Secure & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion

Size: px
Start display at page:

Download "Secure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion"

Transcription

1 In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate and file transfer policies. This report takes a closer look at those respondents identifying themselves as healthcare entities, and how they compare to other industries. 323 respondents fell into the healthcare category. With the exception of functional responsibility, demographically their makeup was very similar to other industries. Respondents held positions at all levels within their organizations, including staff, managers, directors and executives. Respondents are distributed fairly evenly across different sized organizations, with 33.4% from organizations with less than 100 employees, and 37.5% from larger organizations (1,000 employees and more). There is also a range in the size of respondents IT organizations, with 57.3% having 20 or fewer employees in the IT department and 42.7% with IT departments of more than 20. When it came to functional responsibility, there was more representation from departments other than IT, especially from administrative and clinical healthcare positions. 38.7% of healthcare respondents had IT responsibilities versus 62.5% for other industries. Policies Exist Yet Enforcement Still Lacking Regardless of industry the vast majority of organizations surveyed have security and compliance policies in place for transferring sensitive information like files, s and form data. Nearly 90% of all respondents said their company has these kinds of policies in place, an increase of almost 10 percent over the 2013 results (80.9%). However, the increase is largely accounted for by healthcare entities with more than 97% having policies in place, compared to 90.4% in Only 82.3% of non-healthcare organizations reported having these kinds of policies. Given HIPAA s requirements, and the ONC s push towards more audits, it is not suprising to see more policies enacted in healthcare organizations. When it comes to enforcement, however, many organizations are struggling. 36% of healthcare respondents said that within their entity, security and compliance policies are at most only moderately enforced. This is better than other industries, which reported in at 50% saying policies are either rarely or moderately enforced, though all are still challenged with enforcement. Also, regardless of industry, the vast majority reported policies being violated. Nearly 73% of healthcare respondents said employees/co-workers either occasionally or routinely violate these policies compared to 81% for other industries. A key step to making policies work in any organization, healthcare or otherwise, is making sure employees are aware of, and understand the policies in place. When respondents were asked if they thought employees fully understood these types of policies, over a third of healthcare respondents said no. Other industries reported similarly with 38.1% saying their company s compliance and security policies are not understood. When asked about the most common reasons policies are violated, over half (52.7%) of healthcare respondents said this was because the employee was not even aware of the policy or that it had been violated. Another 29.1% said the awareness was there but employees did not understand the policies.

2 And most concerning, 18.2% said policies were intentionally violated in order to get their job done. Other industries had somewhat fewer responses saying awareness alone is the reason (46.5%), and slightly more responses saying policies are violated to get work done (24%) but both followed the same pattern. This points to a need for organizations in all industries to increase awareness of policy existence, and to do a better job of training employees about these policies what they are, why they are needed and the impacts of them not being followed. For healthcare organizations, a key part of passing an HHS/OCR HIPAA audit is demonstrating implementation of policies, including training and sanctions. Progress on Policy Adherence The good news is that many organizations, healthcare and otherwise, are taking steps to improve policy adherence things like ongoing or mandatory training, more frequent communications, and the use of technology to monitor and report on policy compliance. Only 7.4% of healthcare respondents said they were not doing anything additional to get improvements in policy compliance. More than half (64.2%) are conducting ongoing training, and 44.6% are using technology to increase policy adherence. Survey responses show that most healthcare respondents indicated a variety of acceptable methods and tools for sending files containing sensitive data. Unencrypted , encrypted , free file transfer services and FTP were all accepted methods for transferring files with sensitive information digitally, with encrypted far outweighing the others at 80%. Healthcare s usage of unencrypted for this purpose was less than other industries, at 10% and 18% respectively. Encryption Use Remains Steady Even with impending HIPAA audits by the OCR in 2015, and more high profile breaches in 2014, a significant percent of healthcare organizations are reporting they do not use encryption. Nearly a quarter, 24.4%, reported that they do not have the ability to encrypt . This compares to 32.5% for other industries. Similar to other industries, fewer small healthcare organizations reported using encryption (66.7% for <100 employees) than large (87.3% for employees). For those healthcare organizations that are using encryption, a majority are implementing it in ways that help improve ease of use crucial for getting user adoption. 55.9% of healthcare respondents do not require a user to log into a portal to send or receive encrypted , and nearly 90% have the capability to send and receive encrypted directly from their desktop client. Again, healthcare respondents did not materially differ from other industries in their responses.

