Secure & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion
|
|
- Philomena Wiggins
- 8 years ago
- Views:
Transcription
1 In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate and file transfer policies. This report takes a closer look at those respondents identifying themselves as healthcare entities, and how they compare to other industries. 323 respondents fell into the healthcare category. With the exception of functional responsibility, demographically their makeup was very similar to other industries. Respondents held positions at all levels within their organizations, including staff, managers, directors and executives. Respondents are distributed fairly evenly across different sized organizations, with 33.4% from organizations with less than 100 employees, and 37.5% from larger organizations (1,000 employees and more). There is also a range in the size of respondents IT organizations, with 57.3% having 20 or fewer employees in the IT department and 42.7% with IT departments of more than 20. When it came to functional responsibility, there was more representation from departments other than IT, especially from administrative and clinical healthcare positions. 38.7% of healthcare respondents had IT responsibilities versus 62.5% for other industries. Policies Exist Yet Enforcement Still Lacking Regardless of industry the vast majority of organizations surveyed have security and compliance policies in place for transferring sensitive information like files, s and form data. Nearly 90% of all respondents said their company has these kinds of policies in place, an increase of almost 10 percent over the 2013 results (80.9%). However, the increase is largely accounted for by healthcare entities with more than 97% having policies in place, compared to 90.4% in Only 82.3% of non-healthcare organizations reported having these kinds of policies. Given HIPAA s requirements, and the ONC s push towards more audits, it is not suprising to see more policies enacted in healthcare organizations. When it comes to enforcement, however, many organizations are struggling. 36% of healthcare respondents said that within their entity, security and compliance policies are at most only moderately enforced. This is better than other industries, which reported in at 50% saying policies are either rarely or moderately enforced, though all are still challenged with enforcement. Also, regardless of industry, the vast majority reported policies being violated. Nearly 73% of healthcare respondents said employees/co-workers either occasionally or routinely violate these policies compared to 81% for other industries. A key step to making policies work in any organization, healthcare or otherwise, is making sure employees are aware of, and understand the policies in place. When respondents were asked if they thought employees fully understood these types of policies, over a third of healthcare respondents said no. Other industries reported similarly with 38.1% saying their company s compliance and security policies are not understood. When asked about the most common reasons policies are violated, over half (52.7%) of healthcare respondents said this was because the employee was not even aware of the policy or that it had been violated. Another 29.1% said the awareness was there but employees did not understand the policies.
2 And most concerning, 18.2% said policies were intentionally violated in order to get their job done. Other industries had somewhat fewer responses saying awareness alone is the reason (46.5%), and slightly more responses saying policies are violated to get work done (24%) but both followed the same pattern. This points to a need for organizations in all industries to increase awareness of policy existence, and to do a better job of training employees about these policies what they are, why they are needed and the impacts of them not being followed. For healthcare organizations, a key part of passing an HHS/OCR HIPAA audit is demonstrating implementation of policies, including training and sanctions. Progress on Policy Adherence The good news is that many organizations, healthcare and otherwise, are taking steps to improve policy adherence things like ongoing or mandatory training, more frequent communications, and the use of technology to monitor and report on policy compliance. Only 7.4% of healthcare respondents said they were not doing anything additional to get improvements in policy compliance. More than half (64.2%) are conducting ongoing training, and 44.6% are using technology to increase policy adherence. Survey responses show that most healthcare respondents indicated a variety of acceptable methods and tools for sending files containing sensitive data. Unencrypted , encrypted , free file transfer services and FTP were all accepted methods for transferring files with sensitive information digitally, with encrypted far outweighing the others at 80%. Healthcare s usage of unencrypted for this purpose was less than other industries, at 10% and 18% respectively. Encryption Use Remains Steady Even with impending HIPAA audits by the OCR in 2015, and more high profile breaches in 2014, a significant percent of healthcare organizations are reporting they do not use encryption. Nearly a quarter, 24.4%, reported that they do not have the ability to encrypt . This compares to 32.5% for other industries. Similar to other industries, fewer small healthcare organizations reported using encryption (66.7% for <100 employees) than large (87.3% for employees). For those healthcare organizations that are using encryption, a majority are implementing it in ways that help improve ease of use crucial for getting user adoption. 55.9% of healthcare respondents do not require a user to log into a portal to send or receive encrypted , and nearly 90% have the capability to send and receive encrypted directly from their desktop client. Again, healthcare respondents did not materially differ from other industries in their responses.
