MEANINGFUL USE DESK AUDIT

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "MEANINGFUL USE DESK AUDIT"

Transcription

1 MEANINGFUL USE DESK AUDIT October 2015 Protect Electronic Health Information HIPAA Risk Management 1680 E. Joyce Blvd Fayetteville, AR (800) Copyright 2015 by HRM Services, Inc. All rights reserved.

2 Meaningful Use Desk Audit P R O T E C T E L E C T R O N I C H E A L T H I N F O R M A T I O N FORWARD Don t wait until you ve received an audit notice prepare your audit documentation before you complete your attestation. Not only is it easier to make sure that you have everything documented, you will be prepared if you get selected for a pre-payment audit. The pre-payment audits require you to pass the desk audit before you receive your incentive payment 1. This audit guide is intended to help you identify what information should be documented and how it should be documented for Meaningful Use attestation for the Protect Electronic Health Information Objective. Remember: one in 20 providers will likely be subject to a meaningful use desk audit 2 and 1 in 4 audited fail the audit. The most common failure for failing an audit is insufficient documentation for HIPAA: the Protect Electronic Health Information Objective. We hope that the information presented will help you avoid a delay in, or forfeiture of, your incentive payment. This guide is provided as-is, with no warranty or implied liability, and does not imply a guarantee of meaningful use incentive or a successful meaningful use audit. While our team has included helpful tips for the documentation process based on hands-on experience assisting clients with preparing desk audit documentation, nothing in this guide is intended as legal advice. If you have any questions about the information presented, please feel free to contact us. We can be reached at (800) Sincerely, The HIPAA Risk Management Team Guidance/Legislation/EHRIncentivePrograms/Downloads/EHR_Audit_Overview_FactSheet.pdf 2 Robert Anthony, Deputy Director of the Health IT Initiatives Group at CMS' Office of e-health Standards and Services Page 1

3 MEANINGFUL USE DESK AUDIT OVERVIEW Process and Notification Beginning in 2013, the Centers for Medicare and Medicaid Services (CMS) began pre-payment audits that included random audits, as well as audits that target suspicious or anomalous data. 3 States were also instructed to implement a similar audit process for incentive payments made under the Medicaid meaningful use program. If you are selected for an audit for the Medicare incentive program, you will receive an initial request letter from the auditor. The request letter will be sent electronically from a CMS address and will include the audit contractor s contact information. To see an example of an audit notification letter, go to the CMS website: Guidance/Legislation/EHRIncentivePrograms/Downloads/SampleAuditLetter.pdf For Medicaid incentive program audits, contact your State Medicaid Agency to find out how you will be notified and who will be conducting the audit. Before sending any protected and sensitive information, verify that the audit notice is authentic and the contact information for the audit documentation and response. Instructions and Deadlines The audit notice will include detailed instructions on what needs to be provided, documentation format, delivery of response, and response deadline. Make sure you do not miss the deadline specified in the notification. If sending your documentation by mail, be sure to use a method that will provide you with confirmation and documentation of receipt. It is also a good idea to notify the auditor when you are sending your reply and confirming the receipt once the documentation has been delivered. Always follow the auditor s instructions, and verify your response is complete and delivered on time. 3 Guidance/Legislation/EHRIncentivePrograms/Downloads/EHR_SupportingDocumentation_Audits.pdf Page 2

4 Appeal Process Meaningful Use Desk Audit If you receive a desk audit decision that you believe is in error, you can appeal the decision. Medicare eligible professionals (EPs) should file appeals with CMS, while Medicaid eligible professionals should contact their State Medicaid Agency for information about filing an appeal. 4 To file an appeal with CMS, you must fill out the appeal request form and provide additional documentation related to the justification for the appeal. Remember, CMS will not review appeal documentation for providers who failed to respond to the auditor s request for documentation, so make sure you have your audit documentation ready when you attest. 4 Page 3