3 Mobile Use Continues to Put Organizations at Risk Mobile devices have invaded the healthcare workplace. And they are often cited as a source of concern when it comes to security risk. This study, along with others, supports that concern. 80.8% of respondent s organizations reported having policies permitting the use of on a mobile device. And the devices are being used. A recent study by Spyglass Consulting Group 1 showed 96% of physicians using smartphones as a primary device to support clinical communications. Another study 2 shows 69% viewing patient information on a mobile device. Yet many respondents said they do not have encryption enabled in their mobile client. Of those with policies permitting use on a mobile, nearly a quarter (22.9%) do not use encryption of any kind on mobile or on a desktop. Healthcare respondents were similar to other industries, in that those providing encryption often don t have it enabled for employees in their mobile client. Of the 175+ healthcare respondents providing encryption and allowing mobile use, nearly a third (31.3%) do not have the ability to secure their from their mobile client. Again, like other industries, this risk especially applies to smaller organizations. When examined by size, 56.7% of small healthcare organizations (<100 employees) had not enabled encryption in employees mobile clients, versus 27.8% for large organizations (1,000+ employees). In all industries, is one of, if not the most, frequently used application on a mobile device. According to a recent Radicati study, by 2018, 80% of users are expected to access their accounts via a mobile device. 3 Healthcare is no exception to this. In a September 2014 study of physicians by Kantar Media 4, 64% of physicians were found to be using on a smartphone. The widespread use of mobile devices for , coupled with a widespread lack of encryption on these devices sets up a huge area of risk for these organizations. Confidence Is Stronger for Healthcare In 2013, we noted that HIPAA and associated regulations are having a visible impact on healthcare in regards to policies. That trend continues. While most healthcare respondents organizations do have policies in place, over a quarter of them are not confident their company s encryption policy provides adequate security against an related data breach. Yet healthcare respondents indicated more confidence in their security policies than other industries. 34.3% of other industries indicated their lack of confidence in the encryption policy. And, when asked if their organization would pass if selected for a compliance audit in 1 Point of Care Communications for Physicians 2014, Spyglass Consulting Group 2 Caradigm Infographic, 3 The Radicati Group Statistics Report, Kantar Media Sources & Interactions Study, September 2014 Medical Surgical Addition

4 the next 12 months, over 60% of other industries were at best only somewhat confident in their ability to pass. Only 52.6% of healthcare respondents said the same. Healthcare respondents were also more inclined to say they strive to achieve total compliance at 83.3% versus 71.2% for other industries. Only 15.6% of healthcare respondents said they take risks because they don t have the resources to be compliant, compared to 28.3% for other industries. This is not suprising given HIPAA/HITECH regulatory requirements for protecting senstive data. Direct Secure Messaging and Meaningful Use Like other industries, healthcare entities still have some work to do when it comes to securing data in transit but they face much higher demands for secure messaging. Unlike other industries, almost every message exchange and file transfer contains private health information in addition to personal identifiable information. Both must be secured under HIPAA and HITECH regulations. This means that virtually every workflow requiring message and file exchange must be secure (for example, electronic health record content). The survey response indicates progress is being made. For example, Direct Secure Messaging (Direct) is starting to take hold. Direct is a secure and interoperable -like protocol initiated by the U.S. Department of Health and Human Services specifically for healthcare providers. Its purpose as a part of the broader HITECH act is to reduce costs and improve care. Initially used for attesting to Meaningful Use Stage 2 (MU2) requirements, the HHS vision for Direct is to become the secure and interoperable messaging protocol for a national Health Information Network accessible by all healthcare providers. Unfortunately, 42% of healthcare respondents said they are not aware of the Direct protocol. Since usage of Direct is tied to meeting MU2 requirements for transmitting transitions of care documents, awareness is likely contained to those actively pursing MU2 attestation. This suggests a need to continue the awareness building programs for Direct to further its adoption and use beyond a MU2 checkbox. Progress has been made, but there is more work here to do. Of those aware of Direct, 57.7% were using it in their organization, again indicating progress driven by the MU program, and continued room for growth. Initial use of Direct is focused on improving continuity of care as patients transition between care settings for example from a hospital to long term care facility, skilled nursing or other post-acute care environment. Specifically, Direct is being used to send transition of care documents to affiliates (60.2%), to receive transition of care documents from acute care facilities (40.8%) and to send and receive secure messages and files to/from patients (28.2%).

