Security Is Everyone s Concern:

Size: px
Start display at page:

Download "Security Is Everyone s Concern:"

Transcription

1 Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014

2 E Komo Mai! This session s presenter is Mert Gambito Compliance and Privacy Officer, Hawai i HIE Physician attendees may earn 1.0 CME credit for attending this session. Please complete the blue test and evaluation forms for this session to earn your credit. No other relevant financial disclosures

3 Oh no, a HIPAA Presentation... Quick! Tell Us What Part of HIPAA Security Is Important to Know While You Still Have Our Attention Well, good news! The answer is simple: ALL OF IT!

4 HIPAA Security, went into effect 2005: Called for Safeguards Specific to Electronic PHI (ephi) not Addressed by HIPAA Privacy? Administrative Safeguards Policies and Procedures Risk Analysis / Assessment Risk Management Sanctions System Activity Review Security Official / Officer Authorization / Supervision Workforce Clearance Termination Access Authorization Access Establishment and Modification Security Awareness and Training Security Reminders Malicious Software Protection Log-in Monitoring HIPAA Security Password Management Security Incident Response and Reporting Data Backup Plan Disaster Recovery Plan Emergency Mode Operation Plan Testing and Revision of Contingency Plans Applications and Data Criticality Analysis Periodic Security Evaluation Business Associate Agreements Physical Safeguards Workstation Function Specifications Workstation Physical Safeguards Device and Media Disposal Media Reuse Device and Media Accountability Data Backup and Storage Technical Safeguards Unique User Identification Emergency Access Automatic Logoff Encryption and Decryption of Stored PHI Audit Controls Authentication of ephi Authentication of Person/Entity Integrity Controls of Transmitted ephi Encryption of Transmitted ephi Organizational Requirements Business Associate Agreements Policies, Procedures, Documentation Requirements Policies and Procedures Security-Related Documentation

5 HIPAA Security: Consists of Almost 50 Specifications... That Fall Within 5 Categories Administrative Safeguards Policies and Procedures Risk Analysis / Assessment Risk Management Sanctions System Activity Review Security Official / Officer Authorization / Supervision Workforce Clearance Termination Access Authorization Access Establishment and Modification Security Awareness and Training Security Reminders Malicious Software Protection Log-in Monitoring Password Management Security Incident Response and Reporting Data Backup Plan Disaster Recovery Plan Emergency Mode Operation Plan Testing and Revision of Contingency Plans Applications and Data Criticality Analysis Periodic Security Evaluation Business Associate Agreements Physical Safeguards Workstation Function Specifications Workstation Physical Safeguards Device and Media Disposal Media Reuse Device and Media Accountability Data Backup and Storage Technical Safeguards Unique User Identification Emergency Access Automatic Logoff Encryption and Decryption of Stored PHI Audit Controls Authentication of ephi Authentication of Person/Entity Integrity Controls of Transmitted ephi Encryption of Transmitted ephi Organizational Requirements Business Associate Agreements Policies, Procedures, Documentation Requirements Policies and Procedures Security-Related Documentation

6 HIPAA Security: Consists of Almost 50 Specifications... That Fall Within 5 Categories 1. Administrative Safeguards 2. Physical Safeguards 3. Technical Safeguards 4. Organizational Requirements 5. Policies, Procedures and Documentation Requirements

7 Administrative Safeguards What business practices are in place to safeguard your patients ephi, and help ensure the staff keep the data secure? Management and evaluation of your practice s security program: This starts with a security risk analysis (it was a HIPAA requirement long before Meaningful Use came along). Who is your practice s security official? Workforce security and information access management Procedures to ensure only the staff members who need access to your ephi have it, and are appropriately disciplined if they abuse that access or otherwise compromise the security of your patients data. System activity review Review records to determine if any ephi has been compromised.

8 Administrative Safeguards What business practices are in place to safeguard your patients ephi, and help ensure the staff keep the data secure? Security incident procedures Identifying and mitigating attempted or successful unauthorized, access, use, disclosure, modification or destruction of your practice s ephi, or tampering with your information systems. Contingency plan Have a plan to back up your ephi, and make it available in case of emergency or disaster while keeping it secure. Business associate agreements Contractually ensure that your vendors, other third-parties and their subcontractors with access to PHI are bound to abide by HIPAA.

