public health are getting the most attention within the core set of the Stage 1 MU criteria. While providing adequate privacy and security protections for personal health information is also a core set goal, healthcare providers seem to be only now realizing the need to establish a secure EHR system. As a result of the primary focus on getting EHRs operational, in many cases healthcare providers may have overlooked or ignored putting in place security and privacy protections. This was one of the key findings in a March 2011 Healthcare IT News survey, which was conducted on behalf of Oracle Corporation (Oracle) and Deloitte 1 to determine the knowledge and activity of hospitals and health systems around securing EHRs for achieving both MU compliance and preventing data theft and fraud. Nearly 300 individuals participated, with nearly a third holding the position of IT director or manager. The rest comprised CIOs or CTOs, administrative directors or managers, CMIOs, and privacy and security managers, among others. For the most part, healthcare providers have relied on vendors that support EHR technology to have the appropriate confidentiality, integrity and availability controls in place, said Danny Rojas, senior manager, Security & Privacy services, at Deloitte. In addition, security traditionally has been thought of as an enterprise-level service, separate from the EHR implementation, added Reid Oakes, senior director, Healthcare and Life Sciences Technology Solutions, at Oracle. The HITECH Act and the Patient Protection and Affordability Care Act (PPACA) of 2010 have added more rigor and regulatory pressure to establishing a trust framework for patient data that resides in the EHR, Rojas said. We re now seeing a convergence around the need for security as part of the EHR process, Oakes said. Development Stage for Secure EHRs 11% 38% 6% 7% 16% 16% 6% The EHR Incentive Program Final Rule requires healthcare providers to establish privacy and security protections for confidential information through operating policies, procedures, and technologies and compliance with applicable law, and deliver data-sharing transparency to patients. In addition, it calls for protecting electronic health information created or maintained by the certified EHR technology systems through the deployment of appropriate technical capabilities, which correspond to certification criteria for EHR technology. Secure EHRs comply with the Final Rule, but they also employ robust controls such as multi-level authentication and authorization, identity proofing, patient data access management and fraud detection to help healthcare providers significantly improve their privacy and security practices overall 1. Creating a business case - 7% Discovery/Development stage: Selecting technologies - 16% Deploying a solution - 16% Pilot/Proof of concept - 6% Enterprise-wide adoption of secure EHRs - 38% Limited secure EHR modules in production across specific clinical areas - 11% Other - 6% Striving for Compliance, Yet Critical Mass Lacking on Security For 80 percent of the Healthcare IT News survey respondents, meeting compliance was the highest expectation of achieving meaningful use of EHRs, followed by improved quality of care (71 percent), patient safety (67 percent) and cost savings (43 percent). Only 38 percent of respondents, however, reported that they are currently in the process of enterprise-wide adoption of secure EHRs. While this advanced activity is promising, the percentage of 1 As used in this document, Deloitte means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
3 respondents engaged in implementing a higher level of secure EHRs is low, especially given that qualification for Stage 1 incentive payments began this year. The remaining respondents reported that their organizations are in earlier stages of developing secure EHRs. Only 16 percent of respondents indicated that their organizations are deploying a solution for the development of a secure EHR. Another 16 percent are in the discovery/development stage and as such are in the midst of selecting technologies. Eleven percent have limited secure EHR modules in production across specific clinical areas. Seven percent are in the process of creating a business case, while 6 percent specified other, which included not having a plan at all. Awareness may be prevalent, but these data points suggest that healthcare providers need to act more swiftly. Securing EHRs meets multiple MU criteria, a fact that should spur action on the part of those who are far behind. Driving Adoption, Increasing Efficiency and Decreasing Costs Before clinicians can meaningfully use EHRs, they must overcome the traditional adoption barriers, including cost, lack of usability, productivity loss and workflow disruption. A cumbersome and manually driven privacy and security infrastructure can exacerbate those barriers. According to 59 percent of survey respondents, their healthcare organizations use their helpdesks to manually manage updating access when employees job roles change. Reliance on manual processes, which negatively impacts user experience and drives up IT costs, confirms what Oracle is seeing in the market, Oakes said. The key to the strategy is security should not get in the way of the clinical process, he said. Healthcare providers must not overcomplicate the clinicians environment and instead find easy ways to build, for example, comprehensive models for role assignments. Solving and automating identity creation and management processes, and solidifying those workflows upfront will deliver a seamless EHR experience for clinicians, which will make adoption more feasible and increase patient satisfaction as clinicians spend more time on patients rather