5 Many Electronic Health Records systems (EHR) vendors have added HHS certified Direct service to their product portfolios specifically to enable their healthcare provider customers the ability to attest for MU, and earn related incentives. In addition, health information service providers (HISPs) have emerged as a source of Direct provisioning. HISPs are a new category of secure messaging service provider focused specifically on the delivery of accredited Direct service and addresses for the general healthcare industry. EHR vendors and HISPs were the most common providers of Direct addresses and service, at 53.7% and 20.4% respectively. Health Information Exchanges (HIEs) are another source providers are using to get Direct service. Business Associates an Area of Risk With the HIPAA omnibus final ruling having taken effect in September of 2013, many organizations not previously impacted by HIPAA/HITECH now fall under its long tail. In simple terms, the ruling says that any partner of a healthcare entity, and any partner of that partner, who handles the healthcare entity s protected health data (PHI) are considered a business associate of that entity and are responsible for protecting that data. 69.4% of respondents whose organizations have a business relationship with a healthcare entity, also handle that entity s protected health data. Yet 28.2% of these said they were either not a business associate, or were unsure if they were. Similarly, of those handling a healthcare entity s PHI, 40.5% had either not been asked to sign a business associate agreement, or were unsure if they had. Both of these numbers point to a lack of awareness of who is a business associate for a significant portion of organizations that actually are, putting both themselves and the healthcare entities they work with at risk for noncompliance. Conclusions Although a high percentage of all industries have policies for securing files and in transit, healthcare organizations continue to be ahead of other industries when it comes to having these policies, with close to 100% reporting having them. Yet for both healthcare and other industries, increasing employee awareness and understanding of the need to secure data in transit, and getting employees to comply, continues to be a struggle for many. Effective and file transfer security policy compliance demands ongoing communications and training. Vendors of these systems are also starting to step up and deliver tools that are not only easier to use, but assist in the ongoing training and awareness needed for these policies to succeed.

6 For both healthcare and other industries, mobile, in particular, continues to put organizations at risk when it comes to securing . While most organizations have accepted the fact that mobile devices are going to be used and are embracing them with policies regarding their use and healthcare is no exception - there is still a lack of encryption for on too many of these devices, creating a huge security risk. Organizations need to make sure these users are provided the tools they need to secure files and s being sent on a mobile device, such as encryption that works within their mobile client. While the HHS has stepped in to initiate a healthcare specific protocol for secure messaging (Direct), general awareness and adoption remains tied to the corresponding incentives from Meaningful Use programs. Meeting the HHS vision for an interoperable nationwide Health Information Network that leverages Direct has great potential to reduce costs and improve care, but will require greater education and continued adoption to reach critical mass amongst healthcare providers. Finally, for those in a healthcare ecosystem who handle a healthcare entity s protected health data even if they are a small partner and not healthcare themselves they now fall under the requirements of HIPAA/HITECH regulations and need to execute business associate agreements that define security measures for handling the data, and more importantly comply by their terms. Securing health information in transit is no longer a requirement just for primary entities covered by regulation, or large organizations. It impacts us all.

