HIPAA and HITECH Regulations

Save this PDF as:
Size: px
Start display at page:

Download "HIPAA and HITECH Regulations"

Transcription

1 HIPAA and HITECH Regulations Implications for Healthcare Organizations and their Business Associates A Primer on Achieving Compliance by KOM Networks 1

2 Contents Table of Contents Preface... 3 Target audience... 3 Legal disclaimer... 3 Executive Overview... 4 Overview of HIPAA Security Rule 45 CFR Part 160 and Subparts A and C of Part Overview of HIPAA Privacy Rule 45 CFR Part 160 and Subparts A and E of Part HITECH Act Overview... 5 HIPAA & HITECH Compliance Requirements that Pertain to Security and Privacy of PHI in Electronic Storage Systems CFR Part 160 General Administrative Requirements Compliance reviews Responsibilities of covered entities and business associates Discovery CFR Parts 164 Security and Privacy Security standards: General rules How KOMpliance Addresses these Requirements Administrative safeguards How KOMpliance Addresses these Requirements Physical safeguards How KOMpliance Addresses these Requirements Technical safeguards How KOMpliance Addresses these Requirements HITECH Act Compliance Requirements Standards for health information technology to protect electronic health information created, maintained, and exchanged How KOMpliance Addresses these Requirements Conclusion How KOMpliance Can Help

3 Preface Target audience The target audience are healthcare professionals and their business associates, health information security specialists, compliance officers and CIO s in the healthcare industry and health related organizations who are regulated by the Health Insurance Portability and Accountability Act (HIPAA) and the Healthcare Information Technology for Economic and Clinical Health Act (HITECH) to employ procedures and controls that ensure the confidentiality, integrity, authentication, non-repudiation, auditability and availability of electronic health information. This document can also be used as a reference for professionals in health information management, as well as all individuals working in medical practices and healthcare organizations. Legal disclaimer This document is meant to be used as a reference document only. The reader is responsible for ensuring his or her own compliance with legal requirements. It is the reader's sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the reader's business and any actions the reader may need to take to comply with such laws. KOM Networks does not provide legal advice or represent or warrant that its products or services will ensure that the reader is in compliance with any law. 3

4 Executive Overview On August 21, 1996, the Health Insurance Portability and Accountability Act (HIPAA) was passed. Section 1173(d) of the Act provides that covered entities that maintain or transmit health information are required to maintain reasonable and appropriate administrative, physical, and technical safeguards to ensure the integrity and confidentiality of Protected Health Information (PHI) and to protect against any reasonably anticipated threats or hazards to the security or integrity of PHI and its unauthorized use or disclosure. These safeguards must ensure compliance with the statute by the officers and employees of the covered entities. The law applies to healthcare providers, health insurance businesses (insurers & other payors), healthcare clearinghouses (organizations such as billing services that process health information), the business associate of healthcare practitioners, and employers who provide healthcare benefits. HIPAA authorizes both civil and criminal penalties, including significant fines and imprisonment for non-compliance. As of April 14, 2003 these non-compliance penalties came into effect. The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA), was signed into law on February 17, 2009, to promote the adoption of Electronic Health Records and meaningful use of Health Information Technology to improve patient outcomes. Subtitle D of the HITECH Act addresses the privacy and security associated with the electronic handling of health information through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules. This Primer lists selected HIPAA and HITECH requirements specific to the storage, retention and protection of electronic health data and provides a brief write up on KOM Networks secure storage solution. Each requirement is followed by a brief explanation of how the capabilities and features of KOMpliance Secure Storage inclusive of KOMworx enterprise data management software assist the storage administrator, IT staff and compliance officer to meet or exceed these regulations. Overview of HIPAA Security Rule 45 CFR Part 160 and Subparts A and C of Part 164 The HIPAA Security Rule establishes national standards to protect individuals electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Each covered entity must assess potential risks and vulnerabilities to the individual health data in its possession and develop, implement, and maintain appropriate security measures. These measures must be documented and kept current, and must include, at a minimum, the following requirements and implementation features: Administrative procedures to guard data integrity, confidentiality, and availability (documented, formal practices to manage the selection and execution of security measures to protect data, and to manage the conduct of personnel in relation to the protection of data). These procedures include the following requirements: Data backup plan (a documented and routinely updated plan to create and maintain, for a specific period of time, retrievable exact copies of information). A disaster recovery plan (the part of an overall contingency plan that contains a process enabling an enterprise to restore any loss of data in the event of fire, vandalism, natural disaster, or system failure). 4

