View the Replay on YouTube. Sustainable HIPAA Compliance: Enhancing Your Epic Reporting. FairWarning Executive Webinar Series October 17, 2013
|
|
- Joan Hart
- 8 years ago
- Views:
Transcription
1 View the Replay on YouTube Sustainable HIPAA Compliance: Enhancing Your Epic Reporting FairWarning Executive Webinar Series October 17, 2013
2 Today s Panel Chris Arnold FairWarning VP of Product Management Chris@FairWarning.com Chuck Burbank FairWarning Director of Managed Services Chuck@FairWarning.com Kurt J. Long FairWarning Founder Kurt@FairWarning.com
3 FairWarning and Epic Production Customers 44 Production Customers 10,267 employees on average, 2,500 to 60,000 On average 1,300 physicians across 6 hospitals and 36 clinics Moving from legacy EHR to Epic for Meaningful Use Converting from paper to Electronic Health Records 3 applications in addition to Epic Several are monitoring additional applications that touch PHI 17 of 44 customers are using DLP or SIEM in cooperation with FairWarning Patient Privacy Monitoring
4 Agenda Motivations for Compliance and Privacy Key Elements for Sustainable Compliance User Activity Monitoring in a KPMG/OCR HIPAA Audit Lessons Learned from Epic Based Environments Hands-on Demonstration FairWarning Achievement & Educational Programs Q&A
5 Sources: New London Consulting US Survey; Ponemon Study; HHS.gov; OCR NIST Presentation on Security Compliance Impacting Outcomes, Revenue and Lives Why Compliance & Privacy Matters 27% of US patients withhold medical information due to privacy concerns COMPLIANCE: User Activity Monitoring found to be #1 deficiency in 115 HIPAA pilot audits according to Office for Civil Rights More than 100,000 care providers have adopted EHRs and realize payments under Meaningful Use REPUTATION: 85% of patients indicate that a care provider s reputation for protecting privacy influences their choice to seek care from that provider FINANCIAL DAMAGE: An estimated average of 2 million Americans are victims of medical identity theft yearly, with an estimated total cost of $41 billion
6 Regulatory Framework for HIPAA Compliance HIPAA Audit Protocol User Activity Monitoring 2014 OCR HIPAA Enforcement #1 Security Gap from Pilot Audits Patient Privacy Monitoring ARRA HITECH Meaningful-Use Electronic Health Records Audit Logs Required Security Risk Analysis / Correct Deficiencies Protect Your Reputation Position Yourself for HIPAA Compliance
7 Sustainable HIPAA Compliance for User Activity Monitoring Written appropriate access policies Documented sanctioning program Automated enforcement of access policies Proactive alerting Consistent and documented investigation Governance and audit reporting Patient notification and governmental reporting
8 HIPAA Audit Protocol FairWarning 3.1 Maps Directly to OCR HIPAA Audit Protocol Security Requirements HIPAA Security Rule Established Performance Criteria Key Activity Audit Procedures FairWarning Solution (a)(1)(ii)(D): Security Management Process - Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Develop and Deploy the Information System Activity Review Process Inquire of management as to whether formal or informal policy and procedures exist to review information system activities; such as audit logs, access reports, and security incident tracking reports. Obtain and review formal or informal policy and procedures and evaluate the content in relation to specified performance criteria to determine if an appropriate review process is in place of information system activities. Obtain evidence for a sample of instances showing implementation of covered entity review practices Determine if the covered entity policy and procedures have been approved and updated on a periodic basis. FairWarning Analytics and Reports enable reviewing of information system activity, such as audit logs and access reports. FairWarning Investigations centralize management and tracking of security incidents (b) Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Determine the Activities that Will be Tracked or Audited Inquire of management as to whether audit controls have been implemented over information systems that contain or use ephi. Obtain and review documentation relative to the specified criteria to determine whether audit controls have been implemented over information systems that contain or use ephi. FairWarning Analytics record and examine activity in systems with ephi. These Analytics can then be automated as Enforced Policies to proactively alert users of any activity that is being tracked or audited.