5 STEP ONE: CREATING AN AUDIT BINDER AND FILE Creating a single location for all of your meaningful use documentation will make it easier to respond to a desk audit and allow you to verify that you have the necessary documentation for each objective. You don t have to keep it in a binder, but for the purposes of this guide, the single location for your audit documentation will be referred to as your audit binder. You should also keep a digital copy of your audit documentation, which may include: Scanned or electronic copy of the audit binder documents s including header information from public health agencies for transmission objectives Backup of EHR data Remember, if any of your audit documentation includes patient names, medical record numbers or other identifiable protected health information, you must comply with your HIPAA policies and procedures to protect that data from unauthorized access or disclosure, including encryption. Documentation Requirements All documentation should include the following: The date the report/file was created Practice/clinic name and provider name (if applicable) or Hospital name Start and end date of the report data Source of the data (such as system/application or external organization) Multiple Systems Some eligible professionals may practice at multiple locations or clinics, which may require reporting from multiple systems. Verify that you have document for all applicable systems and sources. Page 4

6 STEP TWO: REVIEWING THE OBJECTIVE Meaningful Use Desk Audit Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a)(1), including addressing the encryption/security of data stored in CEHRT [Certified Electronic Health Record Technology] in accordance with requirements under 45 CFR (a)(2)(iv) and 45 CFR (d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process - Meaningful Use Core Measure Stage 2: Protect Electronic Health Information Do You Need a New Risk Analysis for this Reporting Period? Unless you have an ongoing Risk Management Plan that includes assessment and monitoring of HIPAA security policies throughout the year, you may need to perform a Risk Analysis for the current reporting period. Also, you may need to perform a Risk Analysis if: You have not performed a Risk Analysis since upgrading to the certified electronic health record system for Stage 2 You have not documented your analysis of all data at rest (encryption) as part of your Risk Analysis You do not have a Compliance Analysis that documents your compliance with each of the standards and implementation specifications in the HIPAA Security Rule as part of your Risk Analysis You do not have a Threat Analysis that documents the Likelihood, Impact, and Risk from natural, human, and environmental threats such as lost/stolen device, malware (computer virus), etc., as part of your Risk Analysis Common Misconception: Risk Analysis for Meaningful Use Only Needs to Cover your CEHRT data FALSE. The objective states that your risk analysis must include data created by your CEHRT, not that the risk analysis is limited to this data. In accordance with the requirements means that you must perform a full HIPAA Risk Analysis. Is the Risk Assessment from my EHR Vendor Enough? NO. A Risk Assessment is only part of what is required for a HIPAA Risk Analysis. In addition to a comprehensive assessment, review of your information systems and the security measures currently in place, your HIPAA Risk Analysis must also include a Compliance Analysis and Threat Analysis. COMPLIANCE ANALYSIS In order to meet the requirements of the objective for correcting deficiencies, your Risk Analysis must include each standard and implementation specification in the HIPAA Security Rule and your compliance status for each. Page 5

7 THREAT ANALYSIS In the guidance published by the Department of Health and Human Services for performing a risk analysis Guidance on Risk Analysis Requirements under the HIPAA Security Rule it includes Vulnerability is defined in NIST SP as [a] flaw or weakness in system security procedures, design, implementation, (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system s security policy. or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system s security policy. Threat: An adapted definition of threat, from NIST SP , is [t]he potential for a person or thing to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. There are several types of threats that may occur within an information system or operating environment. Threats may be grouped into general categories such as natural, human, and environmental. Examples of common threats in each of these general categories include: o Natural threats may include floods, earthquakes, tornadoes, and landslides. o Human threats are enabled or caused by humans and may include intentional (e.g., network and computer based attacks, malicious software upload, and unauthorized access to EPHI) or unintentional (e.g., inadvertent data entry or deletion and inaccurate data entry) actions. o Environmental threats may include power failures, pollution, chemicals, and liquid leakage. For each of these threats, you must determine the: Likelihood of the threat occurrence Impact of the threat occurrence Level of Risk If you don t have a Threat Analysis that includes the Likelihood, Impact, and Risk Level of specific threats, such as lost/stolen device or malware (computer virus), you do not have a complete Risk Analysis. ADDRESSING ENCRYPTION/DATA STORED IN CEHRT FOR STAGE 2 Within your Risk Analysis and Threat Analysis, you must identify where all data that is created, maintained, or transmitted by your CEHRT is stored throughout your organization. This may include computers, mobile devices, removable media, other information systems and applications (if integrated with other systems), and backup files. Your CEHRT should provide you with a document concerning the encryption of the data created by your CEHRT, but you need to also assess your use of the system and data within your organization. Addressing Deficiencies If you are not in compliance with any required standards or implementation specifications or you plan to mitigate any high levels of risk, you must have a corrective action plan in place before the end of your Page 6

