Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
|
|
- Moses Townsend
- 8 years ago
- Views:
Transcription
1 Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013
2 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing Web-based Patient Portals... 3 Meaningful Use Incentives... 3 Increased Penalties... 4 Government Audit & Oversight... 4 Sharing the Risk: Business Associate and Subcontractor Obligations... 5 Securing Patient Portals... 6 Patient Portal Security Requirements... 6 Trend Micro Web App Security... 7 Conclusion
3 Abstract Information security has evolved into a mission-critical function for healthcare organizations amid the tumult of industry reform, innovation, and regulatory upheaval. A nationwide move towards Electronic Health Record (EHR) systems, web-based platforms for patient and provider access to information, increased regulation, provider consolidation, and the increasing need to share health information between patients, providers, and payers all point toward the need for robust information security protections. At the same time, changes in federal legislation are offering lucrative incentives for implementing EHRs and patient portals, and those who do not vigilantly protect patient information stored in EHRs and web-based portals face increasingly stiff penalties. With the emergence of e-health networks offering web-based services, the future success of healthcare is likely to depend on how effectively patients can obtain and manage their health related information over the web in a secure manner. This challenge is further amplified by the growing complexity of patient data management practices including outsourcing the development and implementation of web-based platforms to third party Business Associates and their subcontractors. The Carrot and the Stick: Incentives and Penalties for Securing Web-based Patient Portals Meaningful Use Incentives The Health Information Technology for Economic and Clinical Health (HITECH) Act and recently released HIPAA Omnibus Rule seek to improve health care delivery and patient care by encouraging electronic access to personal health information across the continuum of care, including via web-based patient portals. HITECH takes a carrot-and-stick approach to promote the mandated conversion to EHRs and implementation of web-based patient portals. The act provides a healthy carrot of $19.2 billion in incentive payments to promote EHR adoption, primarily funneled through Medicare and Medicaid reimbursement as incentive payments for the Meaningful Use of certified EHR technology. Each physician can qualify for a total of up to $44,000 over five years through Medicare or up to $63,750 over six years from Medicaid dependent upon satisfying annual qualification criteria. At the same time, the Meaningful Use requirements call for increased security and privacy controls to bolster patient confidence and adoption of EHR technology in order to qualify for incentives. Stage 2 of Meaningful Use specifically requires the implementation and adoption of a secure web-based patient portal to facilitate patient access to health information. 3
4 Increased Penalties The HITECH Act and HIPAA Omnibus Rule have acknowledged the increased risk associated with storing and transmitting electronic Protected Health Information (PHI) by introducing strong penalties (a heavy stick ) for healthcare providers and their Business Associates and subcontractors who fail to meet the HIPAA Security and Privacy Rule mandates. Prior to the enactment of the HITECH Act, the imposition of civil penalties under HIPAA was limited to a maximum of $100 per violation and $25,000 for all violations of an identical requirement or prohibition occurring within the same calendar year. Enacted in February 2009, HITECH increased the range at minimum of $100 up to $50,000 per violation, with maximum penalties for violations of the same HIPAA provision of $1.5 million per year. Additionally, criminal penalties of up to $250,000 and up to 10 years in prison for HIPAA violations not only apply to healthcare covered entities but also to employees and other individuals. The Omnibus Rule, effective in 2013, ups the ante even further by allowing for fines of up to $1.5 million per violation, regardless of how many violations occur concurrently within a given calendar year. As if the regulatory non-compliance penalties did not already supply sufficient motivation for compliance with security requirements, the Meaningful Use incentive provisions also threaten reduced reimbursement, starting in 2015 for entities who have not met the requirements for securing EHRs and patient portals. Government Audit & Oversight In addition to more proactive oversight underway via the new regulations, both federal and state governments have also been actively investigating possible violations and filing suit for breaches that have been reported to the Department of Health and Human Services (HHS) under HITECH. Several entities are empowered to investigate and audit security compliance including the Office for Civil Rights (OCR), Center for Medicare and Medicaid Services (CMS), and State Attorneys General. Under HITECH, money collected in civil penalties is funneled back into OCR s enforcement budget. The act also permits state attorneys general to bring civil actions for HIPAA violations, making wider oversight and enforcement far more likely than prior years under HIPAA. 4