3 Mobile Use Continues to Put Organizations at Risk Mobile devices have invaded the healthcare workplace. And they are often cited as a source of concern when it comes to security risk. This study, along with others, supports that concern. 80.8% of respondent s organizations reported having policies permitting the use of on a mobile device. And the devices are being used. A recent study by Spyglass Consulting Group 1 showed 96% of physicians using smartphones as a primary device to support clinical communications. Another study 2 shows 69% viewing patient information on a mobile device. Yet many respondents said they do not have encryption enabled in their mobile client. Of those with policies permitting use on a mobile, nearly a quarter (22.9%) do not use encryption of any kind on mobile or on a desktop. Healthcare respondents were similar to other industries, in that those providing encryption often don t have it enabled for employees in their mobile client. Of the 175+ healthcare respondents providing encryption and allowing mobile use, nearly a third (31.3%) do not have the ability to secure their from their mobile client. Again, like other industries, this risk especially applies to smaller organizations. When examined by size, 56.7% of small healthcare organizations (<100 employees) had not enabled encryption in employees mobile clients, versus 27.8% for large organizations (1,000+ employees). In all industries, is one of, if not the most, frequently used application on a mobile device. According to a recent Radicati study, by 2018, 80% of users are expected to access their accounts via a mobile device. 3 Healthcare is no exception to this. In a September 2014 study of physicians by Kantar Media 4, 64% of physicians were found to be using on a smartphone. The widespread use of mobile devices for , coupled with a widespread lack of encryption on these devices sets up a huge area of risk for these organizations. Confidence Is Stronger for Healthcare In 2013, we noted that HIPAA and associated regulations are having a visible impact on healthcare in regards to policies. That trend continues. While most healthcare respondents organizations do have policies in place, over a quarter of them are not confident their company s encryption policy provides adequate security against an related data breach. Yet healthcare respondents indicated more confidence in their security policies than other industries. 34.3% of other industries indicated their lack of confidence in the encryption policy. And, when asked if their organization would pass if selected for a compliance audit in 1 Point of Care Communications for Physicians 2014, Spyglass Consulting Group 2 Caradigm Infographic, 3 The Radicati Group Statistics Report, Kantar Media Sources & Interactions Study, September 2014 Medical Surgical Addition
4 the next 12 months, over 60% of other industries were at best only somewhat confident in their ability to pass. Only 52.6% of healthcare respondents said the same. Healthcare respondents were also more inclined to say they strive to achieve total compliance at 83.3% versus 71.2% for other industries. Only 15.6% of healthcare respondents said they take risks because they don t have the resources to be compliant, compared to 28.3% for other industries. This is not suprising given HIPAA/HITECH regulatory requirements for protecting senstive data. Direct Secure Messaging and Meaningful Use Like other industries, healthcare entities still have some work to do when it comes to securing data in transit but they face much higher demands for secure messaging. Unlike other industries, almost every message exchange and file transfer contains private health information in addition to personal identifiable information. Both must be secured under HIPAA and HITECH regulations. This means that virtually every workflow requiring message and file exchange must be secure (for example, electronic health record content). The survey response indicates progress is being made. For example, Direct Secure Messaging (Direct) is starting to take hold. Direct is a secure and interoperable -like protocol initiated by the U.S. Department of Health and Human Services specifically for healthcare providers. Its purpose as a part of the broader HITECH act is to reduce costs and improve care. Initially used for attesting to Meaningful Use Stage 2 (MU2) requirements, the HHS vision for Direct is to become the secure and interoperable messaging protocol for a national Health Information Network accessible by all healthcare providers. Unfortunately, 42% of healthcare respondents said they are not aware of the Direct protocol. Since usage of Direct is tied to meeting MU2 requirements for transmitting transitions of care documents, awareness is likely contained to those actively pursing MU2 attestation. This suggests a need to continue the awareness building programs for Direct to further its adoption and use beyond a MU2 checkbox. Progress has been made, but there is more work here to do. Of those aware of Direct, 57.7% were using it in their organization, again indicating progress driven by the MU program, and continued room for growth. Initial use of Direct is focused on improving continuity of care as patients transition between care settings for example from a hospital to long term care facility, skilled nursing or other post-acute care environment. Specifically, Direct is being used to send transition of care documents to affiliates (60.2%), to receive transition of care documents from acute care facilities (40.8%) and to send and receive secure messages and files to/from patients (28.2%).