8 reporting period. Your Corrective Action Plan, which may be part of your implementation plan, should include the following: Specific security measure (or task to implement measure) Person/department assigned to perform Date security measure (or task to implement measure) was assigned Person who implemented or verified security measure (if completed) Date/time security measure was implemented/completed (if completed) Risk Management All covered entities are required to have an ongoing risk management process, usually called a Risk Management Plan. The Risk Management Plan will include periodic tasks that are performed to ensure your policies and procedures are being followed, such as verifying that all computers have the latest operating system security update installed. HRM s Online HIPAA Security Manager Is your process incomplete? Do you have the documentation you need for Meaningful Use? We can help! Contact us today to find out how our Online HIPAA Security Manager (OHSM) can provide a comprehensive HIPAA Security Compliance Program for as low as $199 a month. You can cancel at any time, and we offer a 30-day money back guarantee. All of the documentation described in the Protect Electronic Health Information/HIPAA Security objective section can be generated in a few clicks. YOU CAN T COMPLETE YOUR HIPAA PROGRAM FOR MEANINGFUL USE IN A FEW DAYS. YOU MUST GET STARTED TODAY IN ORDER TO COMPLETE THE OBJECTIVE BEFORE THE DECEMBER 31, 2015 DEADLINE. Page 7

9 STEP THREE: GATHERING DOCUMENTATION Always follow the instructions from the audit request for providing documentation for your meaningful use objectives. Risk Analysis You may not want to submit your entire Risk Analysis Report, unless specifically requested to do so. Your Risk Analysis may include confidential information about your information systems, security, and practice. If your Risk Analysis was performed by a 3 rd party, request a Risk Analysis executive summary report that includes the following: Covered entity for which the Risk Analysis was performed Date Risk Analysis was performed Organization and/or person performing the Risk Analysis, including specific credentials or experience to perform a Risk Analysis Methodology used to perform the Risk Analysis, such as NIST SP Guide for Implementing HIPAA Summary of how you are addressing the of encryption/data stored in CERHT Compliance status (meets/does not meet) of all standards and implementation specifications or a Compliance Summary Likelihood, impact and risk of threats analyzed or a Threat Summary If you performed your Risk Analysis, create the Risk Analysis executive summary including all of the information noted above as well as the specific toolkit or other resource used to perform the Risk Analysis. In many cases, auditors will request the details mentioned above instead of the entirety of your Risk Analysis documentation. Addressing Deficiencies You may not want to submit your entire Corrective Action Plan, unless specifically requested to do so, as it may include confidential information about your information systems, security, and practice. For your audit documentation, create a Corrective Action Plan Summary that includes: Name of the HIPAA Security Officer Date plan was approved by the HIPAA Security Officer Security Measure Summary (what security measures are to be implemented) Estimated date the corrective action will be completed In many cases, auditors will request the details mentioned above instead of the entirety of your Corrective Acton plan documentation. Page 8

10 Risk Management Meaningful Use Desk Audit You may not wish to submit your entire Risk Management Plan, unless specifically requested to do so. For your audit documentation, create a Risk Management Plan Summary that includes: Name of the HIPAA Security Officer Date plan was approved by the HIPAA Security Officer List of policies verified by the Risk Management Plan Page 9

