Cost Effective Protection Against HIPAA Enforcement

Transcription

1 Cost Effective Protection Against HIPAA Enforcement With Special Guest Speaker: Joe Dylewski, President, ATMP Group Joseph Dylewski is a twenty-three year Information Technology Professional veteran, with eight years spent exclusively in the Healthcare Industry. Joseph has served as a Healthcare IT Services Practices Director and Account Manager with a proven trackrecord of successfully delivering end-to-end IT application and infrastructure project services. Joseph also currently serves as an Assistant Professor at Madonna University. Moderated By: April Sage, Marketing Director, Online Tech April Sage has been involved in the IT industry for over two decades. In the early 2000s, April founded a bioinformatics company that supported biotech companies in the development of research & drug discovery software systems. Since then, April has been involved in the development and implementation of online business plans and marketing strategies until her current position as Marketing Director of Online Tech. Upcoming Follow-up Webinars: Tuesday, November 2p.m. ET Impact of HIPAA Compliance on Business Associates Changes to Company Policies and Day-to-Day Operations Tuesday, November 2p.m. ET Sharing PHI Data? Legal Implications of BAAs & Avoiding HIPAA Pitfalls Colocation Dedicated Servers Private Clouds Copyright 2011 Online Tech. All rights reserved

2 IT Service Providers MSPs 600K + MSSPs

3 HIPAA Title II Administrative Simplification Electronic Data Interchange (Transaction and Code Sets) Security Rule Privacy Rule Administrative Safeguards 45 CFR Physical Safeguards 45 CFR Technical Safeguards 45 CFR

4 What is HITECH? HITECH - The Health Information Technology for Economic Recovery and Reinvestment Act of 2009 Meaningful Use Education HIPAA Enforcement

5 What changed relative to HIPAA? Physician Attestation for Meaningful Use Improved Enforcement HIPAA ignorance no longer tolerated Business Associates now have the same HIPAA responsibilities as the Covered Entities they service

6 Category Key Statistics Total Breaches No BA Involved BA Involved Percent of Total 100% 80% 20% Total Individuals Affected 11,590,462 5,532,486 6,057,976 Percent of Total 100% 48% 52% Average Individuals per Breach 38,635 22, ,678 Source :U.S. Department of Health and Human Services HIPAA Breach Notifications September 2009 to August 2011

7 Increasing Degree of HIPAA Compliance Effort Due to Willful Neglect if the violation is not corrected Due to Willful Neglect if the violation is corrected Due to Reasonable Cause and not Willful Neglect By exercising reasonable diligence would not have known Decreasing Degree of HIPAA Compliance Risk

8 Increasing Degree of HIPAA Compliance Effort by Covered Entity and Business Associate No Business Associate Contract in place Business Associate Contract in Place Business Associate has Conducted Risk Assessment Business Associate is taking necessary steps to compliance Business Associate proof of HIPAA Compliance Decreasing Degree of HIPAA Compliance Risk to Covered Entity

9 Is the Covered Entity responsible for their Business Associate s HIPAA Compliance, or vice versa? No Is the Covered Entity responsible for engaging in relationships with HIPAA Compliant Business Associates? Yes If the Business Associate claims HIPAA Compliance, does this imply that the Covered Entity is HIPAA Compliant? No

10 Solution Compliance Institutional Compliance Electronic Medical Record HIPAA Compliant EMR Hosted in a HIPAA Compliant Facility EMR Company HIPAA Compliance with respect to internal operating policies

11 EMR Private Cloud / Data Center Health Information Exchange (HIE) DR Site IT Services Insurance Company Physician Practice Document Destruction Lab Health System

12 Privacy / Security Compliance Policy Proof

13 United States Department of Health and Human Services Office of Civil Rights Individual state s Office of The Attorney General

14 Treat HIPAA compliance with the same degree of diligence and urgency as Accounting, Taxes, and the IRS Start with a simple checklist of areas that need to be addressed A.K.A. - Risk Assessment

15 ATMP Solutions utilizes Automated/web based tools Risk Assessment BA Tracking HIPAA Certified Consultants HIPAA policy templates Results = Cost Effective and Time Efficient first step to compliance management

16 Upcoming Events Webinars: Tuesday, November 2p.m. ET Impact of HIPAA Compliance on Business Associates Changes to Company Policies and Day-to-Day Operations With speaker Jason Yaeger, Risk Management & Security Officer, Online Tech. Tuesday, November 2p.m. ET Sharing PHI Data? Legal Implications of BAAs & Avoiding HIPAA Pitfalls With special guest speaker Tatiana Melnik, Attorney, Dickinson Wright PLLC. Events: November th in Indianapolis, Indiana Midwest HIMSS Fall Technology Conference Contact Info Joe Dylewski jdylewski@atmpgroup.com Office: Online Tech contactus@onlinetech.com Main: Friday, December 2nd in Ann Arbor, MI 3-7p.m. ET New Data Center Open House February th in Las Vegas, Nevada HIMSS Annual Conference & Exhibition Colocation Dedicated Servers Private Clouds Copyright 2011 Online Tech. All rights reserved