5 Many Electronic Health Records systems (EHR) vendors have added HHS certified Direct service to their product portfolios specifically to enable their healthcare provider customers the ability to attest for MU, and earn related incentives. In addition, health information service providers (HISPs) have emerged as a source of Direct provisioning. HISPs are a new category of secure messaging service provider focused specifically on the delivery of accredited Direct service and addresses for the general healthcare industry. EHR vendors and HISPs were the most common providers of Direct addresses and service, at 53.7% and 20.4% respectively. Health Information Exchanges (HIEs) are another source providers are using to get Direct service. Business Associates an Area of Risk With the HIPAA omnibus final ruling having taken effect in September of 2013, many organizations not previously impacted by HIPAA/HITECH now fall under its long tail. In simple terms, the ruling says that any partner of a healthcare entity, and any partner of that partner, who handles the healthcare entity s protected health data (PHI) are considered a business associate of that entity and are responsible for protecting that data. 69.4% of respondents whose organizations have a business relationship with a healthcare entity, also handle that entity s protected health data. Yet 28.2% of these said they were either not a business associate, or were unsure if they were. Similarly, of those handling a healthcare entity s PHI, 40.5% had either not been asked to sign a business associate agreement, or were unsure if they had. Both of these numbers point to a lack of awareness of who is a business associate for a significant portion of organizations that actually are, putting both themselves and the healthcare entities they work with at risk for noncompliance. Conclusions Although a high percentage of all industries have policies for securing files and in transit, healthcare organizations continue to be ahead of other industries when it comes to having these policies, with close to 100% reporting having them. Yet for both healthcare and other industries, increasing employee awareness and understanding of the need to secure data in transit, and getting employees to comply, continues to be a struggle for many. Effective and file transfer security policy compliance demands ongoing communications and training. Vendors of these systems are also starting to step up and deliver tools that are not only easier to use, but assist in the ongoing training and awareness needed for these policies to succeed.
6 For both healthcare and other industries, mobile, in particular, continues to put organizations at risk when it comes to securing . While most organizations have accepted the fact that mobile devices are going to be used and are embracing them with policies regarding their use and healthcare is no exception - there is still a lack of encryption for on too many of these devices, creating a huge security risk. Organizations need to make sure these users are provided the tools they need to secure files and s being sent on a mobile device, such as encryption that works within their mobile client. While the HHS has stepped in to initiate a healthcare specific protocol for secure messaging (Direct), general awareness and adoption remains tied to the corresponding incentives from Meaningful Use programs. Meeting the HHS vision for an interoperable nationwide Health Information Network that leverages Direct has great potential to reduce costs and improve care, but will require greater education and continued adoption to reach critical mass amongst healthcare providers. Finally, for those in a healthcare ecosystem who handle a healthcare entity s protected health data even if they are a small partner and not healthcare themselves they now fall under the requirements of HIPAA/HITECH regulations and need to execute business associate agreements that define security measures for handling the data, and more importantly comply by their terms. Securing health information in transit is no longer a requirement just for primary entities covered by regulation, or large organizations. It impacts us all.
7 Appendix Survey questions and answer detail for health respondents compared to other industries 1. What is your primary job level? 2. What is your primary job function? 3. How many employees are in your organization?
8 4. What is the approximate size of your organization s IT (information technology) department (those reporting to the CIO)? 5. Are any of your organization s IT department resources outsourced? 6. Which of the following best describes your organization s primary business or industry?