9 Administrative Safeguards What business practices are in place to safeguard your patients ephi, and help ensure the staff keep the data secure? Security awareness and training The single, most important aspect of a security program! Our Hawai i Pacific Regional Extension Center (HPREC) program provides ongoing workforce security training sessions for providers and their staff members to help them meet this HIPAA security requirement. We currently hold annual training sessions on Oahu, the Big Island, Kauai and Maui.

10 Physical Safeguards How does your practice safeguard facilities, equipment and media within which ephi is accessed, used or stored? Ensure proper and necessary access to your practice s facility. Control, validate and monitor who has facility access. Provide for facility access necessary to restore data during an emergency or disaster. Ensure the security, and secure use of, your practice s workstations with access to ephi. Specify appropriate use of workstations by workforce members. Minimize risks to ephi accessible via the workstations, on and off site.

11 Physical Safeguards How does your practice safeguard facilities, equipment and media within which ephi is accessed, used or stored? Keep track of portable devices and media that contain ephi. Maintain records of which devices and media contain ephi, where they are located, and to whom they have been assigned. Dispose of end-of-life devices and media that contain or have contained ephi only after ensuring that the data has been rendered completely unusable and/or inaccessible. If a device or media will be re-used, whether within the practice or provided to someone else, the ephi must be permanently deleted or otherwise rendered inaccessible.

12 Technical Safeguards Which technological controls, and policies and procedures to ensure implementation of those controls, are used in your practice? Implement controls to ensure only unique, authorized users have access to information systems containing ephi. Implement controls to prevent unauthorized alteration or destruction of ephi. Review audit records to determine if any ephi has been compromised. Implement controls to safeguard ephi during transmission.

13 Organizational, Policies, and Procedures Documentation Requirements Memorizing All This HIPAA Stuff is Hard! Independent practices, and other HIPAA covered entities, must execute agreements with business associates, e.g. vendors with access to PHI on behalf of the HIPAA covered entity. Policies and procedures must be in writing and available to all of your practice s workforce members. Policies and procedures must be updated as needed to address your practice s changing security needs. Other documentation, e.g. related to incident response, must also be maintained by a practice.

14 2012 OCR HIPAA Audit Pilot Results

15 OK, Lots of Information... Is there anything you can recommend my coworkers and I focus on to improve our Security program? Every practice s needs are different, which is why a security risk analysis, for example, is one of the first steps to take in creating or updating a security program.

16 Learnings: OCR HIPAA Investigations Look at the types of complaints the U.S. Office for Civil Rights (OCR) investigates for a general idea of where practices should focus attention in their compliance programs.

17 Now, Let s See What We Can Learn... When the Feds Decide Something s REALLY Gone Wrong!

18 Learnings: OCR HIPAA Enforcement Key Findings in Cases Resulting in Independent Practices Paying Penalties April 13, 2013: Phoenix Cardiac Surgery $100,000 settlement for publicly posting ephi on the Internet. Over 1,000 entries containing PHI were posted online. The OCR s investigation was triggered by a complaint. December 26, 2013: Adult & Pediatric Dermatology $150,000 settlement for stolen unencrypted thumb drive containing data of 2,200 patients. The thumb drive was never recovered. The OCR s investigation was triggered by a complaint.

19 Learnings: OCR HIPAA Enforcement Key Findings in Cases Resulting in Independent Practices Paying Penalties In addition to the two breaches of ephi, the federal investigators identified actions needed to address other findings related to the following HIPAA Security requirements: Formal identification of a security official Security risk analysis and risk management Policies and procedures Business associate agreements HIPAA training of employees Let s add one more that goes without saying: Incident and breach response and notification

20 Identify Your Practice s Security Official (It Just Might Be You :-) What s the main responsibility of a security official? Developing and implementing the security policies and procedures. Is this role the same as the HIPAA privacy official? No, but the same person can fulfill both roles, and often does. Do I have to do all the HIPAA compliance work in this role? SECURITY IS EVERYONE S CONCERN in the practice, not just yours. You can delegate (e.g. safeguarding your network), then document who s responsible for the delegated aspect of your security program.

21 Poll Question #1: Who Is Your Practice s Security Official? Instructions: 1. If you haven t already done so, launch the AudienceOpinion app. 2. Enter the event code for this breakout session s poll: betutc (the event code is case sensitive). 3. You ll be prompted to enter an address. Feel free to enter a fictitious one, e.g. 4. The Start page for the Security Is Everyone s Concern poll will appear on your mobile device. 5. The presenter will activate the poll. 6. Tap Start on your mobile device to go to Question #1. (If you accidentally tried to start the poll before it was activated, tap Next Question to go to Question #1.)