than logging on or trying to access applications on their electronic devices, Oakes said. N onetheless, expect the number of healthcare organization participation in HIEs to increase significantly when the exchange of clinical data among separate entities takes on a greater role in stages 2 and 3 MU criteria. REID OAKES Senior Director, Healthcare and Life Sciences Technology Solutions Oracle Automating identity management processes will also save costs during implementation by avoiding increased resources required for manual creation of identities and certification of privileges and roles. If you don t take care of all the identity management and access controls, you can incur costs and increase volume to helpdesks, said Oakes. Lack of controls can give rise to password and single-sign on issues, such as poor password choices. Unless you lock down that part and automate it, you re really just going to shift the cost, he said. Controlling Risks Outside the Enterprise MU criteria require healthcare providers to offer their patients an electronic copy of their health information and be able to exchange key clinical information to improve care coordination. Both criteria involve sending patient data outside of a healthcare provider s
4 ealthcare H providers need to think at an enterprise level about what staff members are doing with the data and create a fraud-detection construct around how people get access to data. enterprise, which demands another level of rigorous privacy and security controls. Less than half of respondents reported that their organizations provide online access to patient records today. While 24 percent use multi-factor authentication to verify user identity or legitimacy of the transaction, 39 percent deploy username and password only to securely register patients for online access. More healthcare providers are granting online access to patient records, to be in compliance with MU. While more robust access controls, such as multi-factor authentication and adaptive access control to monitor user behavior, are not required overall, they are highly recommended especially if healthcare providers believe they are at a higher risk for privacy breaches and data theft. Patient Registration Tactics for Online Access 28.5% 38.7% More than a third of survey respondents share patient data with other organizations over a secure electronic network, and 23 percent use a health information exchange s (HIE) secure electronic network. Many HIEs and regional health information organizations (RHIOs) are still struggling with establishing sustainable business models and achieving critical mass of data-sharing partners whose contributions would create a broader, deeper and richer set of data. These usage numbers are encouraging, signaling HIE s value proposition to healthcare providers. The privacy and security risks and complexities increase, however, as the number of data-sharing partners grows within and outside of HIEs and RHIOs. 1.4% 24.3% 7.0% Username and password on y % Personal attributes [SSN#] - 7.0% Multi-factor authentication % Smart tokens - 1.4% Other % Nonetheless, expect the number of healthcare organization participation in HIEs to increase significantly when the exchange of clinical data among separate entities takes on a greater role in stages 2 and 3 MU criteria, Oakes said. As healthcare providers engage in HIE activity, they will need to deploy information rights management, which helps to ensure that once the data leaves the organization it is properly secured with the appropriate levels of security embedded to prevent data breaches and theft, as in the case of stolen electronic devices. In general security has to become more context aware and more granular to secure private data while allowing clinicians access to data that they need to be productive. Eliminating Privacy Breaches and Data Theft, Detecting Fraud Within the Enterprise Healthcare providers must also implement policies and controls to protect patient data within their four walls. The national media have reported on numerous privacy breaches in which hospital staff inappropriately accessed celebrities EHRs. A well-known Southern California medical center incurred multiple breaches involving the same pop singer in 2005 and More recently, three clinical support staff members at the Tucson University Medical Center were fired in January 2011 after allegedly accessing patient records of victims of the shooting tragedy in Arizona, which included U.S. Representative Gabrielle Giffords (D-AZ). Enabling the right people to see the right data at the right time within the healthcare organization requires robust access control policies and applications. According to the survey, nearly three-fourths of the respondents employ role-based control methods to
5 manage patient data access, followed by 13 percent whose organizations use mandatory access control. More than a third employ multi-factor authentication to perform identity proofing, followed by 27 percent whose organizations provide in-house background checking and 26 percent who deploy knowledge-based authentication. Implementing the right level of security provisioning, entitlement and other controls will ensure healthcare providers are protecting data within their organization. Access management has a major play in how we respond to meaningful use requirements, Oakes said. A security inside-out approach, which Oracle deploys, can help to secure and manage the data where it resides, as well as when it gets pushed out to and beyond the application level. Role-based security controls, internal policies and audit trails can help address privacy breach risks. Healthcare providers should also consider employing preventive and detective approaches