9 7. Are you aware of Direct Secure Messaging protocol as an alternative to encryption? (for those that answered healthcare in question six) 8. Is your organization using Direct Secure Messaging? (for those that answered yes in question seven) 9. From where did you get your Direct address (for those that answered yes in question eight)
10 10. How is your organization using Direct Secure Messaging? (for those that answered yes in question eight) (multiple answers accepted) 11. Does your company have security and compliance policies for transferring sensitive information electronically? (such as files, s, form data) 12. How aggressively are these policies enforced? (for those that answered yes to question 11)
11 13. Do you think employees fully understand these policies? (for those that answered yes to question 11) 14. How often do you feel employees/co-workers violate these policies? (for those that answered yes to question 11) 15. In your opinion, what are the most common reasons employees/co-workers violate these policies? (for those that answered yes to question 11)
12 16. What steps is your organization taking to improve policy adherence to frequently violated policies? (multiple answers allowed) (for those that answered yes to question 11) 17. Does your organization have policies regarding the methods for accepting sensitive information from external sources? (for those that answered yes to question 11) 18. What methods are acceptable for receiving sensitive information from external sources? (multiple answers allowed) (for those that answered yes to question 11)
13 19. Has your organization experienced a breach of sensitive information due to accidental exposure? 20. What was/were the consequence(s)? (multiple answers accepted) (for those answering yes to question 19) 21. When an employee/co-worker has a file containing sensitive information to be transferred digitally, what are your organization s accepted methods for sending the file? (multiple answers accepted)
14 22. Does your organization permit the use of mobile devices for ? 23. Do your employees/co-workers have the capability to encrypt ? 24. Are users required to log into a separate portal to send or receive encrypted ? (for those that answered yes to question 23)
15 25. Do your employees/co-workers have the capability to send and receive encrypted directly from their desktop client? (for those that answered yes to question 23) 26. Do your employees/co-workers have the capability to send and receive encrypted directly from their mobile client? (for those that answered yes to question 23) 27. What type of encryption do your employees/co-workers use? (for those that answered yes to question 23)
16 28. Are you confident your company s current encryption policy provides adequate security against an related data breach? (for those answering yes to question 11) 29. How likely do you think it is that your company will be selected for a compliance audit in the next 12 months? 30. If your company was selected for such an audit, how confident are you that it would pass?
17 31. Which best describes your company s approach to compliance? 32. How much does your organization plan to spend in the next 12 months on encryption? 33. Does your organization have any business relationships with healthcare-covered entities such as a hospital or health system?
18 34. As a part of your business relationships with healthcare-covered entities, has your organization physically or electronically handled any of the healthcare entity s protected health information (PHI)? (for those that answered yes to question 33) 35. Is your organization considered a business associate as defined by HIPAA regulations? 36. Has your organization been asked to sign a Business Associate Agreement (BAA) resulting from HIPAA s redefinition of downstream business associates? ABOUT DATAMOTION Our mission is to dramatically reduce the cost and complexity of exchanging private health information in a secure and compliant way! Our easy-to-use encryption solutions for Direct Secure Messaging, secure , file transfer, forms processing and customer contact leverage the DataMotion Platform for unified data delivery. As a provider of secure messaging solutions such as encryption and Direct Secure Messaging we are constantly engaged by providers to help them stay in compliance with expanding regulations, including HIPAA and HITECH. We are an EHNAC accredited Health Information Service Provider (HISP), and actively promote the adoption of Direct Secure Messaging across the healthcare industry. DataMotion is privately held and based in Florham Park, N.J.
Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information
Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Within the healthcare industry, the exchange of protected health information (PHI) is governed by regulations
More informationA PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK
A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK Chris Apgar Andy Nieto 2015 OVERVIEW How to get started assessing your risk What your options are how to protect PHI What s the
More informationSecuring Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationThe HIPAA Omnibus Final Rule
WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationThe Importance of Sharing Health Information in a Healthy World
January 30, 2015 Karen DeSalvo, MD, MPH, MSc National Coordinator Office of National Coordinator for Health IT Department of Health and Human Services 200 Independence Ave, SW Washington, DC 20201 Dear
More informationSurviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow.
Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN Jonathan Krasner www.beinetworks.com www.hipaasecurenow.com Healthcare IT Landscape Meaningful Use Incentives Technology Advances
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More informationAnswering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com
Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a
More informationHIPAA Audits Are Happening. eroi
HIPAA Audits Are Happening. eroi Are You at Risk? efiling Advanced efile Form Completion Charting Host: Kathryn Ayers Wickenhauser Meaningful Use / HIPAA Compliance Consultant Kathryn.Wickenhauser@DatafileTechnologies.com
More informationMeaningful Use Stage 2. Creating the Foundation for Population Health
Meaningful Use Stage 2 Creating the Foundation Creating the Foundation You ve downloaded this ebook just in time. Are you ready to begin building toward Meaningful Use (MU) Stage 2? Each MU requirement
More informationBest Practices for DLP Implementation in Healthcare Organizations
Best Practices for DLP Implementation in Healthcare Organizations Healthcare organizations should follow 4 key stages when deploying data loss prevention solutions: 1) Understand Regulations and Technology
More informationTHE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
More informationHow To Find Out What People Think About Hipaa Compliance
Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationREGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI
REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,
More informationHow To Communicate In Healthcare With Direct Secure Messaging
Direct Secure Messaging Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion Agenda Email and Direct in healthcare, a little history So what is Direct, really Certificates
More informationEnsuring Privacy & Security of Patient Information
Ensuring Privacy & Security of Patient Information Danika Brinda, Assistant Professor and REACH P&S Subject Matter Expert Jane McGrath, Program Manager REACH/Stratis Health Session 12, Thursday, June 12,
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More information7th Annual Ambulatory PM & EHR Study. HIMSS Analytics
7th Annual Ambulatory PM & EHR Study HIMSS Analytics October 2015 1 Contents Executive Summary 3 Methodology 4 Findings EHR/EMR 5 Definition 5 Market Penetration/Growth 5 Timeframe of Purchase 8 Vendor
More informationUpcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies?
Upcoming : How Prepared and Confident are Medical Practices and Billing Companies? - Presented by NueMD a complete medical billing and practice management software solution company has partnered with Porter
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationHIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals
HIPAA for HIT and EHRs Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals Donald Bechtel, CHP Siemens Health Services Patient Privacy Officer Fair Information Practices
More informationLEVERAGING HEALTH INFORMATION EXCHANGE TO CREATE A CONNECTED CARE COMMUNITY
LEVERAGING HEALTH INFORMATION EXCHANGE TO CREATE A CONNECTED CARE COMMUNITY Sue Schade, MBA, FCHIME, FHIMSS Chief Information Officer University of Michigan Hospitals and Health Centers Objectives Why?
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationThe Must Have Tools To Address Your Compliance Challenge
The Must Have Tools To Address Your Compliance Challenge Industry leading Education October 21 - Top 5 tools to help you achieve HIPAA compliance November 11 - Saving time and money through web-based benefits
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationMeeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel
Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered
More informationThe Road to Robust Use of HIT: Navigating Meaningful Use and Beyond. by Jennifer McAnally, tnrec Director
The Road to Robust Use of HIT: Navigating Meaningful Use and Beyond by Jennifer McAnally, tnrec Director Presentation Objectives Participants will be able to: Verbalize the role Regional Extension Centers
More informationEmpowering Nurses & Building Trust Through Health IT
Empowering Nurses & Building Trust Through Health IT Helen Caton-Peters, MSN, RN Health Information Privacy & Security Specialist Office of the National Coordinator for Health Information Technology 2
More information<your organization logo> Make the Connection to <your organization name>
Make the Connection to The problem: Electronic health information exchange is challenging Local Care Community HIEs/HISPs No EHR Acute EHR Long term/post
More informationHIPAA Audits and Compliance: What To Expect From Regulators and How to Comply
HIPAA Audits and Compliance: What To Expect From Regulators and How to Comply October 18, 2013 ACEDS Membership Benefits Training, Resources and Networking for the ediscovery Community Exclusive News and
More informationHIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com
HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationPreparing for and Responding to an OCR HIPAA Audit
Preparing for and Responding to Carole Klove Carole.Klove@ucsfmedctr.or g Gerry Hinkley gerry.hinkley@pillsburylaw.com SIXTH NATIONAL HIPAA SUMMIT WEST October 10-12, 2012 Overview Background What to expect
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationSecure HIPAA Compliant Cloud Computing
BUSINESS WHITE PAPER Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment Step-by-Step Guide for Choosing
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationA CIO Survey of HIT Adoption Trends
An Optum Institute for Sustainable Health Issue Brief A CIO Survey of HIT Adoption Trends Summary As we enter 2012, hospitals have made impressive gains in the uptake of electronic medical records, participation
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationHealth Information Exchange First Considerations
Health Information Exchange First Considerations Overview Health Information Exchange (HIE) is one of the most common forms of utilizing an EHR solution and supports key requirements of Meaningful Use
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationMeaningful Use & IT Security Review. Presented by: Jonathan Krasner BEI jonathan.krasner@beinetworks.com 703-731-8768 www.beihealthcare.