5 Formal mechanism for processing records (documented policies and procedures for the routine, and nonroutine, receipt, manipulation, storage, dissemination, transmission, and/or disposal of health information). While implementation specifications may be addressable or required, HHS has made it clear that it does not regard the addressable implementation specifications as optional. A covered entity must assess whether each implementation specification is an appropriate safeguard in its environment for protecting its electronic PHI. If implementing an addressable specification is found not to be reasonable and appropriate, the covered entity must document why and implement an equivalent alternative measure. Overview of HIPAA Privacy Rule 45 CFR Part 160 and Subparts A and E of Part 164 The Privacy Rule standards address the use and disclosure of individuals health information, PHI, by covered entities. The goal of the Privacy Rule is to assure that individuals health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing. The health care marketplace is diverse so the Rule is designed to be flexible and comprehensive to cover the variety of uses and disclosures that need to be addressed. HITECH Act Overview The HITECH Act seeks to improve American health care delivery and patient care through a significant investment in Health IT. The HITECH Act as part of the American Recovery and Reinvestment Act of 2009 (ARRA), contains financial incentives for the creation of a national health care infrastructure designed to accelerate the adoption of electronic health record (EHR) systems among providers. The HITECH Act also widens the scope of privacy and security protections available under HIPAA and it increases the potential legal liability (with a maximum penalty of $1.5 million) for non-compliance while calling for rigorous enforcement. Furthermore HIPAA s civil and criminal penalties now extend to business associates and finally, HHS is now required to conduct periodic audits of covered entities and business associates. The HITECH Act imposes the following requirements: Application of HIPAA security and privacy provisions and penalties to business associates of covered entities. Notification of Breach of Unsecured PHI (Unsecured PHI essentially means Unencrypted PHI ) the Act requires notification to patients, HHS, if the breach impacts 500+ patients, and in some instances the local media. Electronic Health Record Access the Act requires an Accounting of Disclosures over a 3 yr period to be available to patients who request it. Improved enforcement of penalties for non-compliance. 5

6 HIPAA & HITECH Compliance Requirements that Pertain to Security and Privacy of PHI in Electronic Storage Systems 45 CFR Part 160 General Administrative Requirements Compliance reviews (a) The Secretary will conduct a compliance review to determine whether a covered entity or business associate is complying with the applicable administrative simplification provisions when a preliminary review of the facts indicates a possible violation due to willful neglect. (b) The Secretary may conduct a compliance review to determine whether a covered entity or business associate is complying with the applicable administrative simplification provisions in any other circumstance Responsibilities of covered entities and business associates (a) Provide records and compliance reports. A covered entity or business associate must keep such records and submit such compliance reports, in such time and manner and containing such information, as the Secretary may determine to be necessary to enable the Secretary to ascertain whether the covered entity or business associate has complied or is complying with the applicable administrative simplification provisions Discovery (a) A party may make a request to another party for production of documents for inspection and copying that are relevant and material to the issues before the Administrative Law Judge. (b) For the purpose of this section, the term documents includes information, reports, answers, records, accounts, papers and other data and documentary evidence. Nothing contained in this section may be interpreted to require the creation of a document, except that requested data stored in an electronic data storage system must be produced in a form accessible to the requesting party. (e)(1) When a request for production of documents has been received, within 30 days the party receiving that request must either fully respond to the request, or state that the request is being objected to and the reasons for that objection. How KOMpliance Addresses these Requirements All files (whether they are data, image, audit logs, compliance reports, etc.) stored in a KOMworx secure storage volume are readily available on the network and fully accessible by authorized users and applications. Legal Holds can be set to enforce retention to comply with court and legal audits and proceedings. Legal Hold does not change the retention expiry date just merely insures that the expired files cannot be destroyed in accordance with legal and litigation requirements. At any time, KOMpliance supports the ability of authorized administrators to print or copy files to media of choice for compliance reviews or discovery purposes. 6