to review user access, determine risk, and prevent excessive access to private data. Should a privacy breach occur, healthcare providers can rely on audit trails to identify who improperly accessed patient data and take immediate action dictated by internal policies. Proper policies and technical capabilities that enable a swift response can mitigate damage to and even enhance the healthcare provider s standing, which is critical in today s competitive market. While 62 percent of respondents use security information and event management (SIEM) and 13 percent deploy data leakage prevention tools to protect online patient data, a quarter of respondents have no fraud detection solution in place, which can increase vulnerability to fraud and the risk of noncompliance. Healthcare providers need to think at an enterprise level about what staff members are doing with the data and create a fraud-detection construct around how people get access to data, Oakes said. For example, clinicians as a group would be expected to have access to patient records. However, only clinicians assigned to a patient s care team should have access to that particular patient s record. Historically, identity and security have been managed at the enterprise level. With the adoption of EHRs, healthcare providers need to integrate privacy and security at the clinical application level, but still leverage some enterprise-class services. H ITRUST is really looking to provide common set of prescriptive security requirements that allow multiple healthcare players achieve a common goal relative to their own security posture and to meet HIPAA security rule compliance. MARK FORD Principal, Security & Privacy Services, Healthcare Services Deloitte & Touche LLP Meeting HIPAA and Certification Requirements The HITECH Act increased Heath Insurance Portability and Accountability Act s (HIPAA) data privacy and security requirements and expanded responsibility to business associates of covered entities. With HITECH there will be an increased focus on being able to conduct business in a trusted environment, said Mark Ford, principal, Security & Privacy services, Healthcare Services, at Deloitte & Touche LLP. Sixty-four percent of survey respondents indicated that they are addressing HIPAA and HITECH Act requirements, such as updating business associate agreements and updating privacy practices, to achieve meaningful use. That leaves more than a third not at that stage. For their first step, according to Ford, they should consider conducting a HIPAA security and privacy gap assessment against the updated rules to understand what needs to be fixed in order to be in compliance with the updated and expanded regulations.
6 As a reference point, any entity that handles ephi in the healthcare industry could review HITRUST s (Health Information Trust Alliance) Common Security Framework, a certifiable framework for organizations that create, access, store or exchange personal health information, which Deloitte utilizes as a requirements platform to perform Meaningful Use assessment. HITRUST is really looking to provide common set of prescriptive security requirements that allow multiple healthcare players achieve a common goal relative to their own security posture and to meet HIPAA security rule compliance, Ford said. Furthermore, HITRUST has built its own certification program where each entity can exchange their certifications credentials as opposed to having to conduct continuous security assessments of business associates a true test once and comply many type model. With 44 percent of respondents performing a security risk analysis of their certified EHR technology environment and 34 percent performing self-certification of their EHR technology for security and privacy requirements, healthcare providers are taking on greater responsibilities. Certification of the individual EHR can create additional complexity because it must provide security on multiple levels and also be aligned and integrated with the healthcare organization s overall HIPAA compliance, Ford said. Healthcare providers should avoid, for example, designing a certification control that contradicts efforts of the overall HIPAA compliance program. Bringing Depth and Breadth of IT and Services to Healthcare Providers Overwhelmed with ARRA and PPACA mandates, in conjunction with ICD-10 and 5010 conversions, many healthcare providers are seeking outside specialization to achieve compliance. Deloitte and Oracle are applying their core competencies and collaboration from their seventeen-year alliance to the healthcare industry s challenges. As a full-service professional services company, Deloitte augments its Security and Privacy practice by leveraging its various practices across its member firms, including audit and controls, systems integration, tax and financial advisory. We look at the problem from multiple angles and help clients throughout the lifecycle by understanding the systems and bringing in the specialists, deep technology and business process experience, said Ford. Specific to healthcare, Deloitte is a certified HITRUST assessor for meaningful use, and the company s industry-focused research center, the Deloitte Center for Health Solutions, delivers additional knowledge and understanding of the healthcare industry and trends through its research and policy tracking and monitoring. Employing a security inside-out approach, Oracle covers the entire breadth of security across the implementation and healthcare organization with its suite of comprehensive technologies. Healthcare providers can meet their specific needs with Oracle s modular, pre-integrated solutions, which comply with healthcare standards, complement other healthcare applications, are seamlessly incorporated within the clinician workflow and are flexible enough to meet future industry needs, Oakes said. By combining Deloitte s leading implementation practices and frameworks with Oracle s technologies and integration expertise, the two companies have the potential to deliver broad and deep solutions to the healthcare industry s most critical and pressing issues. Deloitte Statement This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. In addition, this document contains the results of a survey conducted by a third party on behalf of Deloitte. The information obtained during the survey was taken as is and was not validated or confirmed by Deloitte. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this document. Copyright 2011 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited About Oracle Oracle is the world s most complete, open, and integrated business software and hardware systems company. For more information about Oracle, please visit our Web site at Produced by MedTech Media Custom Group, All rights reserved. 71 Pineland Drive, Suite 203 New Gloucester, ME
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
The Medicare and Medicaid EHR incentive
Feature The Meaningful Use Program: Auditing Challenges and Opportunities Your pathway to providing value By Phyllis Patrick, MBA, FACHE, CHC Meaningful Use is an area ripe for providing value through
VASCO: Compliant Digital Identity Protection for Healthcare
VASCO: Compliant Digital Identity Protection for Healthcare Compliant Digital Identity Protection for Healthcare The proliferation of digital patient information and a surge in government regulations are
Bridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
HIPAA regulation: The challenge of integrating compliance and patient care
HIPAA regulation: The challenge of integrating compliance and patient care January 2016 Contents Introduction 3 HIPAA s technology neutral structure 3 creates opportunity and challenge Compliance can pave
Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
HIPAA and HITRUST - FAQ
A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are
The Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
Provide access control with innovative solutions from IBM.
Security solutions To support your IT objectives Provide access control with innovative solutions from IBM. Highlights Help protect assets and information from unauthorized access and improve business
REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI
REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,
THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE
THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve
How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States
How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:
Secure Endpoint Management. Presented by Kinette Crain and Brad Lewis
Secure Endpoint Management Presented by Kinette Crain and Brad Lewis Brad Lewis Brad Lewis - Service Specialist 14 years of IT experience In-House Support Manager Network Administrator Assessing Risk:
Achieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On
Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On Achieving HIPAA and HITECH Compliance with Enterprise Single Sign-On 1 TABLE OF CONTENTS The Challenges of HIPAA and HITECH Compliance
CA Technologies Healthcare security solutions:
CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA
Compliance, Incentives and Penalties: Hot Topics in US Health IT
Compliance, Incentives and Penalties: Hot Topics in US Health IT Table of Contents Introduction... 1 The Requirements... 1 PCI HIPAA ARRA Carrot and Stick How does third party assurance fit into the overall
Identity: The Key to the Future of Healthcare
Identity: The Key to the Future of Healthcare Chief Medical Officer Anakam Identity Services July 14, 2011 Why is Health Information Technology Critical? Avoids medical errors. Up to 98,000 avoidable hospital
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.
CMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM
CMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator
HIGH-ASSURANCE ID VERIFICATION BALANCES HEALTHCARE DATA SECURITY AND ACCESS
HIGH-ASSURANCE ID VERIFICATION BALANCES HEALTHCARE DATA SECURITY AND ACCESS INTEGRATED AUTHENTICATION IMPROVES PRODUCTIVITY FOR ALL STAKEHOLDERS WITH SYNCHRONOSS UNIVERSAL ID SYNCHRONOSS UNIVERSAL ID FOR
Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act
Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Are your authentication, access, and audit paradigms up to date? Table of Contents Synopsis...1
Sunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare
Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare WHITEPAPER Executive Summary As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful option
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents
Authorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
Secure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion
In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
provide funding as an incentive to
HEALTH CARE INSIDER VOLUME 6 :: ISSUE 1 In This Issue: Electronic Health Records Benefits And Concerns ELECTRONIC HEALTH RECORDS BENEFITS AND CONCERNS INTRODUCTION As the new year begins, the health care
Cybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
Meaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM. www.getrealhealth.com
www.getrealhealth.com Meaningful Use Overview We are at the forefront of the patient engagement era. The American Recovery and Reinvestment Act of 2009 included the Health Information Technology for Economic
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
WHITEPAPER HOW MUCH COMPLIANCE DOES YOUR EHR UNDERSTAND?
