Joe Dylewski President, ATMP Solutions

Size: px

Start display at page:

Download "Joe Dylewski President, ATMP Solutions"

Margaret McCoy
8 years ago
Views:

1 Joe Dylewski President, ATMP Solutions

2 Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare Practice Director for Compuware Certified HIPAA Professional Certified HIPAA Security Specialist ITIL Foundation Certified

Served as Michigan Healthcare Practice Director for Compuware Certified

3 HIPAA Overview HITECH and HIPAA Implications in the Cloud A Healthcare Cloud Scenario Location of Electronic Protected Health Information (ephi) Who has HIPAA responsibilities? Recommendations

4 HIPAA Health Insurance Portability and Accountability Act of 1996 Insurance Portability Administrative Simplification Privacy of Protected Health Information (PHI) Security of Protected Health Information

Administrative Simplification Privacy of Protected

5 HIPAA Title II Administrative Simplification Electronic Data Interchange (Transaction and Code Sets) Security Rule Privacy Rule Administrative Safeguards Physical Safeguards Technical Safeguards

6 Addresses Confidentiality of Protected Health Information Integrity of Protected Health Information Availability of Protected Health Information

7 Security Compliance Policy Proof

8 A Health Care Provider This includes providers such as: Doctors Clinics Psychologists Dentists Chiropractors Nursing Homes Pharmacies (if information is transmitted in electronic form using a transaction for which HHS has adopted a standard. Covered Entities A Health Plan This includes: Health insurance companies HMOs Company health plans Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs A Health Care Clearinghouse This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Covered Entities A Health Plan This includes: Health insurance companies HMOs Company health plans Government programs that pay for health care, such as Medicare,

9 Business Associates A critical aspect of doing business within the Healthcare community is anyone who has physical or virtual access to PHI, is bound by the same regulations as the customers they serve.

who has physical or virtual access to PHI, is

10 HITECH - The Health Information Technology for Economic Recovery and Reinvestment Act of 2009 Began in 2004 with Bush Administration vision for Electronic Health Records by 2014 Signed into law February 17, 2009 as a portion of ARRA Appropriated $44,000 to $63,000 to be provided as individual reimbursement to physicians who adopt and meaningfully use Electronic Medical Records The disbursement schedule for ARRA funds began in 2011 and is staggered across five years

Appropriated $44,000 to $63,000 to be provided as individual reimbursement to physicians who adopt and meaningfully

11 HIPAA Now Has Teeth Fines and Enforcement Maximum fines raised from $25K to $1.5M Enforced by the Office of Civil Rights Currently building HIPAA audit candidate target list Fines collected fund and support the enforcement process Funds appropriated within HITECH to develop enforcement efforts within the State s Attorney General Office Ignorance no longer tolerated

list Fines collected fund and support the enforcement process Funds appropriated within

12 Category Key Statistics Total Breaches No BA Involved BA Involved Total Breach Notifications Percent of Total 100% 79% 21% Total Individuals Affected 10,866,480 4,823,658 6,042,822 Percent of Total 100% 44% 56% Average Individuals per Breach 39,950 22, ,908 Source :U.S. Department of Health and Human Services HIPAA Breach Notifications

10,866,480 4,823,658 6,042,822 Percent of Total 100% 44% 56% Average Individuals per

13 EMR Private Cloud / Data Center Health Information Exchange (HIE) DR Site IT Services Insurance Company Physician Practice Document Destruction Lab Health System

14 EMR Private Cloud / Data Center Health Information Exchange (HIE) DR Site IT Services Insurance Company Physician Practice Document Destruction Lab Health System

15 EMR Private Cloud / Data Center Health Information Exchange (HIE) DR Site IT Services Insurance Company Physician Practice Document Destruction Lab Health System

16 Data Encryption at rest and in transit Separation of Covered Entity PHI Appropriate Access Control Standards Private Cloud / Data Center Pervasive Administrative Safeguards and Policies Clinical Continuity and Disaster Recovery Capabilities Appropriate Incident Awareness and Response Transaction Audit Trails

Administrative Safeguards and Policies Clinical Continuity and Disaster

17 Private Cloud / Data Center Clear Business Associate Agreements and Service Level Agreements Appropriate Physical Security Measures Appropriate Technical Security Measures Primary HIPAA Contact

18 Questions and Answers

Cost Effective Protection Against HIPAA Enforcement

Cost Effective Protection Against HIPAA Enforcement With Special Guest Speaker: Joe Dylewski, President, ATMP Group Joseph Dylewski is a twenty-three year Information Technology Professional veteran, with