9 HIPAA Audit Protocol FairWarning 3.1 Maps Directly to OCR Audit Protocol HIPAA Security Requirements HIPAA Security Rule Established Performance Criteria Key Activity Audit Procedures FairWarning Solution (b) Audit Controls - Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Select the Tools that Will be Deployed for Auditing and System Activity Reviews Inquire of management as to whether systems and applications have been evaluated to determine whether upgrades are necessary to implement audit capabilities. Obtain and review documentation of tools or applications that management has identified to capture the appropriate audit information. FairWarning s Ready Programs maps to and supports over 185 applications that touch ephi. Nearly 50 applications have been fully certified by FairWarning to provide the necessary data to effectively audit access to ephi (b) Audit Controls - Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Develop and Deploy the Information System Activity Review/Audit Policy Inquire of management as to whether a formal or informal audit policy is in place to communicate the details of the entity's audits and reviews to the work force. Obtain and review formal or informal policies and procedures and evaluate the content in relation to the specified criteria to understand whether a formal audit policy is in place to communicate the details of the entity's audits and reviews to the work force. Obtain and review an , or some form of communication, showing that the audit policy is communicated to the work force. Alternatively, a screenshot of the audit policy located on the entity's intranet would suffice. The FairWarning Implementation Toolkit is an open copyright best practices guide on how other customers implemented formal audit policies and how to communicate that to the work force (b) Audit Controls - Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Develop Appropriate Standard Operating Procedures Inquire of management as to whether procedures are in place on the systems and applications to be audited and how they will be audited. Obtain and review management's procedures in place to determine the systems and applications to be audited and how they will be audited. FairWarning centralizes where and how applications are audited. All systems touching ephi can be audited through the FairWarning Analytics and Reports. These audits can be automated as Enforced Policies and all investigations can be centrally managed within the product. Governance and dashboard reports give executive views of the effectiveness of the policies being enforced.
10 What OCR Wants to See Written privacy and security policy and procedures Evidence that you are following these policies and procedures Review sample investigation, written sanctions and other means by which you respond to identified breaches
11 Most Common FairWarning Policies for an Epic Environment Quick Reports Activity Access Reports Break the Glass Access Co-worker and Employee Snooping Activity Reports Deceased and Discharged Patient Access Activity Report Neighbor Snooping Activity Report Simultaneous Logins Activity Report VIP Access Activity Report
12 FairWarning Ready For predictable, consistent implementations Audit Logs Authoritative User Data Advanced Patient data
13 Certified Solution Considerations Performance Optional filtering of audit events Primary Care Physician data available Active Directory integration Audit log consolidation
14 FAIRWARNING DEMO
15 Enabling Sustainable HIPAA Compliance Compliance Dashboard Measurement of patient privacy monitoring and compliance effectiveness Privacy Dashboard- Recent investigations, enforced policies, alerts and privacy reports Robust collaborative investigations - Document the legally defensible position of the care provider OCR HIPAA Audit Protocol Direct mapping to 5 major areas in Audit Control and Systems Activity Review Wide-scale support for FairWarning Ready - Instant compatibility with every major EHR and over 185 applications used in healthcare Analytics Library - Point and click best practice analytics, reports and administration
16 FairWarning Achievement & Educational Programs
17 Contact Information Chris Arnold FairWarning VP of Product Management Chuck Burbank FairWarning Director of Managed Services Kurt J. Long FairWarning
Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments
View the Replay on YouTube Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments FairWarning Executive Webinar Series October 31, 2013 Today s Panel Chris Arnold
More informationSustainable Compliance: A System for Ongoing Audit Readiness
View the Replay on YouTube Sustainable Compliance: A System for Ongoing Audit Readiness FairWarning Executive Webinar Series November 14, 2013 Agenda Sustainable Compliance at St. Charles Health System
More informationStraight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes
Watch the Replay Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes FairWarning Executive Webinar Series May 20, 2014 #AnytimeAudit Today s Panel Laura E. Rosas, JD, MPH
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationOIG Security Audit: What You Need To Know
Watch the Replay on YouTube OIG Security Audit: What You Need To Know Executive Series Webinar July 23rd, 2015 Today s Speakers Elana R. Zana Attorney & Author Ogden Murphy Wallace P.L.L.C. ezana@omwlaw.com
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More informationMeaningful Use Stage 2 & HIPAA: The Relationship between HIPAA and Meaningful Use Privacy & Security Regulations View the Replay on YouTube
2012 FairWarning, Inc. Meaningful Use Stage 2 & HIPAA: The Relationship between HIPAA and Meaningful Use Privacy & Security Regulations View the Replay on YouTube April 12, 2012 2012 FairWarning, Inc.