5 Sharing the Risk Business Associate and Subcontractor Obligations The risk of incurring penalties associated with patient data breaches is further exacerbated by the growing trend of healthcare organizations outsourcing EHR and patient portal solutions to third party Business Associates. According to a recent HITRUST Alliance report, 21% of healthcare security breaches in 2012 implicated a third party Business Associate. Healthcare organizations are also challenged with a lack of resources needed to effectively manage, evaluate, and continuously monitor Business Associate security compliance including patient portal web applications while maintaining focus on delivering quality patient care. The HITECH and the Omnibus Rule widened the net of compliance obligations by expanded the definition of a Business Associate to include organizations that transmit and routinely access PHI, such as health information exchange organizations, web application providers, and IT hosting vendors. Previously, Business Associates were liable only under the terms of their contracts, but under HITECH, Business Associates are subject to direct government oversight and civil and criminal penalties for HIPAA violations. Additionally, the HIPAA Omnibus Rule also expands many of these requirements to the subcontractors of Business Associates, resulting in the rollout of modified Business Associate Agreements to reflect these new obligations. 5
6 Securing Patient Portals Patient Portal Security Requirements The Meaningful Use Stage 2 criteria focus on patient engagement to provide better care. The aim of this requirement is to make health information more accessible to the individuals, and to provide patient with the means to communicate electronically with health care providers via patient portals. However, this also makes the web application the direct link to sensitive enterprise information including PHI. Patient portals, combined with EHRs, allow clinicians to communicate directly with their patients, also extending to them capabilities to schedule appointments, refill prescriptions, access lab results, and pay bills. Stage 2 of MU requires that a secure web-based patient portal be established and sets out specific standards to demonstrate that the portal is being used by both providers and a substantial number of patients to meet following measures: 1. Provide secure messaging between patients and providers 2. Allow patients the ability to access and download their electronic information in a secure manner 3. Deliver reminders for preventive and follow-up care 4. Provide patients with specific educational materials 5. Conduct a risk assessment of the patient portal must to ensure that appropriate security controls are in place to protect patient information in alignment with HIPAA / HITECH / Omnibus requirements For healthcare professionals participating in the Centers for Medicare & Medicaid Services (CMS) EHR incentive programs, the deadline for meeting Stage 2 criteria is right around the corner. A technical solution for assessing and remediating security risks specific to web-based platforms and portals is an essential component to achieving these compliance objectives. Security scanning and remediation tools allow healthcare organizations and Business Associates to demonstrate continual risk assessment of their web-based platforms and avoid jeopardizing incentive payments or incurring significant financial penalties. 6
7 Trend Micro Web App Security Trend Micro Web App Security was developed to address today s complex threat environment, providing a complete suite of security capabilities designed to detect threats and vulnerabilities, and protect web applications and patient portals in a single integrated solution without the cost and effort of traditional approaches. Trend Micro Web App Security as a Service delivers: Complete Intelligent Application Testing o Provides organizations a complete suite of scanning products to identify and quickly remediate vulnerabilities for both in-house hosted and third party / Business Associate web applications and portals o Offers comprehensive testing of patient portal platforms (operating system, server, network) with over 50,000 checks o Allows scanning to be done on-demand or run continuously to assess third party Business Associate web applications Integrated Detection and Protection o Provides continuous monitoring of security controls for patient portals and other third party web applications, ensures vulnerabilities are quickly identified (industry average is 231 days to find) and minimizes the time to respond to security threats with the ability to quickly block new attacks Unlimited SSL o Allows customers to deploy SSL for patient and provider portals and other online applications to improve security and patient trust while significantly reducing infrastructure costs related to managing multiple SSL certificates o Integrates SSL health checking into the detection capabilities of the solution, allowing for time saving checks for configuration errors and certificate expiration for third party / Business Associate web applications including EHRs and patient/provider portals Integrated Management Console o Unlike other security offerings, platform and application vulnerability detection and protection is accomplished via a single integrated console including logging and reporting for internal and third party applications to substantially simplify operation and reduce resource requirements o Monitors web application reputation for third party Business Associate web applications to ensure reputation and categorization issues are identified and resolved 7