11 ONLINE HIPAA SECURITY MANAGER GET IN AND STAY IN COMPLIANCE. HIPAA SECURITY COMPLIANCE MADE SIMPLE Risk Analysis COMPREHENSIVE RISK ANALYSIS Policies & Procedures CUSTOMIZED TO YOUR PRACTICE, NOT TEMPLATES Ongoing Management MONITORING AND AUDITING HIPAA COMPLIANCE Documentation HIPAA ACTIVITIES DOCUMENTED WITH A FEW CLICKS (MEANINGFUL USE) Training ONLINE HIPAA SECURITY TRAINING FOR STAFF Experts HIPAA SECURITY EXPERTS READY TO HELP Without expert help and tools to manage your HIPAA security compliance, how many staff hours would it take to document your compliance and respond to a HIPAA incident? With the right tool, you can get in and stay in compliance. With our Online HIPAA Security Manager, practice owners can see if they are in compliance at any time. Don t wait until it is too late to get your staff the tool they need protect your practice. Page 10

Guidance on Risk Analysis Requirements under the HIPAA Security Rule

Guidance on Risk Analysis Requirements under the HIPAA Security Rule Guidance on Risk Analysis Requirements under the HIPAA Security Rule Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.

More information

HIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics

HIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

What is required of a compliant Risk Assessment?

What is required of a compliant Risk Assessment? What is required of a compliant Risk Assessment? ACR 2 Solutions President Jack Kolk discusses the nine elements that the Office of Civil Rights requires Covered Entities perform when conducting a HIPAA

More information

How to Leverage HIPAA for Meaningful Use

How to Leverage HIPAA for Meaningful Use How to Leverage HIPAA for Meaningful Use The overlap between HIPAA and Meaningful Use requirements 2015 SecurityMetrics How to Leverage HIPAA for Meaningful Use 2 About this ebook Who should read this

More information

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE

More information

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.

More information

Can Your Diocese Afford to Fail a HIPAA Audit?

Can Your Diocese Afford to Fail a HIPAA Audit? Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous

More information

Strategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager

Strategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager Strategies for 1 Proactively Auditing HIPAA Security Compliance to Mitigate Risk Matt Jackson, Director Kevin Dunnahoo, Manager AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org

More information

HIPAA: Compliance Essentials

HIPAA: Compliance Essentials HIPAA: Compliance Essentials Presented by: Health Security Solutions August 15, 2014 What is HIPAA?? HIPAA is Law that governs a person s ability to qualify immediately for health coverage when they change

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?

More information

Meaningful Use Audits. NextGen Physician Consulting Services

Meaningful Use Audits. NextGen Physician Consulting Services Meaningful Use Audits NextGen Physician Consulting Services Agenda Audit Overview Documentation for measures requiring numerator and denominator data Documentation for attestation only measures Security

More information

Preparing for HIPAA and Meaningful Use Compliance Audits

Preparing for HIPAA and Meaningful Use Compliance Audits Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com

More information

STATE MEDICAID ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM STAGE 1 AND 2 ATTESTATION REFERENCE GUIDE WITH FLEXIBILITY

STATE MEDICAID ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM STAGE 1 AND 2 ATTESTATION REFERENCE GUIDE WITH FLEXIBILITY STATE MEDICAID ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM STAGE 1 AND 2 ATTESTATION REFERENCE GUIDE WITH FLEXIBILITY ELIGIBLE PROFESSIONALS AHCCCS 801 East Jefferson Street Phoenix, Arizona 85034 (602)417-4000

More information

Making Sense of Meaningful Use: Stage 2. Purdue Research Foundation

Making Sense of Meaningful Use: Stage 2. Purdue Research Foundation Making Sense of Meaningful Use: Stage 2 1 Who are we? Purdue Healthcare Advisors (PHA)*, a business unit of Purdue University, specializes in affordable assistance to organizations that share our passion

More information

Risk Management Guide for Information Technology Systems. NIST SP800-30 Overview

Risk Management Guide for Information Technology Systems. NIST SP800-30 Overview Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve

More information

Ready for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP

Ready for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP Ready for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? You receive a phone call from your CEO. They just received

More information

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives

Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)

More information

Medicaid EHR Incentive Program Updates ehealth Services and Support September 24, 2014

Medicaid EHR Incentive Program Updates ehealth Services and Support September 24, 2014 Medicaid EHR Incentive Program Updates ehealth Services and Support September 24, 2014 Today s presenter: Nicole Bennett, Provider Enrollment and Verification Manager Goals and Objectives Goals of today

More information

Who are we? *Founded in 2005 by Purdue University, the Regenstrief Center for Healthcare Engineering, and the Indiana Hospital Association.