Meaningful Use & IT Security Review Presented by: Jonathan Krasner BEI jonathan.krasner@beinetworks.com 703-731-8768 www.beihealthcare.com Meaningful Use Update MU lasts 5 years for each provider MU is
More informationBill Moran and Betta Sherman
Compliance TODAY July 2013 a publication of the health care compliance association www.hcca-info.org How an eye doctor s son sees compliance an interview with Stephen Kiess Assistant General Counsel for
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationBusiness Associate Considerations for the HIE Under the Omnibus Final Rule
Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair Agenda Who is
More informationOCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information
OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationWISHIN Pulse Statement on Privacy, Security and HIPAA Compliance
WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance SEC-STM-072014 07/2014 Contents Patient Choice... 2 Security Protections... 2 Participation Agreement... 2 Controls... 3 Break the Glass...
More informationHIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1
HIPAA/HITECH Privacy and Security for Long Term Care 1 John DiMaggio Chief Executive Officer, Blue Orange Compliance Cliff Mull Partner, Benesch, Healthcare Practice Group About the Presenters John DiMaggio,
More informationAHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA
AHLA B. HIPAA Compliance Audits Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA Anna C. Watterson Davis Wright Tremaine LLP Washington, DC Fraud
More informationSECURETexas Health Information Privacy & Security Certification Program FAQs
What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare
More informationParticipation Agreement Medicaid Provider Program
Participation Agreement Medicaid Provider Program PLEASE FAX THE FOLLOWING PAGES #4, #7, #8, #14, #15 211 Warren Street Newark, NJ 07103 PHONE: 973-642-4777 FAX: 973-645-0457 E-mail: info@njhitec.org www.njhitec.org
More informationSecuring Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud
Securing Electronic Health Records (EHRs) to Achieve Meaningful Use Compliance, Prevent Data Theft and Fraud Featuring the results of the Privacy and Security Survey, March 2011 Since the passage of the
More informationInpatient Psychiatric Facilities (IPF) Quality Reporting Program
Keys to Successful FY 2016 Reporting Questions and Answers Moderator/Speaker: Evette Robinson, MPH Project Lead, Inpatient Psychiatric Facility Quality Reporting (IPFQR) Program Value, Incentives, and
More informationFAQ: HIPAA AND CLOUD COMPUTING (v1.0)
FAQ: HIPAA AND CLOUD COMPUTING (v1.0) 7 August 2013 Cloud computing outsourcing core infrastructural computing functions to dedicated providers holds great promise for health care. It can result in more
More informationUsing Patient Portals to Achieve HIPAA Compliance and Drive Patient Satisfaction
Using Patient Portals to Achieve HIPAA Compliance and Drive Patient Satisfaction emedicalfusion, LLC Published: April, 2012 Summary The purpose of this white paper is to discuss the role of patient portals
More informationAgenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014
OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2 Linda Sanches, MPH Senior Advisor, Health Information Privacy HCCA Compliance Institute March 31, 2014 Agenda Background Audit Phase
More informationSecurity Considerations
Concord Fax Security Considerations For over 15 years, Concord s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver
More informationCybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective
Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective July 23, 2013 Gerry Hinkley, Pillsbury Allen Briskin, Pillsbury Pillsbury Winthrop Shaw Pittman LLP
More informationDissecting New HIPAA Rules and What Compliance Means For You
Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationHIPAA Compliance and the Protection of Patient Health Information
HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance
More informationPrivacy and Security: Meaningful Use in Healthcare Organizations
Privacy and Security: Meaningful Use in Healthcare Organizations Phyllis A. Patrick, MBA, FACHE, CHC July 20, 2011 Webinar Essentials 1. Session is currently being recorded, and will be available on our
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationFeaturing industry research by. Produced by