7 Appendix Survey questions and answer detail for health respondents compared to other industries 1. What is your primary job level? 2. What is your primary job function? 3. How many employees are in your organization?

8 4. What is the approximate size of your organization s IT (information technology) department (those reporting to the CIO)? 5. Are any of your organization s IT department resources outsourced? 6. Which of the following best describes your organization s primary business or industry?

9 7. Are you aware of Direct Secure Messaging protocol as an alternative to encryption? (for those that answered healthcare in question six) 8. Is your organization using Direct Secure Messaging? (for those that answered yes in question seven) 9. From where did you get your Direct address (for those that answered yes in question eight)

10 10. How is your organization using Direct Secure Messaging? (for those that answered yes in question eight) (multiple answers accepted) 11. Does your company have security and compliance policies for transferring sensitive information electronically? (such as files, s, form data) 12. How aggressively are these policies enforced? (for those that answered yes to question 11)

11 13. Do you think employees fully understand these policies? (for those that answered yes to question 11) 14. How often do you feel employees/co-workers violate these policies? (for those that answered yes to question 11) 15. In your opinion, what are the most common reasons employees/co-workers violate these policies? (for those that answered yes to question 11)

12 16. What steps is your organization taking to improve policy adherence to frequently violated policies? (multiple answers allowed) (for those that answered yes to question 11) 17. Does your organization have policies regarding the methods for accepting sensitive information from external sources? (for those that answered yes to question 11) 18. What methods are acceptable for receiving sensitive information from external sources? (multiple answers allowed) (for those that answered yes to question 11)

13 19. Has your organization experienced a breach of sensitive information due to accidental exposure? 20. What was/were the consequence(s)? (multiple answers accepted) (for those answering yes to question 19) 21. When an employee/co-worker has a file containing sensitive information to be transferred digitally, what are your organization s accepted methods for sending the file? (multiple answers accepted)

14 22. Does your organization permit the use of mobile devices for ? 23. Do your employees/co-workers have the capability to encrypt ? 24. Are users required to log into a separate portal to send or receive encrypted ? (for those that answered yes to question 23)

15 25. Do your employees/co-workers have the capability to send and receive encrypted directly from their desktop client? (for those that answered yes to question 23) 26. Do your employees/co-workers have the capability to send and receive encrypted directly from their mobile client? (for those that answered yes to question 23) 27. What type of encryption do your employees/co-workers use? (for those that answered yes to question 23)

16 28. Are you confident your company s current encryption policy provides adequate security against an related data breach? (for those answering yes to question 11) 29. How likely do you think it is that your company will be selected for a compliance audit in the next 12 months? 30. If your company was selected for such an audit, how confident are you that it would pass?

17 31. Which best describes your company s approach to compliance? 32. How much does your organization plan to spend in the next 12 months on encryption? 33. Does your organization have any business relationships with healthcare-covered entities such as a hospital or health system?

18 34. As a part of your business relationships with healthcare-covered entities, has your organization physically or electronically handled any of the healthcare entity s protected health information (PHI)? (for those that answered yes to question 33) 35. Is your organization considered a business associate as defined by HIPAA regulations? 36. Has your organization been asked to sign a Business Associate Agreement (BAA) resulting from HIPAA s redefinition of downstream business associates? ABOUT DATAMOTION Our mission is to dramatically reduce the cost and complexity of exchanging private health information in a secure and compliant way! Our easy-to-use encryption solutions for Direct Secure Messaging, secure , file transfer, forms processing and customer contact leverage the DataMotion Platform for unified data delivery. As a provider of secure messaging solutions such as encryption and Direct Secure Messaging we are constantly engaged by providers to help them stay in compliance with expanding regulations, including HIPAA and HITECH. We are an EHNAC accredited Health Information Service Provider (HISP), and actively promote the adoption of Direct Secure Messaging across the healthcare industry. DataMotion is privately held and based in Florham Park, N.J.