22 Poll Question #1:

23 The rest of this presentation covers key security safeguards that many practices, not just small ones, overlook. But as the data shows, the regulators are paying attention, and so should we.

24 Security Risk Analysis and Management The Foundation for Securing YOUR Practice Same Specialty Same EHR System Same Town Same Size Staff Different Security Needs There s no one-size-fits-all way to build a Security program. Every practice s security needs change over time. A security risk analysis identifies current threats, vulnerabilities and risks facing your practice. It helps you learn what you re doing right, and what needs work. It drives how you develop the rest of your security program.

25 Security Risk Analysis and Management The Foundation for Securing YOUR Practice Risk Management Security Management Cycle Risk Analysis Analyze risks. Identify and rank initial security risks unique to your practice. Manage risks. Use the results of the analysis to prioritize which risks to mitigate. Evaluate your security program. Periodically review your practice s security safeguards, and make changes as necessary.

26 Policies and Procedures Your Practice s Security Instruction Manual Policies define your practice s approach to meeting each security standard, e.g.: A vendor with access to PHI on behalf of our practice must execute a business associate agreement with our practice. Procedures describe how your practice carries out that approach, e.g.: A representative of the vendor must sign our practice s business associate agreement, and provide us the original signed agreement, before the vendor may access the PHI. Retain policies and procedures (and other HIPAA-related documentation) for at least 6 years. OCR investigators and auditors may ask for your documentation even out-of-date versions.

27 Business Associate Agreements HIPAA: It s Not Just for Covered Entities The HITECH Act of 2009 established HIPAA compliance requirements for business associates. Business associates are now: Required to adopt most of the same security safeguards as independent practices and other covered entities Responsible for playing a role in notifications in the event of a breach Subject to investigations, corrective actions and penalties under the HIPAA Enforcement Rule Subcontractors of business associates, including subcontractors of subcontractors, with access to PHI are also considered business associates.

28 Workforce HIPAA Training Train Early, Train Often, Train Everyone! All workforce members must receive training This includes physicians, other providers and management, as well as Staff members who do not have access to the EHR or other systems with ephi. Train workforce members when they re hired, as well as Periodically so they receive reminders and updates about HIPAA. Your practice s workforce members may not memorize HIPAA word for word... But the awareness of what safeguards are required and should be considered will go a long way to preventing violations that could literally impact the well-being of your practice s patients and subject your practice to regulatory penalties.

29 Incident and Breach Procedures With HIPAA, as in Life, What Can Go Wrong Some of the most common, and damaging incidents are intentionally caused by people, e.g.: Unauthorized access (e.g. snooping) Theft of PHI, and devices containing ephi Some incidents are caused by unintentional acts, e.g.: Lost devices containing ephi Failure to adequately lock/secure facilities, vehicles and homes Some incidents aren t caused by people, e.g.: Malware attacks Server failures Natural disasters (is your PHI in a tsunami zone?)

30 Incident and Breach Procedures With HIPAA, as in Life, What Can Go Wrong Some incidents are caused by neglect, e.g.: Weak passwords Lack of encryption Out-of-date software When you detect an incident, or one is reported, you must document the details of the incident, as well as your steps to investigate and mitigate it. (Remember: 6-year retention). Not all incidents are breaches. Your investigations should include an incident risk assessment to determine if this so. And, even when PHI ends up in the wrong hands, an incident may still meet HIPAA exclusions to being defined as a breach.

31 Incident and Breach Procedures With HIPAA, as in Life, What Can Go Wrong If, following your risk assessment, you determine that an incident qualifies as a breach: You have up to 60 days following discovery of the incident to notify the necessary parties of the breach, in particular the impacted individuals and the U.S. Department of Health and Human Services (HHS). Notifications to impacted individuals, depending on the nature and severity of the breach, may be delivered by: first-class mail, notice published on the practice s website, , phone as well as the local or statewide media. What s the best way to deal with incidents and breaches? Prevent them from occurring by addressing the safeguards discussed in this presentation paying attention to deficiencies identified by the OCR in the cases involving independent practices.