WHITEPAPER HOW MUCH COMPLIANCE DOES YOUR EHR UNDERSTAND? 1 INTRODUCTION Process regulations and compliance have been the major gauges brought in by regulatory authorities in U.S. to ensure that hospitals
Healthcare Information Security Today
Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare
Achieving meaningful use of healthcare information technology
IBM Software Information Management Achieving meaningful use of healthcare information technology A patient registry is key to adoption of EHR 2 Achieving meaningful use of healthcare information technology
Legal billing and predictive coding A fresh way to assess your legal spend
Legal billing and predictive coding A fresh way to assess your legal spend The legal technology industry didn t really come through with its promise of useful real-time analytics on a phase and activity
View the Replay on YouTube. Sustainable HIPAA Compliance: Enhancing Your Epic Reporting. FairWarning Executive Webinar Series October 17, 2013
View the Replay on YouTube Sustainable HIPAA Compliance: Enhancing Your Epic Reporting FairWarning Executive Webinar Series October 17, 2013 Today s Panel Chris Arnold FairWarning VP of Product Management
HIPAA Summit. March 10, 2011. Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC
HIPAA Summit March 10, 2011 Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC The Secretary shall provide for periodic audits to ensure that covered entities and business associates
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments
View the Replay on YouTube Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments FairWarning Executive Webinar Series October 31, 2013 Today s Panel Chris Arnold
Joe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
Privacy for Healthcare Data in the Cloud - Challenges and Best Practices
Privacy for Healthcare Data in the Cloud - Challenges and Best Practices Dr. Sarbari Gupta sarbari@electrosoft-inc.com 703-437-9451 ext 12 Cloud Standards Customer Council (CSCC) Cloud Privacy Summit Electrosoft
MU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Advisor, Health Information Trust Alliance 2011-2014 HITRUST LLC, Frisco,
Opportunities for Medicaid to Invest in HIT. Shannah Koss, Principal Koss on Care LLC
Opportunities for Medicaid to Invest in HIT Shannah Koss, Principal Koss on Care LLC Topics Key HIT components in the ARRA What is happening in state Medicaid programs today? Challenges and opportunities
AT&T Healthcare Community Online: Enabling Greater Access with Stronger Security
AT&T Healthcare Community Online: Enabling Greater Access with Stronger Security Overview/Executive Summary With a nationwide move to electronic health record (EHR) systems, healthcare organizations and
HITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the Meaningful Use Privacy and Security Risk Assessment September 2010 Table of Contents Regulatory Background CSF Assurance Program Simplifying the Risk Assessment
Securing Patient Portals
Securing Patient Portals What you need to know to comply with HIPAA Omnibus and Meaningful Use Brian Selfridge, Partner, Meditology Services, LLC Blake Sutherland, VP Enterprise Business, Trend Micro Brian
Impact of Healthcare Regulations on the Data Center
Executive Report Impact of Healthcare Regulations on the Data Center Impact of Healthcare Regulations The HIPAA and HITECH acts, along with the Affordable Care Act, are changing the face of the healthcare
Feature. Log Management: A Pragmatic Approach to PCI DSS
Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who
Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014
Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright
SAP Cloud Infrastructure Services Guiding you through your cloud journey
SAP Cloud Infrastructure Services Guiding you through your cloud journey Leveraging the cloud for your SAP environment offers an opportunity to fundamentally transform how your organization operates. If
Produced by the Deloitte Center for Health Solutions. Issue Brief: Physician perspectives about health information technology
Produced by the Deloitte Center for Health Solutions Issue Brief: Physician perspectives about health information technology 2 Foreword The national debate around health care reform and the quest for a
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
EXECUTIVE REPORT. Why Healthcare Providers Seek Out New Ways To Manage and Utilize Big Data
EXECUTIVE REPORT Why Healthcare Providers Seek Out New Ways To Manage and Utilize Big Impact of Healthcare Regulations on the Center The HIPAA and HITECH acts, along with the Affordable Care Act, are changing
Consumer products analytics The three-minute guide
Consumer products analytics The three-minute guide Consumer products analytics The three-minute guide 1 Why it matters now Category captains are no longer enough. Retailers are looking for insight captains.