8 Conclusion Healthcare organizations are becoming increasingly dependent on web-based technologies such as patient portals to improve patient engagement and address government incentive and regulatory requirements. Organizations are also beginning to understand that HITECH/HIPAA compliance and information security risk assessments are not one-time events and must be implemented as part of a continual security monitoring and remediation program. The impact of lapses in security can be staggering and can cause significant financial harm, reputational damage, and loss of consumer confidence. As such, healthcare organizations must continuously work to identify web application weaknesses for EHRs and patient portals to defend against increasingly sophisticated external threats. The complexity of managing security requirements for third party hosted applications on web and mobile platforms further compounds the security compliance conundrum for healthcare entities. Automated web application security solutions such as Trend Micro Web App Security serve a critical role in supporting the development of robust information security programs to protect patient information for both in-house and third party hosted web applications. Trend Micro Web App Security provides a flexible and repeatable way to perform continual security risk assessments of patient portals and web-based healthcare platforms to demonstrate compliance with federal regulations and incentive programs and protect patients from the harm associated with health information exposure. 8
9 About Meditology Meditology Services LLC is a healthcare-focused advisory services firm with core principles of quality, integrity, loyalty and value. Our executive team has an average of 15 years of consulting and operational experience in healthcare with provider and payer clients nationally of varying size and complexity. We understand the importance of relationships and derive much of our business from a long list of satisfied clients who value the quality of our work products combined with the professionalism, approach, and innovative solutions we bring to our engagements. About Trend Micro As a global leader in cloud security, Trend Micro develops security solutions that make the world safe for businesses and consumers to exchange digital information. With more than 20 years of experience, we deliver top-ranked security that fits our customers needs, stops new threats faster, and protects data in physical, virtualized, and cloud environments. For More Information Contact: Meditology Services LLC 5256 Peachtree Road, Suite 190 Atlanta, GA info@meditologyservices.com Tel. (404)
Securing Patient Portals
Securing Patient Portals What you need to know to comply with HIPAA Omnibus and Meaningful Use Brian Selfridge, Partner, Meditology Services, LLC Blake Sutherland, VP Enterprise Business, Trend Micro Brian
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationREGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI
REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI Healthcare Organizations Can Adopt Enterprise-Wide Disclosure Management Systems To Standardize Disclosure Processes,
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper
ARRA HITECH Stimulus HIPAA Security Compliance Reporter White Paper ARRA HITECH AND ACR2 HIPAA SECURITY The healthcare industry is in a time of great transition, with a government mandate for EHR/EMR systems,
More informationTools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits
Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer
More informationMeeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel
Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered
More informationRSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS
RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS Security solutions for patient and provider access AT A GLANCE Healthcare organizations of all sizes are responding to the demands of patients, physicians,
More informationBill Moran and Betta Sherman
Compliance TODAY July 2013 a publication of the health care compliance association www.hcca-info.org How an eye doctor s son sees compliance an interview with Stephen Kiess Assistant General Counsel for
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationThe HIPAA Omnibus Final Rule
WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia
More informationCA Technologies Healthcare security solutions:
CA Technologies Healthcare security solutions: Protecting your organization, patients, and information agility made possible Healthcare industry imperatives Security, Privacy, and Compliance HITECH/HIPAA
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationArchitecting Security to Address Compliance for Healthcare Providers
Architecting Security to Address Compliance for Healthcare Providers What You Need to Know to Help Comply with HIPAA Omnibus, PCI DSS 3.0 and Meaningful Use November, 2014 Table of Contents Background...
More informationOverview. Figure 1 - Penetration testing screenshot examples showing (i) PACS image and (ii) breached Electronic Health Record system
Contents Overview... 3 Why Should We Hack Our Own Systems?... 4 Healthcare is a Soft Target... 4 How About Those Compliance Requirements... 5 Breach Avoidance: Compliance Is Not Enough... 6 Supporting
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationTHE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
THE STATE OF HEALTHCARE COMPLIANCE: Keeping up with HIPAA, Advancements in EHR & Additional Regulations [ The State of Healthcare Compliance: Keeping up with HIPAA, Advancements in EHR & Additional Regulations
More informationBuilding Trust and Confidence in Healthcare Information. How TrustNet Helps
Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationThe Importance of Sharing Health Information in a Healthy World
January 30, 2015 Karen DeSalvo, MD, MPH, MSc National Coordinator Office of National Coordinator for Health IT Department of Health and Human Services 200 Independence Ave, SW Washington, DC 20201 Dear
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationInfoGard Healthcare Services. 2015 InfoGard Laboratories Inc.