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Within the healthcare industry, the exchange of protected health information (PHI) is governed by regulations

More information

Results. Secure and File Transfer Corporate Practices

Results. Secure  and File Transfer Corporate Practices In August/September 2012, DataMotion conducted a survey of more than 200 IT and business professionals across the United States and Canada to gain insight into corporate email and file transfer (FTP) habits.

More information

A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK

A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK Chris Apgar Andy Nieto 2015 OVERVIEW How to get started assessing your risk What your options are how to protect PHI What s the

More information

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

The HIPAA Omnibus Final Rule

The HIPAA Omnibus Final Rule WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

HIPAA Security Risk Analysis for Meaningful Use

HIPAA Security Risk Analysis for Meaningful Use HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA

More information

HIPAA Audits Are Happening. eroi

HIPAA Audits Are Happening. eroi HIPAA Audits Are Happening. eroi Are You at Risk? efiling Advanced efile Form Completion Charting Host: Kathryn Ayers Wickenhauser Meaningful Use / HIPAA Compliance Consultant Kathryn.Wickenhauser@DatafileTechnologies.com

More information

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

January 30, 2015. Dear Dr. De Salvo:

January 30, 2015. Dear Dr. De Salvo: January 30, 2015 Karen DeSalvo, MD, MPH, MSc National Coordinator Office of National Coordinator for Health IT Department of Health and Human Services 200 Independence Ave, SW Washington, DC 20201 Dear

More information

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow.

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow. Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN Jonathan Krasner www.beinetworks.com www.hipaasecurenow.com Healthcare IT Landscape Meaningful Use Incentives Technology Advances

More information

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16 NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The

More information

Healthcare providers attitudes towards HIPAA compliance in 2015

Healthcare providers attitudes towards HIPAA compliance in 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry

More information

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

Meaningful Use Stage 2. Creating the Foundation for Population Health

Meaningful Use Stage 2. Creating the Foundation for Population Health Meaningful Use Stage 2 Creating the Foundation Creating the Foundation You ve downloaded this ebook just in time. Are you ready to begin building toward Meaningful Use (MU) Stage 2? Each MU requirement

More information

Direct Secure Messaging. Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion

Direct Secure Messaging. Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion Direct Secure Messaging Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion Agenda Email and Direct in healthcare, a little history So what is Direct, really Certificates

More information

The Must Have Tools To Address Your Compliance Challenge

The Must Have Tools To Address Your Compliance Challenge The Must Have Tools To Address Your Compliance Challenge Industry leading Education October 21 - Top 5 tools to help you achieve HIPAA compliance November 11 - Saving time and money through web-based benefits

More information

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations

More information

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals HIPAA for HIT and EHRs Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals Donald Bechtel, CHP Siemens Health Services Patient Privacy Officer Fair Information Practices

More information

Ensuring Privacy & Security of Patient Information

Ensuring Privacy & Security of Patient Information Ensuring Privacy & Security of Patient Information Danika Brinda, Assistant Professor and REACH P&S Subject Matter Expert Jane McGrath, Program Manager REACH/Stratis Health Session 12, Thursday, June 12,

More information

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA

More information

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,

More information

Best Practices for DLP Implementation in Healthcare Organizations

Best Practices for DLP Implementation in Healthcare Organizations Best Practices for DLP Implementation in Healthcare Organizations Healthcare organizations should follow 4 key stages when deploying data loss prevention solutions: 1) Understand Regulations and Technology

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply

HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply October 18, 2013 ACEDS Membership Benefits Training, Resources and Networking for the ediscovery Community Exclusive News and

More information

7th Annual Ambulatory PM & EHR Study. HIMSS Analytics

7th Annual Ambulatory PM & EHR Study. HIMSS Analytics 7th Annual Ambulatory PM & EHR Study HIMSS Analytics October 2015 1 Contents Executive Summary 3 Methodology 4 Findings EHR/EMR 5 Definition 5 Market Penetration/Growth 5 Timeframe of Purchase 8 Vendor

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

Empowering Nurses & Building Trust Through Health IT

Empowering Nurses & Building Trust Through Health IT Empowering Nurses & Building Trust Through Health IT Helen Caton-Peters, MSN, RN Health Information Privacy & Security Specialist Office of the National Coordinator for Health Information Technology 2

More information

Upcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies?

Upcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies? Upcoming : How Prepared and Confident are Medical Practices and Billing Companies? - Presented by NueMD a complete medical billing and practice management software solution company has partnered with Porter

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel

Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance

WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance SEC-STM-072014 07/2014 Contents Patient Choice... 2 Security Protections... 2 Participation Agreement... 2 Controls... 3 Break the Glass...

More information

OCR/HHS HIPAA/HITECH Audit Preparation

OCR/HHS HIPAA/HITECH Audit Preparation OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education

More information

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,

More information

LEVERAGING HEALTH INFORMATION EXCHANGE TO CREATE A CONNECTED CARE COMMUNITY

LEVERAGING HEALTH INFORMATION EXCHANGE TO CREATE A CONNECTED CARE COMMUNITY LEVERAGING HEALTH INFORMATION EXCHANGE TO CREATE A CONNECTED CARE COMMUNITY Sue Schade, MBA, FCHIME, FHIMSS Chief Information Officer University of Michigan Hospitals and Health Centers Objectives Why?

More information

Business Associate Considerations for the HIE Under the Omnibus Final Rule

Business Associate Considerations for the HIE Under the Omnibus Final Rule Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair Agenda Who is

More information

A CIO Survey of HIT Adoption Trends

A CIO Survey of HIT Adoption Trends An Optum Institute for Sustainable Health Issue Brief A CIO Survey of HIT Adoption Trends Summary As we enter 2012, hospitals have made impressive gains in the uptake of electronic medical records, participation

More information

Make the Connection to

<your organization logo> Make the Connection to <your organization name> Make the Connection to The problem: Electronic health information exchange is challenging Local Care Community HIEs/HISPs No EHR Acute EHR Long term/post

More information

Bridging the HIPAA/HITECH Compliance Gap

Bridging the HIPAA/HITECH Compliance Gap CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According

More information

What do you need to know?

What do you need to know? What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,

More information

Secure HIPAA Compliant Cloud Computing

Secure HIPAA Compliant Cloud Computing BUSINESS WHITE PAPER Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment Step-by-Step Guide for Choosing

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information

OCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Security Considerations

Security Considerations Concord Fax Security Considerations For over 15 years, Concord s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

Preparing for and Responding to an OCR HIPAA Audit

Preparing for and Responding to an OCR HIPAA Audit Preparing for and Responding to Carole Klove Carole.Klove@ucsfmedctr.or g Gerry Hinkley gerry.hinkley@pillsburylaw.com SIXTH NATIONAL HIPAA SUMMIT WEST October 10-12, 2012 Overview Background What to expect

More information

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents

2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents 2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

The Road to Robust Use of HIT: Navigating Meaningful Use and Beyond. by Jennifer McAnally, tnrec Director

The Road to Robust Use of HIT: Navigating Meaningful Use and Beyond. by Jennifer McAnally, tnrec Director The Road to Robust Use of HIT: Navigating Meaningful Use and Beyond by Jennifer McAnally, tnrec Director Presentation Objectives Participants will be able to: Verbalize the role Regional Extension Centers

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Bill Moran and Betta Sherman

Bill Moran and Betta Sherman Compliance TODAY July 2013 a publication of the health care compliance association www.hcca-info.org How an eye doctor s son sees compliance an interview with Stephen Kiess Assistant General Counsel for

More information

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746

More information

FAQ: HIPAA AND CLOUD COMPUTING (v1.0)