More informationView the Replay on YouTube
View the Replay on YouTube Privacy Implications of Texas HB 300: What Should You Be Doing Now? FairWarning Executive Webinar Series December 18, 2012 Agenda Privacy Implications of Texas HB 300: What Should
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationCompliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire
Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationSecurity and Privacy of Electronic Medical Records
White Paper Security and Privacy of Electronic Medical Records McAfee SIEM and FairWarning team up to deliver a unified solution Table of Contents Executive Overview 3 Healthcare Privacy and Security Drivers
More informationHIPAA/HITECH: Conditional Access Management for Business Performance. Mark Seward, Director Security and Compliance Solutions Marketing
HIPAA/HITECH: Conditional Access Management for Business Performance Mark Seward, Director Security and Compliance Solutions Marketing Agenda HIPAA compliance problems (a review for most) EHR access issues
More informationPrivacyPro ; A Key Component of Privacy Information Management Overview Whitepaper
PrivacyPro ; A Key Component of Privacy Information Management Overview Whitepaper This Whitepaper is the first of a series published by CompliancePro Solutions Founder Kelly McLendon, RHIA which will
More informationSAMPLE. Certified Master Professional Training
Certified Master Professional Training May 2015 Dear Healthcare Privacy and Security Professional, Welcome to the FairWarning Ready Certified Professional training program! As in everything at FairWarning,
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationPreparing for and Responding to an OCR HIPAA Audit
Preparing for and Responding to Carole Klove Carole.Klove@ucsfmedctr.or g Gerry Hinkley gerry.hinkley@pillsburylaw.com SIXTH NATIONAL HIPAA SUMMIT WEST October 10-12, 2012 Overview Background What to expect
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationHIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com
HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations
More informationCarl Abramson Gerry Blass Susan A Miller
Introductions 0 Carl Abramson has over 35 years of experience in management consulting, IT management, HIPAA compliance, Critical Infrastructure Cyber Security and business process analysis. Carl is President
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationHIPAA: Compliance Essentials
HIPAA: Compliance Essentials Presented by: Health Security Solutions August 15, 2014 What is HIPAA?? HIPAA is Law that governs a person s ability to qualify immediately for health coverage when they change
More informationHIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality
HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.
More informationA smarter way to protect your brand. Copyright 2012 Compliance 360 All Rights Reserved
A smarter way to protect your brand Minimizing Compliance Risks of Proactive OCR HIPAA Audits Copyright 2012 Compliance 360 All Rights Reserved Compliance 360 at a Glance Compliance, Risk and Audit Solutions
More informationEric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas
Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas Dallas, Texas Objectives The purpose of this presentation is to develop a general awareness of DLP/SIEM
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationPrivacy and Security Meaningful Use Requirement HIPAA Readiness Review
Privacy and Security Meaningful Use Requirement HIPAA Readiness Review REACH - Achieving - Achieving meaningful meaningful use of your use EHR of your EHR Patti Kritzberger, RHIT, CHPS ND e-health Summit
More informationHealthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014
Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014 Agenda Introduction / Session Overview HIT Budgeting 101 Security and Compliance EHR budgeting HIT Where Are We Going Q & A 2 Copyright
More informationReady for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP
Ready for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? You receive a phone call from your CEO. They just received
More informationInfoGard Healthcare Services. 2015 InfoGard Laboratories Inc.
InfoGard Healthcare Services 10 Steps To Protect My Covered Entity From Breach Your Presenters Alan Martin Account Manger Marvin Byrd Security Engineer Test and Certification Laboratory Healthcare Payment
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More informationHow to Use the NYeC Privacy and Security Toolkit V 1.1
How to Use the NYeC Privacy and Security Toolkit V 1.1 Scope of the Privacy and Security Toolkit The tools included in the Privacy and Security Toolkit serve as guidance for educating stakeholders about
More informationHow to prepare your organization for an OCR HIPAA audit
How to prepare your organization for an OCR HIPAA audit Presented By: Mac McMillan, FHIMSS, CISM CEO, CynergisTek, Inc. Technical Assistance: 978-674-8121 or Amanda.Howell@iatric.com Audio Options: Telephone
More informationInterpreting the HIPAA Audit Protocol for Health Lawyers
Interpreting the HIPAA Audit Protocol for Health Lawyers This webinar is brought to you by the Health Information and Technology Practice Group (HIT), and is co-sponsored by the Business Law and Governance
More informationManaging the Insider Threat: Real-time Monitoring of Access Patterns to ephi
Managing the Insider Threat: Real-time Monitoring of Access Patterns to ephi Mac McMillan (CynergisTek, HIMSS) Jennings Aske (Partners Healthcare) Mike Terra (Oracle Corp.) Daniel Fabbri (U. Michigan)
More informationSECURITY RISK ASSESSMENT SUMMARY
Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected
More informationMeaningful Use Audits. NextGen Physician Consulting Services
Meaningful Use Audits NextGen Physician Consulting Services Agenda Audit Overview Documentation for measures requiring numerator and denominator data Documentation for attestation only measures Security
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationSanta Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid
Santa Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid February 11, 2011 Chris Apgar, CISSP President Overview ARRA & Meaningful Use Rule Overview
More informationSecuring Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationIncreasing Security Defenses in Cost-Sensitive Healthcare IT Environments
Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments Regulatory and Risk Background When the Health Insurance Portability and Accountability Act Security Standard (HIPAA) was finalized
More informationA PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK
A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK Chris Apgar Andy Nieto 2015 OVERVIEW How to get started assessing your risk What your options are how to protect PHI What s the
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationPrivacy for Healthcare Data in the Cloud - Challenges and Best Practices
Privacy for Healthcare Data in the Cloud - Challenges and Best Practices Dr. Sarbari Gupta sarbari@electrosoft-inc.com 703-437-9451 ext 12 Cloud Standards Customer Council (CSCC) Cloud Privacy Summit Electrosoft
More informationCompliance Plan Required for ACO Participation
Compliance Plan Required for ACO Participation Presented by: Angela Miller Medical Auditing Solutions LLC 2012 (c)2012 Medical Auditing Solutions LLC 1 Experience Angela Miller over 18 years experience
More informationJoe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationNational Institute of Standards and Technology. HIPAA Security Rule Toolkit. User Guide
National Institute of Standards and Technology HIPAA Security Rule Toolkit User Guide October 31, 2011 Table of Contents Background... 1 Purpose... 1 Audience... 1 Intended Use of the HSR Toolkit... 1
More informationHow To Protect Your Health Care From Being Stolen From Your Computer Or Cell Phone
Compliance Simplified Achieve, Illustrate, Maintain Industry leading Education Todays Webinar Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Certified Partner
More informationOCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013
ISACA - North Texas Chapter April 11, 2013 Introduction 1 2 Basic components of HIPAA and HITECH legislation HITECH and rising breaches 3 4 OCR HIPAA audits Key findings of the pilot audits 5 Approaches
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationPreparing for HIPAA and Meaningful Use Compliance Audits
Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationDocument Imaging Solutions. The secure exchange of protected health information.