7 45 CFR Parts 164 Security and Privacy Subpart C Security Standards for the Protection of Electronic Protected Health Information Security standards: General rules. (a)general requirements. Covered entities and business associates must do the following: (a)(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits. (a)(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. (a)(3) Protect against any reasonably anticipated uses or disclosures of such information (a)(4) Ensure compliance with this subpart by its workforce. How KOMpliance Addresses these Requirements KOMpliance security settings identify users and ensure that only those with appropriate privileges are allowed access to data in a KOMworx secure storage volume. KOMpliance Privacy Shield security enforces the strictest controls preventing anyone (user, application, virus or intruder) from walking through the secure volume contents. Each KOMpliance volume is encrypted for data privacy, meeting all data-at-rest security requirements and protecting data from unauthorized access. KOMpliance s patented eworm technology ensures that archived files remain quickly accessible to authorized users or applications but cannot be modified, altered or deleted by internal or external threats, either intentional or accidental. 7

8 Administrative safeguards. (a) A covered entity or business associate must, in accordance with : (a)(1)(i) Standard: Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations. (a)(1)(ii)(b) Risk management (Required). Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with (a). (a)(1)(ii)(d) Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. (a)(3)(i) Standard: Workforce security. Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information. (a)(4)(i) Standard: Information access management. Implement policies and procedures for authorizing access to electronic protected health information (a)(4)(ii)(b) Access authorization (Addressable). Implement policies and procedures for granting access to electronic protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism. (a)(5)(ii)(b) Protection from malicious software (Addressable). Procedures for guarding against, detecting, and reporting malicious software. (a)(7)(i) Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. (a)(7)(ii)(a) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (a)(7)(ii)(b) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data. (a)(7)(ii)(c) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. How KOMpliance Addresses these Requirements KOMworx File Lifecycle policies automatically enforce protection and retention policies according to your Security and Risk Management processes to manage, control and preserve files from creation until destruction. Our policy engine provides a flexible and responsive method of defining and maintaining file retention and protection policies that can adapt on-the-fly to changes in requirements without requiring any application modifications or database re-indexing. The appropriate file protection policies are assigned instantaneously, on a file-by-file basis, independent of the physical storage location, and enforced from the moment the files are created, until they are 8

9 eligible to be destroyed. This unique capability transparently secures the files immediately and eliminates the window where a file may reside in an unsecured state pending the actual archival process. KOMpliance enforces all Active Directory Services, all group policies and ACLs. Defined security policies are applied to all relevant files and folders in the KOMworx secure storage volume, enforcing access rules, and limiting file and folder access to only authorized users and applications. AES-256 encryption is applied to every file to keep its contents private and prevent tampering with the time stamp. KOMpliance has the ability to block visibility and securely prohibit access to files, making them private and accessible only to applications that know the actual full file name and path. KOMpliance automatically enforces no-bypass protections, such as Read-Only, on an individual file basis to ensure that files and directories cannot be modified, altered, or overridden in any way, not even by a file's creator/owner or privileged user. KOMpliance validates the operations to determine whether it would be allowed or disallowed. This unique method of enforcement immunizes the data against any and all viruses that could normally affect the integrity of the data. If a virus was able to get past the anti-virus software it will be inhibited from execution. On the other hand, if the virus was stored outside the virtual volume it will not be able to affect any of the protected and retained data. KOMpliance complements the perimeter protection provided by anti-virus packages by independently enforcing the protection policies against viruses and processes that corrupt, overwrite, or manipulate existing files and their contents. Nothing else comes close to protecting existing data against brand new viruses. KOMpliance supports file replication to all industry leading storage, backup and archiving technologies (HD, CD, DVD, MO, UDO, tape, etc.) to address data back up plans. KOMpliance can provide a complete duplicated remote system by provisioning the storage mirror at a remote site to a second KOMpliance storage server as part of a comprehensive disaster recovery plan and emergency mode operation plan in compliance with HIPAA requirements. 9