Who are we? *Founded in 2005 by Purdue University, the Regenstrief Center for Healthcare Engineering, and the Indiana Hospital Association. Who are we? Purdue Healthcare Advisors (PHA)*, a business unit of Purdue University, specializes in affordable assistance to organizations that share our passion for healthcare transformation. We bring

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

Meaningful Use Crosswalk to the Security Rule

Meaningful Use Crosswalk to the Security Rule Meaningful Use Crosswalk to the Security Rule Safeguarding Health Information: Building Assurance through HIPAA Security June 7, 2012 Adam H. Greene, J.D., M.P.H. Partner, Davis Wright Tremaine EHR Certification

More information

Meaningful Use Audit: A Quick Reference For Certified EHR Eligible Professionals. www.revenuexl.com

Meaningful Use Audit: A Quick Reference For Certified EHR Eligible Professionals. www.revenuexl.com Meaningful Use Audit: A Quick Reference For Certified EHR Eligible Professionals www.revenuexl.com CONTENTS Meaningful Use Audit : What Physicians Must Expect from it? 1 Meaningful Use Audit : An Essential

More information

HIPAA Security Risk Analysis and Risk Management Methodology with Step-by-Step Instructions

HIPAA Security Risk Analysis and Risk Management Methodology with Step-by-Step Instructions HIPAA Security Risk Analysis and Risk Management Methodology with Step-by-Step Instructions Bob Chaput, MA, CHP, CHSS, MCSE 1 Table of Contents Table of Contents... 2 Introduction... 3 Regulatory Requirement...

More information

HIPAA Compliance Review Analysis and Summary of Results

HIPAA Compliance Review Analysis and Summary of Results HIPAA Compliance Review Analysis and Summary of Results Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) Reviews 2008 Table of Contents Introduction 1 Risk

More information

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations

More information

Semi-Annual Blueprint Conference October 20, 2014

Semi-Annual Blueprint Conference October 20, 2014 Semi-Annual Blueprint Conference October 20, 2014 Heather EJ Kendall, PhD Medicaid Operations Administrator EHR Incentive Program Audit Lead VT Department of Health Access Incentive program audit background

More information

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health

More information

Audit Alert: Are You Prepared? You Have A Good Chance of Being Selected

Audit Alert: Are You Prepared? You Have A Good Chance of Being Selected Audit Alert: Are You Prepared? You Have A Good Chance of Being Selected HIT Summit July 26, 2014 Lee Castonguay Hawaii Pacific Regional Extension Center lcastonguay@hawaiihie.org Or How to keep your incentive

More information

Electronic Health Records: Issues, Concerns, and Best Practices

Electronic Health Records: Issues, Concerns, and Best Practices Electronic Health Records: Issues, Concerns, and Best Practices Financial Disclosures Paul Larson is a Senior Consultant with Corcoran Consulting Group. He acknowledges a financial interest in the subject

More information

Medicare & Medicaid EHR Incentive Programs Elizabeth S. Holland, MPA Director, HIT Initiatives Group Office of E-Health Standards & Services, CMS

Medicare & Medicaid EHR Incentive Programs Elizabeth S. Holland, MPA Director, HIT Initiatives Group Office of E-Health Standards & Services, CMS Medicare & Medicaid EHR Incentive Programs Elizabeth S. Holland, MPA Director, HIT Initiatives Group Office of E-Health Standards & Services, CMS Program Progress Registered Eligible Hospitals 5.33% 94.67%

More information

How to Use the NYeC Privacy and Security Toolkit V 1.1

How to Use the NYeC Privacy and Security Toolkit V 1.1 How to Use the NYeC Privacy and Security Toolkit V 1.1 Scope of the Privacy and Security Toolkit The tools included in the Privacy and Security Toolkit serve as guidance for educating stakeholders about

More information

Stage 2 EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2014

Stage 2 EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2014 Stage 2 EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2014 Overview Providers who receive an EHR incentive payment for Stage 2 of the Medicare or Medicaid EHR Incentive

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Meaningful Use and Security Risk Analysis

Meaningful Use and Security Risk Analysis Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