32 Poll Question #2:

33 Learnings: OCR HIPAA Enforcement Not All OCR Investigations Result in Enforcement Actions, Let Alone Penalties Source data from the U.S. Office for Civil Rights, April 14, 2003 through July 26, 2014

34 Learnings: OCR HIPAA Enforcement Not All OCR Investigations Result in Enforcement Actions, Let Alone Penalties 24.6%, or 1 out of every 4.1 cases resolved by the OCR, resulted in a corrective action plan.* Of these cases %, or 1 out of every 1,028 cases that required a corrective action to address HIPAA violations resulted in a civil monetary penalty or settlement.* Now for the bigger picture to see how we did in Poll #1: 0.024%, or 1 out of every 4,171 HIPAA complaint cases resolved by the OCR, has resulted in a monetary penalty.* *Since HIPAA Privacy went into effect, April 14, 2003

35 Learnings: OCR HIPAA Enforcement In fact, most HIPAA enforcement activity looks like this:

36 So, In Closing... HIPAA enforcement is typically an opportunity to improve a practice s security program, not penalize the practice. Focusing on the handful of security safeguards that have historically been neglected by independent practices: Addresses regulatory requirements that may contribute to breaches and other unfortunate incidents. In the course of doing so, e.g. by conducting a risk assessment and developing current policies and procedures: Other aspects of your practice s security program can be added or impoved along the way. The Hawai i HIE s HPREC program will continue to provide services, such as Workforce Security Awareness Training, to help practices develop their security programs.

37 Mahalo for attending this session! Physicians, please complete the blue test and evaluation forms for this session to earn your CME credit. Enjoy the rest of your day at the 2014 HIT Summit!

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES

PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES TABLE OF CONTENTS A. Overview of HIPAA Compliance Program B. General Policies 1. Glossary of Defined Terms Used in HIPAA Policies and Procedures 2. Privacy

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

What do you need to know?

What do you need to know? What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

Can Your Diocese Afford to Fail a HIPAA Audit?

Can Your Diocese Afford to Fail a HIPAA Audit? Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

HIPAA Customizable Compliance Plan

HIPAA Customizable Compliance Plan HIPAA Customizable Compliance Plan 2015 HCCP16 / BHCCP16 Contents Introduction... 1 Brief Review of the HIPAA Standards... 3 How to Use the HIPAA Customizable Compliance Plan... 5 Section 1 Privacy Policies

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA Security Risk Analysis for Meaningful Use

HIPAA Security Risk Analysis for Meaningful Use HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA

More information

Privacy & Security: Fundamentals of a Security Risk Analysis. Preparing for Meaningful Use Measure 15

Privacy & Security: Fundamentals of a Security Risk Analysis. Preparing for Meaningful Use Measure 15 Privacy & Security: Fundamentals of a Security Risk Analysis Preparing for Meaningful Use Measure 15 1/18/2012 Why Are We Here? Privacy and Security is a priority for ONC Consistency among Regional Extension

More information

2.) The Security Rule (Part 164, Subpart C)

2.) The Security Rule (Part 164, Subpart C) 2.) The Security Rule (Part 164, Subpart C) 164.302 Applicability 164.304 Definitions 164.306 Security standards: General rules 164.308 Administrative safeguards 164.310 Physical safeguards 164.312 Technical

More information

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates HIPAA Myths WEDI Member Town Hall Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review Privacy and Security Meaningful Use Requirement HIPAA Readiness Review REACH - Achieving - Achieving meaningful meaningful use of your use EHR of your EHR Patti Kritzberger, RHIT, CHPS ND e-health Summit

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA Secure Now! HIPAA Security and Omnibus Rules Overview

HIPAA Secure Now! HIPAA Security and Omnibus Rules Overview HIPAA Secure Now! HIPAA Security and Omnibus Rules Overview HIPAA Risk Assessment The HIPAA Security Rule requires that a Risk Assessment be completed. The purpose of a Risk Assessment is to: identify

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act

More information

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA

INFORMATION SECURITY & HIPAA COMPLIANCE MPCA INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

SECURITY REQUIREMENTS UNDER HIPAA AND STATE LAWS

SECURITY REQUIREMENTS UNDER HIPAA AND STATE LAWS SECURITY REQUIREMENTS UNDER HIPAA AND STATE LAWS Bart A. Lazar, Seyfarth Shaw, LLP The HIPAA Security Rule Standards and Implementation Specifications establish security guidelines for treating Protected

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA/HITECH: A Guide for IT Service Providers

HIPAA/HITECH: A Guide for IT Service Providers HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing

More information

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013 HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com

More information

HIPAA Security Matrix

HIPAA Security Matrix HIPAA Matrix Hardware : 164.308(a)(1) Management Process =Required, =Addressable Risk Analysis The Covered Entity (CE) can store its Risk Analysis document encrypted and offsite using EVault managed software

More information

Bridging the HIPAA/HITECH Compliance Gap

Bridging the HIPAA/HITECH Compliance Gap CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According

More information

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

When HHS Calls, Will Your Plan Be HIPAA Compliant?