Pulling it all together: Integrated Solutions for Governance, Risk and Compliance
Customer Practice Profile Pulling it all together: Integrated Solutions for Governance, Risk and Compliance The business case for a new enterprise approach to GRC Integrated solutions for Governance, Risk
The Brave. New World of Healthcare Correspondence. Harnessing the Power of SaaS to Safeguard Patient Data. White paper
The Brave New World of Healthcare Correspondence Harnessing the Power of SaaS to Safeguard Patient Data Background The passage of HIPAA in 1996 introduced seismic changes to the way healthcare providers
Preemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
Making Mobility Matter in Healthcare Data Security
Making Mobility Matter in Healthcare Data Security Four Critical Tactics Security in Transition Executive Summary Mobile device usage in healthcare facilities has increased significantly in recent years,
Secure HIPAA Compliant Cloud Computing
BUSINESS WHITE PAPER Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment Step-by-Step Guide for Choosing
Enterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply
HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply October 18, 2013 ACEDS Membership Benefits Training, Resources and Networking for the ediscovery Community Exclusive News and
Key Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
5 Things to Look for in a Cloud Provider When it Comes to Security
5 Things to Look for in a Cloud Provider When it Comes to Security In This Paper Internal technology services that lack resources, rigor or efficiencies are prime candidates for the cloud Understand the
Well-Documented Controls Reduce Risk and Support Compliance Initiatives
White Paper Risks Associated with Missing Documentation for Health Care Providers Well-Documented Controls Reduce Risk and Support Compliance Initiatives www.solutionary.com (866) 333-2133 Many Health
Third Party Security: Are your vendors compromising the security of your Agency?
Third Party Security: Are your vendors compromising the security of your Agency? Wendy Nather, Texas Education Agency Michael Wyatt, Deloitte & Touche LLP TASSCC Annual Conference 3 August 2010 Agenda
Meaningful Use and Core Requirement 15
Meaningful Use and Core Requirement 15 How can I comply the lack of time and staff... www.compliancygroup.com 1 Meaningful Use and Core Requirement 15 Meaningful Use Protection of Protected Health Information
Analytics for Shared Services The three-minute guide
Analytics for Shared Services The three-minute guide Don t squint. Select the full-screen option to view at full size. Analytics for Shared Services The three-minute guide 1 2 Why it matters now You may
Breaking the Code to Interoperability
01 03 02 04 Breaking the Code to Interoperability Clearing the path to a true healthcare system 05 Executive Summary: To say that world-class healthcare and state-of-the-art technology don t automatically
FIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper
ARRA HITECH Stimulus HIPAA Security Compliance Reporter White Paper ARRA HITECH AND ACR2 HIPAA SECURITY The healthcare industry is in a time of great transition, with a government mandate for EHR/EMR systems,
Protecting your brand in the cloud Transparency and trust through enhanced reporting
Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business
Can You be HIPAA/HITECH Compliant in the Cloud?
Can You be HIPAA/HITECH Compliant in the Cloud? Background For the first 10 years of its existence, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was a toothless tiger. Although
Deloitte Analytics. Trusting big data: Perspective on data governance as a customer analytics investment
Deloitte Analytics Trusting big data: Perspective on data governance as a customer analytics investment Many companies are investing significant amounts in customer analytics to drive their business and
Outsourcing MPI Management to Reduce Costs and Improve Data Integrity
Outsourcing MPI Management to Reduce Costs and Improve Data Integrity WHITE PAPER Just Associates, Inc. Phone: (303) 693 4727 www.justassociates.com July 2011 2011 Just Associates, Inc. All rights reserved.