STATE MEDICAID ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM STAGE 1 AND 2 ATTESTATION REFERENCE GUIDE

STATE MEDICAID ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM STAGE 1 AND 2 ATTESTATION REFERENCE GUIDE STATE MEDICAID ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM STAGE 1 AND 2 ATTESTATION REFERENCE GUIDE ELIGIBLE PROFESSIONALS AHCCCS 801 East Jefferson Street Phoenix, Arizona 85034 (602)417-4000 www.azahcccs.gov

More information

AGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED

AGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED Michael Almvig Skagit County Information Services Director 1 AGENDA 1 2 HIPAA How Did Privacy The Breach Happen? HIPAA Incident Security Response 3 Corrective Action Plan 4 What We Learned Questions? ACRONYMS

More information

OIG Security Audit: What You Need To Know

OIG Security Audit: What You Need To Know Watch the Replay on YouTube OIG Security Audit: What You Need To Know Executive Series Webinar July 23rd, 2015 Today s Speakers Elana R. Zana Attorney & Author Ogden Murphy Wallace P.L.L.C. ezana@omwlaw.com

More information

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review Privacy and Security Meaningful Use Requirement HIPAA Readiness Review REACH - Achieving - Achieving meaningful meaningful use of your use EHR of your EHR Patti Kritzberger, RHIT, CHPS ND e-health Summit

More information

FACT SHEET: Ransomware and HIPAA

FACT SHEET: Ransomware and HIPAA FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000

More information

Checklist and Related Guidance for Meaningful Use Audits

Checklist and Related Guidance for Meaningful Use Audits Checklist and Related Guidance for Meaningful Use Audits This checklist was prepared by Jill M. Girardeau, Partner, Womble Carlyle Sandridge & Rice, LLP and Dina Marty, Counsel, Wake Forest Baptist Medical

More information

HIPAA Compliance Evaluation Report

HIPAA Compliance Evaluation Report Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations

More information

Electronic Health Record Incentive Program Update May 29, 2015. Florida Health Information Exchange Coordinating Committee

Electronic Health Record Incentive Program Update May 29, 2015. Florida Health Information Exchange Coordinating Committee Electronic Health Record Incentive Program Update May 29, 2015 Florida Health Information Exchange Coordinating Committee Topics Payment Data Participation Years and Payments Meaningful Use Progression

More information

HIPAA Security Risk Analysis for Meaningful Use

HIPAA Security Risk Analysis for Meaningful Use HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA

More information

How to prepare for an EHR incentive audit

How to prepare for an EHR incentive audit How to prepare for an EHR incentive audit What is an EHR incentive program? The Medicare and Medicaid EHR Incentive Programs provide incentive payments to eligible professionals, eligible hospitals, and

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

Meaningful Use Audit Red Flags: Pay Careful Attention To The Security Risk Analysis - Or Else

Meaningful Use Audit Red Flags: Pay Careful Attention To The Security Risk Analysis - Or Else Meaningful Use Audit Red Flags: Pay Careful Attention To The Security Risk Analysis - Or Else Jim Tate Founder: EMR Advocate, Inc. Managing Partner: HITECH Answers Author of The Incentive Roadmap The Meaningful

More information

The Medicare and Medicaid EHR incentive

The Medicare and Medicaid EHR incentive Feature The Meaningful Use Program: Auditing Challenges and Opportunities Your pathway to providing value By Phyllis Patrick, MBA, FACHE, CHC Meaningful Use is an area ripe for providing value through

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

Community Health Center Association of Connecticut Meaningful Use: Audit Preparedness And Other Challenges February 12, 2015

Community Health Center Association of Connecticut Meaningful Use: Audit Preparedness And Other Challenges February 12, 2015 Community Health Center Association of Connecticut Meaningful Use: Audit Preparedness And Other Challenges February 12, 2015 Joan W. Feldman, Esq. William J. Roberts, Esq. Shipman & Goodwin LLP 2014. All