FAQ: HIPAA AND CLOUD COMPUTING (v1.0) FAQ: HIPAA AND CLOUD COMPUTING (v1.0) 7 August 2013 Cloud computing outsourcing core infrastructural computing functions to dedicated providers holds great promise for health care. It can result in more

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

Inpatient Psychiatric Facilities (IPF) Quality Reporting Program

Inpatient Psychiatric Facilities (IPF) Quality Reporting Program Keys to Successful FY 2016 Reporting Questions and Answers Moderator/Speaker: Evette Robinson, MPH Project Lead, Inpatient Psychiatric Facility Quality Reporting (IPFQR) Program Value, Incentives, and

More information

Featuring industry research by. Produced by

Featuring industry research by. Produced by Featuring industry research by Produced by With the ubiquity of personal electronic devices, healthcare workers are all too commonly performing workarounds alternatives to approved workflows that bypass

More information

SECURETexas Health Information Privacy & Security Certification Program FAQs

SECURETexas Health Information Privacy & Security Certification Program FAQs What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare

More information

2/27/2014. Meaningful Use as it Relates to HIPAA Compliance. Objectives and Agenda. Understand the statutory and regulatory background and purpose

2/27/2014. Meaningful Use as it Relates to HIPAA Compliance. Objectives and Agenda. Understand the statutory and regulatory background and purpose Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

Using Patient Portals to Achieve HIPAA Compliance and Drive Patient Satisfaction

Using Patient Portals to Achieve HIPAA Compliance and Drive Patient Satisfaction Using Patient Portals to Achieve HIPAA Compliance and Drive Patient Satisfaction emedicalfusion, LLC Published: April, 2012 Summary The purpose of this white paper is to discuss the role of patient portals

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur

More information

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014 OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2 Linda Sanches, MPH Senior Advisor, Health Information Privacy HCCA Compliance Institute March 31, 2014 Agenda Background Audit Phase

More information

Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective

Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective July 23, 2013 Gerry Hinkley, Pillsbury Allen Briskin, Pillsbury Pillsbury Winthrop Shaw Pittman LLP

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

The Case for Email Encryption

The Case for Email Encryption The Case for Email Encryption Improve Compliance and Protect PHI on the Move Healthcare organizations face an ongoing compliance burden involving the protection of sensitive patient data. The task of safeguarding

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs

Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs Providence Health & Services is committed to using technology and evidence-based practices to deliver the highest quality care in

More information

Participation Agreement Medicaid Provider Program

Participation Agreement Medicaid Provider Program Participation Agreement Medicaid Provider Program PLEASE FAX THE FOLLOWING PAGES #4, #7, #8, #14, #15 211 Warren Street Newark, NJ 07103 PHONE: 973-642-4777 FAX: 973-645-0457 E-mail: info@njhitec.org www.njhitec.org

More information

Wolters Kluwer Health 2013 Physician Outlook Survey

Wolters Kluwer Health 2013 Physician Outlook Survey Wolters Kluwer Health 2013 Outlook Survey The Wolters Kluwer Health 2013 Outlook Survey explores the top issues and challenges physicians are facing in their practices from patient care to profitability

More information

Well-Documented Controls Reduce Risk and Support Compliance Initiatives

Well-Documented Controls Reduce Risk and Support Compliance Initiatives White Paper Risks Associated with Missing Documentation for Health Care Providers Well-Documented Controls Reduce Risk and Support Compliance Initiatives www.solutionary.com (866) 333-2133 Many Health

More information

Health Information Exchange First Considerations

Health Information Exchange First Considerations Health Information Exchange First Considerations Overview Health Information Exchange (HIE) is one of the most common forms of utilizing an EHR solution and supports key requirements of Meaningful Use

More information

Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW

Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW By Mike McAlpen, 8x8 Executive Director of Privacy, Security and Compliance The Champion For Business