Featuring industry research by Produced by With the ubiquity of personal electronic devices, healthcare workers are all too commonly performing workarounds alternatives to approved workflows that bypass
More informationMeaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs
Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs Providence Health & Services is committed to using technology and evidence-based practices to deliver the highest quality care in
More informationHealth Informa.on Technology Audits: "Meaningful Use" and HIPAA. January 23, 2015 Eli Poliakoff Gary Capps
Health Informa.on Technology Audits: "Meaningful Use" and HIPAA January 23, 2015 Eli Poliakoff Gary Capps 1 HITECH - Related Audits Health Informa.on Technology for Economic and Clinical Health Act ("HITECH")
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationWolters Kluwer Health 2013 Physician Outlook Survey
Wolters Kluwer Health 2013 Outlook Survey The Wolters Kluwer Health 2013 Outlook Survey explores the top issues and challenges physicians are facing in their practices from patient care to profitability
More informationTHE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE
THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationHow To Get A Meaningful Use Of Your Ehr
Making the Most of Meaningful Use: Why Choosing the Right EHR Matters Most healthcare professionals understand how electronic health records (EHRs) can drive greater patient engagement and improve the
More informationHIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13
HIPAA Changes 2013 Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 BEI Who We Are DC Metro IT Service Provider since 1987 Network Design/Upgrade Installation/Managed IT Services for small to medium-sized
More informationIntegration for your Health Information System
Integration for your Health Information System Achieve comprehensive healthcare IT integration that leverages your existing IT investments and helps you meet the growing demands of Meaningful Use, HIE,
More informationI D C H e a l t h I n s i g h t s : H e a l t h c a r e P r o v i d e r I T S t r a t e g i e s
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.935.4445 F.508.988.7881 www.idc-hi.com Business Strategy: The Current State of Ambulatory EHR Buyer Satisfactio n I D C H e a l t h I
More informationThe now tips, the how tools, and the must timing for your MU path in 2014.
Meaningful Use in 2014 - Window of Opportunity The now tips, the how tools, and the must timing for your MU path in 2014. Inside you will find: CLICK ON TITLES TO NAVIGATE MU 2014 updates; Must know changes!
More informationVHCA Legal Quarterly
VHCA Legal Quarterly Winter 2015 Text Messaging in Nursing Facility Patient Care: HIPAA Challenges, Survey Scrutiny, and Possible Solutions Written by Nathan Mortier and Peter Mellette Mellette, PC Williamsburg,
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationSecurity & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP
Security & Privacy Strategies for Expanded Communities Deven McGraw Partner Manatt, Phelps & Phillips LLP 1 Key Challenges in Community Data Sharing Patient-mediated data sharing Sharing data with companies
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationHIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012
HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually
More informationThe Case for Email Encryption
The Case for Email Encryption Improve Compliance and Protect PHI on the Move Healthcare organizations face an ongoing compliance burden involving the protection of sensitive patient data. The task of safeguarding
More informationWhy HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW
Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW By Mike McAlpen, 8x8 Executive Director of Privacy, Security and Compliance The Champion For Business
More informationArizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)
Arizona Health Information Exchange Marketplace Requirements and Specifications Health Information Service Provider (HISP) Table of Contents Table of Contents... 1 Introduction... 2 Purpose... 3 Scope...
More informationIncreasing Security Defenses in Cost-Sensitive Healthcare IT Environments
Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments Regulatory and Risk Background When the Health Insurance Portability and Accountability Act Security Standard (HIPAA) was finalized
More information