InfoGard Healthcare Services 10 Steps To Protect My Covered Entity From Breach Your Presenters Alan Martin Account Manger Marvin Byrd Security Engineer Test and Certification Laboratory Healthcare Payment
More informationBEYOND THE EHR MEANINGFUL USE, CONTENT MANAGEMENT AND BUSINESS INTELLIGENCE
WHITE PAPER BEYOND THE EHR MEANINGFUL USE, CONTENT MANAGEMENT AND BUSINESS INTELLIGENCE By Richard Nelli, Senior Vice President and Chief Technical Officer, Streamline Health PAGE 2 EXECUTIVE SUMMARY When
More informationHIPAA COMPLIANCE AND
INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery
More informationDocument Imaging Solutions. The secure exchange of protected health information.
The secure exchange of protected health information. 2 Table of contents 3 Executive summary 3 The high cost of protected health information being at risk 4 The compliance officer s dilemma: keeping PHI
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationDeveloping HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant
Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationHealth Information Technology
Background Brief on September 2014 Inside this Brief Terminology Relevant Federal Policies State HIT Environment, Policy, and HIT Efforts Staff and Agency Contacts Legislative Committee Services State
More informationGuided HIPAA Compliance
Guided HIPAA Compliance HIPAA Solutions for Office Managers and Practitioners SecurityMetrics We protect business Since its founding in 2000, privately-held SecurityMetrics has grown from a small security
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationHIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality
HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.
More informationConverged Infrastructure: Meeting the New Challenges of Healthcare IT
WHITE PAPER Converged Infrastructure: Meeting the New Challenges of Healthcare IT Sponsored by: VCE Lynne Dunbrack March 2015 IDC HEALTH INSIGHTS OPINION Healthcare IT will play a central role in achieving
More informationSanta Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid
Santa Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid February 11, 2011 Chris Apgar, CISSP President Overview ARRA & Meaningful Use Rule Overview
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationSecure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion
In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report
More informationHIPAA Compliance and the Protection of Patient Health Information
HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationHIPAA Summit. March 10, 2011. Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC
HIPAA Summit March 10, 2011 Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC The Secretary shall provide for periodic audits to ensure that covered entities and business associates
More informationSECURETexas Health Information Privacy & Security Certification Program FAQs
What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare
More informationSurviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow.
Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN Jonathan Krasner www.beinetworks.com www.hipaasecurenow.com Healthcare IT Landscape Meaningful Use Incentives Technology Advances
More informationHIPAA Violations Incur Multi-Million Dollar Penalties
HIPAA Violations Incur Multi-Million Dollar Penalties Whitepaper HIPAA Violations Incur Multi-Million Dollar Penalties Have you noticed how many expensive Health Insurance Portability and Accountability
More informationHIPAA Violations Incur Multi-Million Dollar Penalties
HIPAA regulations have undergone major changes in the last few years giving both the federal and state Governments new and enhanced powers and resources to pursue HIPAA violations HIPAA Violations Incur
More informationHHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI
January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative
More informationCompliance, Incentives and Penalties: Hot Topics in US Health IT
Compliance, Incentives and Penalties: Hot Topics in US Health IT Table of Contents Introduction... 1 The Requirements... 1 PCI HIPAA ARRA Carrot and Stick How does third party assurance fit into the overall
More informationBest Practices in HIPAA Security Risk Assessments
BUSINESS WHITE PAPER Best Practices in HIPAA Security Risk Assessments Safeguard your protected health information (PHI) and mitigate the risk of a data breach or loss. WHITEPAPER Best Practices in HIPAA
More informationAnswering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com
Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationThe Medicare and Medicaid EHR incentive
Feature The Meaningful Use Program: Auditing Challenges and Opportunities Your pathway to providing value By Phyllis Patrick, MBA, FACHE, CHC Meaningful Use is an area ripe for providing value through
More informationWelcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013.
Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Business Associates have been part of the focus of the HIPAA regulations since 2003 when the privacy rule went
More informationHIPAA compliance audit: Lessons learned apply to dental practices
HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers
More informationHIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com
HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationEnsuring Privacy & Security of Patient Information
Ensuring Privacy & Security of Patient Information Danika Brinda, Assistant Professor and REACH P&S Subject Matter Expert Jane McGrath, Program Manager REACH/Stratis Health Session 12, Thursday, June 12,
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationHIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com
HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide
More informationHow To Understand And Understand The Benefits Of A Health Insurance Risk Assessment
4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,
More informationHIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13
HIPAA Changes 2013 Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 BEI Who We Are DC Metro IT Service Provider since 1987 Network Design/Upgrade Installation/Managed IT Services for small to medium-sized
More information2013 Healthcare Compliance Benchmark Study
2013 Healthcare Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December of 2012, Compliance 360 (now part of SAI Global), conducted a survey among compliance professionals
More informationOCTOBER 2013 PART 1. Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information
OCTOBER 2013 PART 1 Keeping Data in Motion: How HIPAA affects electronic transfer of protected health information Part 1: How HIPAA affects electronic transfer of protected health information It is difficult
More informationPrivacy and Security: Meaningful Use in Healthcare Organizations
Privacy and Security: Meaningful Use in Healthcare Organizations Phyllis A. Patrick, MBA, FACHE, CHC July 20, 2011 Webinar Essentials 1. Session is currently being recorded, and will be available on our
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationHIPAA in an Omnibus World. Presented by
HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters
More informationA smarter way to protect your brand. Copyright 2012 Compliance 360 All Rights Reserved
A smarter way to protect your brand Minimizing Compliance Risks of Proactive OCR HIPAA Audits Copyright 2012 Compliance 360 All Rights Reserved Compliance 360 at a Glance Compliance, Risk and Audit Solutions
More informationHIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com
HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationCybersecurity for Meaningful Use. 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013
Cybersecurity for Meaningful Use 2013 FRHA Annual Summit "Setting the Health Care Table: Politics, Economics, Health" November 20-22, 2013 Healthcare Sector Vulnerable to Hackers By Robert O Harrow Jr.,
More informationDissecting New HIPAA Rules and What Compliance Means For You
Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationMeaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM. www.getrealhealth.com
www.getrealhealth.com Meaningful Use Overview We are at the forefront of the patient engagement era. The American Recovery and Reinvestment Act of 2009 included the Health Information Technology for Economic
More informationImpact of Meaningful Use and Healthcare Transformation On Patient Access
Impact of Meaningful Use and Healthcare Transformation On Patient Access Copyright 2011 BluePrint Healthcare IT. All rights reserved NAHAM Northeast Conference October 2011 Stamford, CT Introduction 1.
More informationEGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY
Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored
More informationIncreasing Security Defenses in Cost-Sensitive Healthcare IT Environments
Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments Regulatory and Risk Background When the Health Insurance Portability and Accountability Act Security Standard (HIPAA) was finalized
More informationSOLUTION BRIEF SEPTEMBER 2014. Healthcare Security Solutions: Protecting your Organization, Patients, and Information
SOLUTION BRIEF SEPTEMBER 2014 Healthcare Security Solutions: Protecting your Organization, Patients, and Information SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT 94% of healthcare organizations
More informationThe benefits you need... from the name you know and trust
The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices
More informationHIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )
HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address
More informationHealth Record Banking Alliance
Health Record Banking Alliance From: William A. Yasnoff, MD, PhD, President, Health Record Banking Alliance To: Regulations.Gov Website at http://www.regulations.gov/search/regs/home.html#home Date: May
More information2012 HIPAA Privacy and Security Audits
Office of the Secretary Office for Civil Rights (OCR) 2012 HIPAA Privacy and Security Audits Linda Sanches OCR Senior Advisor, Health Information Privacy Lead, HIPAA Compliance Audits OCR 1 Agenda Background
More informationHIPAA: AN OVERVIEW September 2013
HIPAA: AN OVERVIEW September 2013 Introduction The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was enacted on August 21, 1996. The overall goal was to simplify and streamline
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationLatest Changes in Healthcare Regulations and the IT Solutions Needed to Address Them
Latest Changes in Healthcare Regulations and the IT Solutions Needed to Address Them Five critical IT capabilities providers need to stay in front of today s evolving regulatory environment 1 Table of
More informationTexas Medical Records Privacy Act (a.k.a. Texas House Bill 300)
Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Ricky Link, Coalfire ISACA North Texas and IIA Fort Worth Chapters The Petroleum Club of Fort Worth March 4, 2014 1 About Coalfire Coalfire
More informationHealth Care - Meaningful Use of HITECH
Planning for the Stimulus - Achieving Meaningful Use of Healthcare IT John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center My Definition of Meaningful Use Processes and
More informationJoe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
More information