When HHS Calls, Will Your Plan Be HIPAA Compliant? When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this

More information

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Huseman Health Law Group 3733 University Blvd. West, Suite 305-A Jacksonville, Florida 32217 Telephone (904) 448-5552 Facsimile (904) 448-5653

Huseman Health Law Group 3733 University Blvd. West, Suite 305-A Jacksonville, Florida 32217 Telephone (904) 448-5552 Facsimile (904) 448-5653 Huseman Health Law Group 3733 University Blvd. West, Suite 305-A Jacksonville, Florida 32217 Telephone (904) 448-5552 Facsimile (904) 448-5653 rusty@husemanhealthlaw.com use e Health care law firm fighting

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

The HIPAA Audit Program

The HIPAA Audit Program The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich HIPAA Audit Processes Erik Hafkey Rainer Waedlich 1 Policies for all HIPAA relevant Requirements and Regulations Checklist for an internal Audit Process Documentation of the compliance as Preparation for

More information

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.

More information

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH HIPAA Security Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH What is this? Federal Regulations August 21, 1996 HIPAA Became Law October 16, 2003 Transaction Codes and Identifiers

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

Meaningful Use and Core Requirement 15

Meaningful Use and Core Requirement 15 Meaningful Use and Core Requirement 15 How can I comply the lack of time and staff... www.compliancygroup.com 1 Meaningful Use and Core Requirement 15 Meaningful Use Protection of Protected Health Information

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

COMMON HIPAA QUESTIONS

COMMON HIPAA QUESTIONS COMMON HIPAA QUESTIONS 1 As a DevOps platform, we talk to a lot of software engineering teams. Explosive growth in digital health over the last few years means there are many developers and managers who

More information

Vermont Information Technology Leaders

Vermont Information Technology Leaders Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 1 Policy Title: Information Privacy and Security Management Process IDENT INFOSEC1 Type of Document:

More information

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.

HIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C. HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?

More information

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA

More information

Security Compliance, Vendor Questions, a Word on Encryption

Security Compliance, Vendor Questions, a Word on Encryption Security Compliance, Vendor Questions, a Word on Encryption Alexis Parsons, RHIT, CPC, MA Director, Health Information Services Security/Privacy Officer Shasta Community Health Center aparsons@shastahealth.org

More information

HIPAA Security Checklist

HIPAA Security Checklist HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300

More information

ITS HIPAA Security Compliance Recommendations

ITS HIPAA Security Compliance Recommendations ITS HIPAA Security Compliance Recommendations October 24, 2005 Updated May 31, 2010 http://its.uncg.edu/hipaa/security/ Table of Contents Introduction...1 Purpose of this Document...1 Important Terms...1

More information

Anatomy of an OCR Breach Investigation

Anatomy of an OCR Breach Investigation Anatomy of an OCR Breach Investigation HCCA 18 th Annual Compliance Institute San Diego, CA April 1, 2014 Objectives Learn key steps involved in responding to an incident Understand timeframes and review

More information

Security Assessment Template

Security Assessment Template Security Assessment Template Step 1: Define the organization s current state Step 2: Assess the degree to which the organization s systems currently comply compare standards to current systems/practices

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act HIPAA Data Security Continuous Audit Project, Report I From the Office of the Internal Auditor AUD.FY16-05 Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability

More information

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook Introduction Per UCSC's HIPAA Security Rule Compliance Policy 1, all UCSC entities subject to the HIPAA Security Rule ( HIPAA entities ) must implement the UCSC Practices for HIPAA Security Rule Compliance

More information

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant

Developing HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

HIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics

HIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

District of Columbia Health Information Exchange Policy and Procedure Manual

District of Columbia Health Information Exchange Policy and Procedure Manual District of Columbia Health Information Exchange Policy and Procedure Manual HIPAA Privacy & Direct Privacy Policies (Version 1 November 27, 2012) Table of Contents Policy # Policy/Procedure Description

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

OCR Reports on the Enforcement

OCR Reports on the Enforcement OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information