Ross D. Seymour, MTPM
Health Care Reform and Funding Incentives Ross D. Seymour, MTPM HIPAA Certified Project Manager Orange, California Disclosure This presentation was current at the time it was published. Medicare policy
HIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
Auto insurance telematics The three-minute guide
Auto insurance telematics The three-minute guide Auto insurance telematics The three-minute guide 1 Why it matters now Telematics is upending the auto insurance world After considerable industry buzz,
2009 HIMSS Security Survey
2009 HIMSS Security Survey Statement to the HIT Standards Committee Privacy and Security Workgroup Lisa Gallagher, BSEE, CISM, CPHIMS Healthcare Information and Management Systems Society Secretary Chopra,
Objectives 5/5/2015. Quality Health Associates (QHA) of ND
Privacy and Security: HIPAA/HITECH/Meaningful Use Looking Back, Forging Ahead Patti Kritzberger, RHIT, CHPS Quality Health Associates of North Dakota HIT/Quality Improvement Specialist Quality Health Associates
REMOTE ACCESS TO A HEALTHCARE FACILITY AND THE IT PROFESSIONAL S OBLIGATIONS UNDER HIPAA AND THE HITECH ACT
REMOTE ACCESS TO A HEALTHCARE FACILITY AND THE IT PROFESSIONAL S OBLIGATIONS UNDER HIPAA AND THE HITECH ACT ARE YOUR AUTHENTICATION, ACCESS, AND AUDIT PARADIGMS UP TO DATE? BY KERRY ARMSTRONG, PRIVACY,
Consulting Services for Dentists to Reach Stage 1 Meaningful Use July 16, 2015
Consulting Services for Dentists to Reach Stage 1 Meaningful Use July 16, 2015 Today s presenters: Thomas Bennett, Client Services Relationship Manager Elisabeth Renczkowski, Content Specialist Agenda
EHR Implementation Best Practices. EHR White Paper
EHR White Paper EHR Implementation Best Practices An EHR implementation that increases efficiencies versus an EHR that is underutilized, abandoned or replaced. pulseinc.com EHR Implementation Best Practices
2/27/2014. Meaningful Use as it Relates to HIPAA Compliance. Objectives and Agenda. Understand the statutory and regulatory background and purpose
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
Health Information Technology. Services. How Hospitals Can Enhance Physician Alignment by Offering HIE and EHR Technologies
Services Health Information Technology How Hospitals Can Enhance Physician Alignment by Offering HIE and EHR Technologies Table of Contents Executive Summary...3 Past Challenges, New Opportunities...3
HIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture
BladeLogic Software-as-a- Service (SaaS) Solution Help reduce operating cost, improve security compliance, strengthen cybersecurity posture February 20, 2014 Contents The Configuration Security Compliance
Finding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
April 3, 2015. Re: Request for Comment: ONC Interoperability Roadmap. Dear Dr. DeSalvo:
Karen DeSalvo, M.D., M.P.H., M.Sc. Acting Assistant Secretary for Health National Coordinator for Health Information Technology U.S. Department of Health and Human Services 200 Independence Avenue, S.W.,
Somansa Data Security and Regulatory Compliance for Healthcare
Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,
NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation
NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation Market Offering: Package(s): Oracle Authors: Rick Olson, Luke Tay Date: January 13, 2012 Contents Executive summary
BRAVE NEW WORLD: OVERCOMING NEW HEALTHCARE CHALLENGES WITH TOP IT TALENT
HEALTHCARE CHALLENGES WITH TOP IT TALENT Massive change is on the horizon for your healthcare organization in fact, it has probably already started. For years, industry organizations have departmentalized
Conducting due diligence and managing cybersecurity in medical technology investments
Conducting due diligence and managing cybersecurity in medical technology investments 2015 McDermott Will & Emery LLP. McDermott operates its practice through separate legal entities in each of the countries
The CIO s Guide to HIPAA Compliant Text Messaging
The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially
CHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
emipp Extending Medicaid Connectivity for Managing EHR Incentive Payments Overview
Extending Medicaid Connectivity for Managing EHR Incentive Payments JANUARY 2011 Registration for EHR Incentive Program begins APRIL 2011 Attestation for the Medicare EHR Incentive Program begins NOVEMBER