10 Physical safeguards. (a)(1) Standard: Facility access controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed. (d)(2)(i) Disposal (Required). Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored. (d)(2)(ii) Media re-use (Required). Implement procedures for removal of electronic protected health information from electronic media before the media are made available for re-use. (d)(2)(iv) Data backup and storage (Addressable). Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment. How KOMpliance Addresses these Requirements Because data on the KOMpliance secure storage volume is encrypted, access to that data is prohibited even if the physical drive is accessed. Write once (WORM) file protections also protect the data from being deleted before the assigned retention is up and finally, data redundancy on the RAID arrays further protects against the loss of data if a hard drive fails. When policy-based file retention has been reached, a KOMpliance protected file is eligible for extension of retention or secure destruction. If destruction is decided, KOMpliance can enforce NIST compliant erasure of sensitive data by overwriting each bit seven times with 1's & 0's so that there can be no disk discovery possible. An online retrievable exact copy of ephi can easily be created with built in file replication to any compliant storage technology available. KOMpliance can also provide a complete duplicated remote system by provisioning the storage mirror at a remote site to a second KOMpliance storage server. 10

11 Technical safeguards. (a)(1) Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in (a)(4). (a)(2) (iv) Encryption and decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information. (b) Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. (c)(1) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. (c)(2) Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner. How KOMpliance Addresses these Requirements Security and access policies are applied to all relevant files and folders in the KOMworx secure storage volume limiting file and folder access to only authorized users and applications. KOMpliance also has the ability to block visibility and securely prohibit access to files, making them private and accessible only to applications that know the actual full file name and path. KOMpliance integrates readily with Active Directory enforcing all Active Directory Services, all group policies and ACLs. AES-256 encryption is applied to every file to keep its contents private and preventing tampering with the time stamp. KOMpliance tracks the changes made when a file is accessed. Who created the file, when it was created, who accessed it. Changes are date and time stamped. A log is created and maintained and provides a history of changes for quick audit. Audit reports can be submitted in paper or electronic form for system review and HIPAA audits. Appropriate file protection policies are enforced instantaneously, on a file-by-file basis from the moment the files are created, until they are eligible to be destroyed. Transparently securing the files immediately eliminates any window in which a file could reside in an unsecured state pending the actual archival process. No-bypass protections, such as eworm and Read-Only, ensure that protected files and directories cannot be modified, altered, deleted, or overridden in any way, even by a file's creator/owner or privileged user. Individual archive volumes can be uniquely authenticated using SHA-256 digital signatures to ensure the highest level of data integrity and authenticity. Writes are verified by hardware to ensure that the committed buffers are identical. The final phase of the commit process validates and compares the entire contents of the archive storage volume with the original contents. KOMworx creates a digital signature that is used to validate and compare the archive volume contents with the original image. KOMworx provides a WORM digital signature validation capability. This provides a complete validation of the accuracy of the recording process and guarantees the integrity of the contents. Built-in secure-time facility enforces retention without any deviation in time periods. 11

12 HITECH Act Compliance Requirements Standards for health information technology to protect electronic health information created, maintained, and exchanged. (a) Encryption and decryption of electronic health information. (1) General. A symmetric 128 bit fixed-block cipher algorithm capable of using a 128, 192, or 256 bit encryption key must be used. (b) Record actions related to electronic health information. The date, time, patient identification, and user identification must be recorded when electronic health information is created, modified, deleted, or printed; and an indication of which action(s) occurred must also be recorded. (c) Verification that electronic health information has not been altered in transit. Standard. A secure hashing algorithm must be used to verify that electronic health information has not been altered in transit. The secure hash algorithm (SHA) used must be SHA-1 or higher. How KOMpliance Addresses these Requirements KOMpliance volume data security incorporates Advanced Encryption Standards using key sizes of 256 bits (AES- 256 encryption) to enforce privacy and prevent date tampering as required by HITECH. KOMpliance tracks the changes made when a file is accessed. Who created the file, when it was created, who accessed it. Changes are date and time stamped. A log is created and maintained and provides a history of changes for quick audit. A Secure Hashing Algorithm (SHA-256) digital signature is used for data authentication. 12