The secure exchange of protected health information. 2 Table of contents 3 Executive summary 3 The high cost of protected health information being at risk 4 The compliance officer s dilemma: keeping PHI
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationThe Must Have Tools To Address Your Compliance Challenge
The Must Have Tools To Address Your Compliance Challenge Industry leading Education October 21 - Top 5 tools to help you achieve HIPAA compliance November 11 - Saving time and money through web-based benefits
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationA CPA recounts exponential growth in Compliance. Mary Ellen McLaughlin
Compliance TODAY September 2015 a publication of the health care compliance association www.hcca-info.org A CPA recounts exponential growth in Compliance an interview with Patricia Bickel Compliance and
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationHIPAA COMPLIANCE PLAN FOR 2013
HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationSecure Endpoint Management. Presented by Kinette Crain and Brad Lewis
Secure Endpoint Management Presented by Kinette Crain and Brad Lewis Brad Lewis Brad Lewis - Service Specialist 14 years of IT experience In-House Support Manager Network Administrator Assessing Risk:
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationSolution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized
More informationHIPAA in the Cloud How to Effectively Collaborate with Cloud Providers
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationLogging and Auditing in a Healthcare Environment
Logging and Auditing in a Healthcare Environment Mac McMillan CEO CynergisTek, Inc. OCR/NIST HIPAA Security Rule Conference Safeguarding Health Information: Building Confidence Through HIPAA Security May
More informationThe OCR Audit Protocol a first look
The OCR Audit Protocol a first look On June 26, 2012, the Office for Civil Rights published its Audit Protocols for HIPAA Security, HIPAA Breach and Privacy at http://ocrnotifications.hhs.gov/hipaa.html.
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationOverview of Topics Covered
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationHIPAA Audits Are Here!
HIPAA Audits Are Here! How to prepare for and what to expect when OCR comes knocking May 12, 2016 James B. Wieland, Principal, Ober Kaler Emily H. Wein, Principal, Ober Kaler David Holtzman, VP of Compliance,
More informationEstablishing an Access Auditing Program. Cindy Matson, CHC, CHPC Chief Privacy Officer
Establishing an Access Auditing Program Cindy Matson, CHC, CHPC Chief Privacy Officer Hospitals: 31 Clinics: 111 Long-term care facilities: 31 Health Plan Employees: 18,000+ Physicians: 900+, offering
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More informationSecurity and Privacy of Electronic Medical Records. White Paper
Security and Privacy of Electronic Medical Records White Paper Executive Overview Patient confidentiality is a growing concern for healthcare organizations. Government regulations, electronic health records,
More informationSomansa Data Security and Regulatory Compliance for Healthcare
Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,
More informationDeveloping HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant
Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationUnderstanding HIPAA Regulations and How They Impact Your Organization!
Understanding HIPAA Regulations and How They Impact Your Organization! Presented by: HealthInfoNet & Systems Engineering! April 25 th 2013! Introductions! Todd Rogow Director of IT HealthInfoNet Adam Victor
More informationHow To Find Out What People Think About Hipaa Compliance
Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry
More informationReputation Management Surviving a HIPAA Breach or Audit
Reputation Management Surviving a HIPAA Breach or Audit Carolyn P. Hartley, MLA President, CEO Physicians EHR, Inc Former VP, Media Relations Presented to MGMA October 7, 2013 What to Do in the Event of
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationHIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012
HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More information