More information

Navigating a Meaningful Use Audit: Are You Ready? Brian Flood

Navigating a Meaningful Use Audit: Are You Ready? Brian Flood Navigating a Meaningful Use Audit: Are You Ready? Brian Flood 2014 Husch Blackwell LLP Agenda For This Segment ARRA, HITECH, and Meaningful Use What is Meaningful Use? Progress to Date How providers meet

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

SEC s Cybersecurity Risk Alert Part 2 of 3

SEC s Cybersecurity Risk Alert Part 2 of 3 SEC s Cybersecurity Risk Alert Part 2 of 3 How-To: Assessing Cybersecurity Risk Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting - O Connor Davies, LLP Timothy M. Simons,

More information

Objectives 5/5/2015. Quality Health Associates (QHA) of ND

Objectives 5/5/2015. Quality Health Associates (QHA) of ND Privacy and Security: HIPAA/HITECH/Meaningful Use Looking Back, Forging Ahead Patti Kritzberger, RHIT, CHPS Quality Health Associates of North Dakota HIT/Quality Improvement Specialist Quality Health Associates

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the

More information

CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard

CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

EHR Incentive Programs for Eligible Professionals: What You Need to Know for 2015 Tipsheet

EHR Incentive Programs for Eligible Professionals: What You Need to Know for 2015 Tipsheet EHR Incentive Programs for Eligible Professionals: What You Need to Know for 2015 Tipsheet CMS recently published a final rule that specifies criteria that eligible professionals (EPs), eligible hospitals,

More information

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

More information

Iowa Health Information Network (IHIN) Security Incident Response Plan

Iowa Health Information Network (IHIN) Security Incident Response Plan Iowa Health Information Network (IHIN) Security Incident Response Plan I. Scope This plan identifies the responsible parties and action steps to be taken in response to Security Incidents. IHIN Security

More information

HIPAA Security Boot Camp

HIPAA Security Boot Camp HIPAA Security Boot Camp Telligen Health Information Technology Regional Extension Center Agenda: For the Day Introductions First Hour: The Risk Assessment Second Hour: Administrative Controls Third Hour:

More information

HIPAA Audits Are Here!

HIPAA Audits Are Here! HIPAA Audits Are Here! How to prepare for and what to expect when OCR comes knocking May 12, 2016 James B. Wieland, Principal, Ober Kaler Emily H. Wein, Principal, Ober Kaler David Holtzman, VP of Compliance,

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Evaluation Report. Office of Inspector General

Evaluation Report. Office of Inspector General Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury

More information

2016 OCR AUDIT E-BOOK

2016 OCR AUDIT E-BOOK !! 2016 OCR AUDIT E-BOOK About BlueOrange Compliance: We specialize in healthcare information privacy and security solutions. We understand that each organization is busy running its business and that

More information

Empowering Nurses & Building Trust Through Health IT

Empowering Nurses & Building Trust Through Health IT Empowering Nurses & Building Trust Through Health IT Helen Caton-Peters, MSN, RN Health Information Privacy & Security Specialist Office of the National Coordinator for Health Information Technology 2

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

HIPAA COMPLIANCE PLAN FOR 2013

HIPAA COMPLIANCE PLAN FOR 2013 HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt

More information

When HHS Calls, Will Your Plan Be HIPAA Compliant?

When HHS Calls, Will Your Plan Be HIPAA Compliant? When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

HIPAA Security Rule Changes and Impacts

HIPAA Security Rule Changes and Impacts HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.

More information

NIST National Institute of Standards and Technology

NIST National Institute of Standards and Technology NIST National Institute of Standards and Technology Lets look at SP800-30 Risk Management Guide for Information Technology Systems (September 2012) What follows are the NIST SP800-30 slides, which are

More information

Cyber Security An Exercise in Predicting the Future

Cyber Security An Exercise in Predicting the Future Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

Medicaid EHR Incentive Program. Focus on Stage 2. Kim Davis-Allen, Outreach Coordinator Kim.davis@ahca.myflorida.com

Medicaid EHR Incentive Program. Focus on Stage 2. Kim Davis-Allen, Outreach Coordinator Kim.davis@ahca.myflorida.com Medicaid EHR Incentive Program Focus on Stage 2 Kim Davis-Allen, Outreach Coordinator Kim.davis@ahca.myflorida.com Understanding Participation Program Year Program Year January 1 st - December 31st. Year