13 Conclusion Healthcare organizations are finding it challenging to manage the surge of new patient data resulting from the combination of meaningful use initiatives and implementation of electronic health record (EHR) technology, HIPAA and HITECH requirements for retention, protection and preservation of PHI, and the additional storage needs for higher resolution digital images from disparate image silos. HIPAA and HITECH require that healthcare covered entities and their business associates implement measures to ensure the integrity and security of private health information with a wide range of mandated retention policies based on the type of information and its use. The bottom line is that PHI must be securely locked down in such a way that only authorized systems and users are provided access, and information must be protected from modification, theft, loss or deletion throughout the data retention period or a covered entity can face hefty fines along with embarrassment and loss of reputation. How KOMpliance Can Help KOMpliance is Secure Storage that TRULY adapts to your needs. The flexibility you get with KOMpliance is unmatched with any other storage vendor. KOMpliance can easily be deployed as a Network Attached Secure Storage Server with SAS/SATA RAID storage arrays, a Secure SAN Gateway in front of ANY iscsi or FC SAN backend to leverage existing storage investments, or as a Virtual Secure Storage Subscription, an ideal solution for regulatory compliance, data retention, and security in virtualized environments where you can simply create a secure vault by installing the KOMpliance software on a Windows 2008 R2 Virtual Server. KOMpliance offers a cost effective way to upgrade levels of security, protection, retention, and regulatory compliance utilizing what you already have and what you already know. A highly scalable, secure, and cost-efficient storage platform for healthcare IT and EHR applications enabling covered entities and their business associates to: Protect existing IT investments Reduce storage costs Mitigate risk and liability Improve information access Easily protect ephi to fully meet HIPAA & HITECH compliance KOMpliance takes the complexity out of HIPAA and HITECH regulations with a simple, affordable, vendor-neutral WORM storage solution. With KOMpliance you can automate long-term retention, access, and security across a variety of content types; leverage your existing applications and storage infrastructure; and enable absolute protection of data on the most appropriate tier of storage. The result is a tamperproof data storage repository that minimizes the financial impact of data growth and compliance. For further information on compliance solutions for healthcare and life sciences, contact +1 (613) , or visit 13

14 KOM Networks is a world leading provider of flexible, secure, tamper-proof data archiving and storage management software and solutions. Over 10,000 of the world's leading corporations have recognized KOM Networks as the most logical, unobtrusive and secure way to store, access and protect their data. KOM is enabling enterprises large and small a cost effective way to improve productivity and meet compliance requirements without altering their network infrastructure or daily business routines. The industry pioneer holds vital industry patents for electronic file lifecycle management, virtual file management and eworm fixed content hard disk archiving. Find out how KOM Networks can help you implement a comprehensive information lifecycle solution to optimize your existing storage environment and meet your compliance requirements. Contact us at , or visit our website for more information, CANADA: KOM Networks Inc., 150 Katimavik Rd, Suite 1000 Ottawa, ON K2L 2N2. Tel: USA: 20 Trafalgar Square, Suite 450, Nashua, NH Tel: Copyright 2013 KOM NETWORKS. All Rights Reserved. U.S. PATENTS No. 6,349,294; 6,336,175; 6,438,642; 6,370,545; 6,546,384; 7,076,624; 6,654,864; 7,392,234; 7,536,524; 8,234,447. CDN PATENTS No. 2,270,651; 2,270,698; 2,308,681; 2,279,759; 2,393,787; other patents pending in the United States, Canada and/or other countries. KOM Networks, KOMpliance, OptiServer, OptiStorm, KOMworx, Shieldworx, OptiFile are registered trademarks of KOM Networks in the U.S.A., Canada and elsewhere. All other brands and product names are registered trademarks or trademarks of their respective owners. Technical information in this document is subject to change without notice. 14

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich HIPAA Audit Processes Erik Hafkey Rainer Waedlich 1 Policies for all HIPAA relevant Requirements and Regulations Checklist for an internal Audit Process Documentation of the compliance as Preparation for