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP

Security & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP Security & Privacy Strategies for Expanded Communities Deven McGraw Partner Manatt, Phelps & Phillips LLP 1 Key Challenges in Community Data Sharing Patient-mediated data sharing Sharing data with companies

More information

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA AHLA B. HIPAA Compliance Audits Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA Anna C. Watterson Davis Wright Tremaine LLP Washington, DC Fraud

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information

A smarter way to protect your brand. Copyright 2012 Compliance 360 All Rights Reserved

A smarter way to protect your brand. Copyright 2012 Compliance 360 All Rights Reserved A smarter way to protect your brand Minimizing Compliance Risks of Proactive OCR HIPAA Audits Copyright 2012 Compliance 360 All Rights Reserved Compliance 360 at a Glance Compliance, Risk and Audit Solutions

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and

More information

HIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1

HIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1 HIPAA/HITECH Privacy and Security for Long Term Care 1 John DiMaggio Chief Executive Officer, Blue Orange Compliance Cliff Mull Partner, Benesch, Healthcare Practice Group About the Presenters John DiMaggio,

More information

Privacy for Healthcare Data in the Cloud - Challenges and Best Practices

Privacy for Healthcare Data in the Cloud - Challenges and Best Practices Privacy for Healthcare Data in the Cloud - Challenges and Best Practices Dr. Sarbari Gupta sarbari@electrosoft-inc.com 703-437-9451 ext 12 Cloud Standards Customer Council (CSCC) Cloud Privacy Summit Electrosoft

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

HIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13

HIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 HIPAA Changes 2013 Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 BEI Who We Are DC Metro IT Service Provider since 1987 Network Design/Upgrade Installation/Managed IT Services for small to medium-sized

More information

Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud

Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud Featuring the results of the Privacy and Security Survey, March 2011 Since the passage of the

More information

HIPAA Violations Incur Multi-Million Dollar Penalties

HIPAA Violations Incur Multi-Million Dollar Penalties HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability

More information

UPDATES FOR MEDICAL PRACTICES: RED FLAGS AND IDENTITY THEFT AND HIPAA PRIVACY CHANGES (FROM HITECH)

UPDATES FOR MEDICAL PRACTICES: RED FLAGS AND IDENTITY THEFT AND HIPAA PRIVACY CHANGES (FROM HITECH) UPDATES FOR MEDICAL PRACTICES: RED FLAGS AND IDENTITY THEFT AND HIPAA PRIVACY CHANGES (FROM HITECH) March 2011 Presentation by Jennifer L. Cox, J.D. Red Flags Rollback Red flags is going going and not

More information

HIPAA Privacy, Security and Breach Notification Audits

HIPAA Privacy, Security and Breach Notification Audits HIPAA Privacy, Security and Breach Notification Audits Program Overview & Initial Analysis Verne Rinker JD, MPH 2013 NIST / OCR Security Rule Conference May 21-22, 2013 Program Mandate HITECH Act, Section

More information

Meaningful Use & IT Security Review. Presented by: Jonathan Krasner BEI jonathan.krasner@beinetworks.com 703-731-8768 www.beihealthcare.

Meaningful Use & IT Security Review. Presented by: Jonathan Krasner BEI jonathan.krasner@beinetworks.com 703-731-8768 www.beihealthcare. Meaningful Use & IT Security Review Presented by: Jonathan Krasner BEI jonathan.krasner@beinetworks.com 703-731-8768 www.beihealthcare.com Meaningful Use Update MU lasts 5 years for each provider MU is

More information

Health Informa.on Technology Audits: "Meaningful Use" and HIPAA. January 23, 2015 Eli Poliakoff Gary Capps

Health Informa.on Technology Audits: Meaningful Use and HIPAA. January 23, 2015 Eli Poliakoff Gary Capps Health Informa.on Technology Audits: "Meaningful Use" and HIPAA January 23, 2015 Eli Poliakoff Gary Capps 1 HITECH - Related Audits Health Informa.on Technology for Economic and Clinical Health Act ("HITECH")

More information