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

NJ-HITEC PARTICIPATION AGREEMENT FOR MEDICAID SPECIALISTS

NJ-HITEC PARTICIPATION AGREEMENT FOR MEDICAID SPECIALISTS NJ-HITEC PARTICIPATION AGREEMENT FOR MEDICAID SPECIALISTS The undersigned practice (the Practice ) and participating providers (each, a Provider, and collectively, Providers ) presently intend to become

More information

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Meaningful Use Preparedness 07/24/2015

Meaningful Use Preparedness 07/24/2015 Meaningful Use Preparedness HEALTHCARE FINANCIAL MANAGEMENT ASSOCIATION 07/24/2015 Agenda Incentive Payments Measures Tracking Physicians Tracking Payment Audits EHR Incentive Program Meaningful Use The

More information

B. For example, a health system could own a hospital, medical groups and DME supplier and designate them as an ACE.

B. For example, a health system could own a hospital, medical groups and DME supplier and designate them as an ACE. Kimberly Short Kirk and Brad Rostolsky I. HIPAA Implications of Physician-Hospital Integration As physicians and hospitals become increasing integrated, regulatory compliance is a key consideration. The

More information

Participation Agreement Medicaid Provider Program

Participation Agreement Medicaid Provider Program Participation Agreement Medicaid Provider Program PLEASE FAX THE FOLLOWING PAGES #4, #7, #8, #14, #15 211 Warren Street Newark, NJ 07103 PHONE: 973-642-4777 FAX: 973-645-0457 E-mail: info@njhitec.org www.njhitec.org

More information

Data Management & Protection: Common Definitions

Data Management & Protection: Common Definitions Data Management & Protection: Common Definitions Document Version: 5.5 Effective Date: April 4, 2007 Original Issue Date: April 4, 2007 Most Recent Revision Date: November 29, 2011 Responsible: Alan Levy,

More information

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information

More information

Eligible Professional s Checklist 2015 Modified Stage 2 Meaningful Use

Eligible Professional s Checklist 2015 Modified Stage 2 Meaningful Use This checklist provides a look into Ohio s Medicaid Provider Incentive Program (MPIP) system for eligible professionals and may be used as a guide to help eligible professionals gather information that

More information

EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2013

EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2013 Overview EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2013 Providers who receive an EHR incentive payment for either the Medicare or Medicaid EHR Incentive Program

More information

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

Minnesota EHR Incentive Program

Minnesota EHR Incentive Program Minnesota EHR Incentive Program Meaningful Use in Minnesota: Changes in the Medicaid EHR Incentive Program Landscape June 2016 Today s Speaker Dean Ewald MN EHR incentive program (MEIP) Team Lead Government

More information

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA

More information

Don t Panic! Surviving a Meaningful Use Audit October, 2014

Don t Panic! Surviving a Meaningful Use Audit October, 2014 Don t Panic! Surviving a Meaningful Use Audit October, 2014 Angie Falletti, RN, PMP Senior Consultant, Encore, A Quintiles Company DISCLAIMER: The views and opinions expressed in this presentation are

More information

IT Security Incident Management Policies and Practices

IT Security Incident Management Policies and Practices IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS These Cybersecurity Testing and Certification Service Terms ( Service Terms ) shall govern the provision of cybersecurity testing and certification services

More information

An Independent Member of Baker Tilly International

An Independent Member of Baker Tilly International Healthcare Security and Compliance July 23, 2015 Presenters Kelley Miller, CISA, CISM - Principal Kelley.Miller@mcmcpa.com Barbie Thomas, MBA, CHC Barbie.Thomas@mcmcpa.com 2 Agenda Introductions Cybersecurity

More information

Healthcare Management Service Organization Accreditation Program (MSOAP)

Healthcare Management Service Organization Accreditation Program (MSOAP) ELECTRONIC HEALTHCARE NETWORK ACCREDITATION COMMISSION (EHNAC) Healthcare Management Service Organization Accreditation Program (MSOAP) For The HEALTHCARE INDUSTRY Version 1.0 Released: January 2011 Lee

More information

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information