More information

HIPAA Security Checklist

HIPAA Security Checklist HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

HIPAA Security Series

HIPAA Security Series 7 Security Standards: Implementation for the Small Provider What is the Security Series? The security series of papers provides guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery

More information

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006 HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

ITS HIPAA Security Compliance Recommendations

ITS HIPAA Security Compliance Recommendations ITS HIPAA Security Compliance Recommendations October 24, 2005 Updated May 31, 2010 http://its.uncg.edu/hipaa/security/ Table of Contents Introduction...1 Purpose of this Document...1 Important Terms...1

More information

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and

More information

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview IBM Internet Security Systems The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview Health Insurance Portability and Accountability Act

More information

Krengel Technology HIPAA Policies and Documentation

Krengel Technology HIPAA Policies and Documentation Krengel Technology HIPAA Policies and Documentation Purpose and Scope What is Protected Health Information (PHI) and What is Not What is PHI? What is not PHI? The List of 18 Protected Health Information

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

HIPAA Security Matrix

HIPAA Security Matrix HIPAA Matrix Hardware : 164.308(a)(1) Management Process =Required, =Addressable Risk Analysis The Covered Entity (CE) can store its Risk Analysis document encrypted and offsite using EVault managed software

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance

More information

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook Introduction Per UCSC's HIPAA Security Rule Compliance Policy 1, all UCSC entities subject to the HIPAA Security Rule ( HIPAA entities ) must implement the UCSC Practices for HIPAA Security Rule Compliance

More information

Healthcare Management Service Organization Accreditation Program (MSOAP)

Healthcare Management Service Organization Accreditation Program (MSOAP) ELECTRONIC HEALTHCARE NETWORK ACCREDITATION COMMISSION (EHNAC) Healthcare Management Service Organization Accreditation Program (MSOAP) For The HEALTHCARE INDUSTRY Version 1.0 Released: January 2011 Lee

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

State HIPAA Security Policy State of Connecticut

State HIPAA Security Policy State of Connecticut Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

HIPAA: In Plain English

HIPAA: In Plain English HIPAA: In Plain English Material derived from a presentation by Kris K. Hughes, Esq. Posted with permission from the author. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub.

More information

C.T. Hellmuth & Associates, Inc.

C.T. Hellmuth & Associates, Inc. Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2

More information

HIPAA/HITECH: A Guide for IT Service Providers

HIPAA/HITECH: A Guide for IT Service Providers HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing

More information

Policies and Compliance Guide

Policies and Compliance Guide Brooklyn Community Services Policies and Compliance Guide relating to the HIPAA Security Rule June 2013 Table of Contents INTRODUCTION... 3 GUIDE TO BCS COMPLIANCE WITH THE HIPAA SECURITY REGULATION...

More information

An Effective MSP Approach Towards HIPAA Compliance

An Effective MSP Approach Towards HIPAA Compliance MAX Insight Whitepaper An Effective MSP Approach Towards HIPAA Compliance An independent review of HIPAA requirements, detailed recommendations and vital resources to aid in achieving compliance. Table

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

The HIPAA Security Rule Primer Compliance Date: April 20, 2005

The HIPAA Security Rule Primer Compliance Date: April 20, 2005 AMERICAN PSYCHOLOGICAL ASSOCIATION PRACTICE ORGANIZATION Practice Working for You The HIPAA Security Rule Primer Compliance Date: April 20, 2005 Printer-friendly PDF 1 Contents Click on any title below

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

HIPAA Security and HITECH Compliance Checklist

HIPAA Security and HITECH Compliance Checklist HIPAA Security and HITECH Compliance Checklist A Compliance Self-Assessment Tool HIPAA SECURITY AND HITECH CHECKLIST The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires physicians

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

Complying with 45 CFR 164 HIPAA Security Standards; Final Rule

Complying with 45 CFR 164 HIPAA Security Standards; Final Rule Complying with 45 CFR 164 HIPAA Security Standards; Final Rule Implement best practices by using FileMaker Pro 7 as the backbone of your HIPAA compliant system. By Todd Duell This final rule adopts standards

More information

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

HIPAA Security Rule Compliance and Health Care Information Protection

HIPAA Security Rule Compliance and Health Care Information Protection HIPAA Security Rule Compliance and Health Care Information Protection How SEA s Solution Suite Ensures HIPAA Security Rule Compliance Legal Notice: This document reflects the understanding of Software

More information

Preparing for the HIPAA Security Rule

Preparing for the HIPAA Security Rule A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

ITUS Med Solutions. HITECH & HIPAA Compliance Guide

ITUS Med Solutions. HITECH & HIPAA Compliance Guide Solutions HITECH & HIPAA Compliance Guide 75 East 400 South Suite 301 - Salt Lake City - UT - 84111 (801) 505-9570 www.itus-med.com Email: info@itus-med.com HITECH & HIPAA Compliance HITECH and HIPAA

More information

HIPAA Compliance Review Analysis and Summary of Results

HIPAA Compliance Review Analysis and Summary of Results HIPAA Compliance Review Analysis and Summary of Results Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) Reviews 2008 Table of Contents Introduction 1 Risk

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

Accelerating HIPAA Compliance with EMC Healthcare Solutions

Accelerating HIPAA Compliance with EMC Healthcare Solutions Accelerating HIPAA Compliance with EMC Healthcare Solutions A HealthCIO White Paper Sponsored by the EMC Corporation by Jonathan Bogen 2003 E-mail: Info@HealthCIO.com www.healthcio.com Accelerating HIPAA

More information

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health

More information

The benefits you need... from the name you know and trust

The benefits you need... from the name you know and trust The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices

More information

Healthcare Insurance Portability & Accountability Act (HIPAA)

Healthcare Insurance Portability & Accountability Act (HIPAA) O C T O B E R 2 0 1 3 Healthcare Insurance Portability & Accountability Act (HIPAA) Secure Messaging White Paper This white paper briefly details how HIPAA affects email security for healthcare organizations,

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security. Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security. Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Proc - A edures, dministrativ and e Documentation Safeguards

More information

White Paper. HIPAA-Regulated Enterprises. Paper Title Here

White Paper. HIPAA-Regulated Enterprises. Paper Title Here White Paper White Endpoint Paper Backup Title Compliance Here Additional Considerations Title for Line HIPAA-Regulated Enterprises A guide for White IT professionals Paper Title Here in healthcare, pharma,

More information

Bridging the HIPAA/HITECH Compliance Gap

Bridging the HIPAA/HITECH Compliance Gap CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According

More information

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA/HITECH Compliance Using VMware vcloud Air Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

AOA HIPAA SECURITY REGULATION COMPLIANCE MANUAL

AOA HIPAA SECURITY REGULATION COMPLIANCE MANUAL AOA HIPAA SECURITY REGULATION COMPLIANCE MANUAL August, 2013 HIPAA SECURITY REGULATION COMPLIANCE DOCUMENTS For (Practice name) (Street Address) (City, State, ZIP) Adopted (Date) 2 INTRODUCTION The federal

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 City of Pittsburgh Operating Policies Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 PURPOSE: To establish internal policies and procedures to ensure compliance

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today! www.lutrum.

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today! www.lutrum. For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today! www.lutrum.com 844-644-4600 This publication describes the implications of HIPAA (the Health

More information

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement

More information

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.

More information

Security Framework Information Security Management System

Security Framework Information Security Management System NJ Department of Human Services Security Framework - Information Security Management System Building Technology Solutions that Support the Care, Protection and Empowerment of our Clients JAMES M. DAVY

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information

Preparing for the HIPAA Security Rule Again; now, with Teeth from the HITECH Act!

Preparing for the HIPAA Security Rule Again; now, with Teeth from the HITECH Act! A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Again; now, with Teeth from the HITECH Act! Introduction Several years ago we first published A White Paper for Health

More information

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH HIPAA Security Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH What is this? Federal Regulations August 21, 1996 HIPAA Became Law October 16, 2003 Transaction Codes and Identifiers

More information

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information