Securing Patient Portals
|
|
- Ann Atkinson
- 8 years ago
- Views:
Transcription
1 Securing Patient Portals What you need to know to comply with HIPAA Omnibus and Meaningful Use Brian Selfridge, Partner, Meditology Services, LLC Blake Sutherland, VP Enterprise Business, Trend Micro
2 Brian Selfridge, Meditology 12+ years experience in healthcare IT security and compliance leadership Previously CISO of AtlantiCare and healthcare security practice at PricewaterhouseCoopers Published author, certified CISSP and Info systems security and info assurance by CNSS & NSA Leads Meditology s IT Risk Management practice Meditology is dedicated to delivering expertise and leadership in information privacy and security, compliance, and audit, specifically for healthcare. 2
3 Blake Sutherland, Trend Micro 15+ years experience in security Helped to bring Cloud Security to the forefront at Third Brigade acquired by Trend Micro Experience with HITRUST Trend Micro Incorporated, a global leader in security so<ware, strives to make the world safe for exchanging digital informadon. Our innovadve security soludons for consumers, businesses and governments protect informadon on mobile devices, endpoints, gateways, servers and the cloud. 3
4 Agenda Introductions Healthcare Industry Trends Incentives & Penalties Patient Portal Security Requirements How to Address Security Requirements Trend Micro Security for Patient Portals Questions 4
5 HEALTHCARE INDUSTRY TRENDS 5
6 Healthcare Industry Trends The move to 3 rd party hosted applications is shifting security administration, but not the risk Market and regulatory pressures are driving rapid portal adoption Mandatory breach notification under HITECH is increasing visibility for data loss events Oversight from federal and state agencies is ramping up o OCR o CMS o State Attorneys General 6
7 INCENTIVES & PENALTIES 7
8 Incentives & Penalties Patient Portals and Meaningful Use (MU) o HITECH provides $19.2 billion in incentive payments to promote EHR adoption o Requires certified EHR technology and deployment of a secure patient portal o Incentive payments scale from individual providers to large health systems o MU also establishes penalties in future years for providers that have not met requirements 8
9 Incentives & Penalties (continued) HIPAA / HITECH / Omnibus o Penalties can be up to $1.5 million per year per violation Covered En*ty OCR Fine New York and Presbyterian Hospital (NYP) Columbia University (CU) WellPoint Inc. Affinity Health Plan, Inc. Idaho State University Shasta Regional Medical Center Skagit County Adult & Pediatric Dermatology, P.C. $4,800,000 $4,800,000 $1,700,000 $1,215,780 $400,000 $275,000 $215,000 $150,000 9
10 PATIENT PORTAL SECURITY REQUIREMENTS 10
11 MU Security Requirements 11
12 Portal Security Scope (1) Risk Analysis AdministraDve HIPAA Security Rule Physical Technical (2) Secure Messaging PaDents Download Data ARRA / MU PaDent Portal Requirements Reminders EducaDonal Materials 12
13 MU & Portal Security Myths Source: The Office of the Na-onal Coordinator for Health Informa-on Technology (ONC), hap:// and- security- guide- chapter- 2.pdf 13
14 HOW TO ADDRESS SECURITY REQUIREMENTS 14
15 Risk Assessment Process There is no single prescriptive method that guarantees compliance with the Security Rule, but a typical security risk assessment includes the following steps: o Assess risks and identify potential threats to the confidentiality, integrity and availability of ephi. o Respond to risks by creating a Corrective Action Plan and prioritizing remediation efforts. o Continuously monitor changes that may affect security controls and update the Corrective Action Plan. Monitor Results Respond to Risks Assess Risks 15
16 Determination of Risk Relevant Threats Internal and External VulnerabiliDes Degree of harm that may occur Likelihood that harm will occur 16
17 Corrective Action Plan Degree of Risk Threats & VulnerabiliDes RemediaDon Priority Correc*ve Ac*on Plan Start & End Date Owner Milestones 17
18 Monitor Risks Key Performance Indicators Monitor Risk Changes to systems, environment Compliance CAP Progress 18
19 Sharing the Risk Third- party snafus are adributed for 41 percent of breaches. Over the past three years, the number of security incidents at companies adributed to partners and vendors has risen increasing from 20% in 2010 to 28% in % of data breaches analyzed by TrustWave resulted from a third- party which introduced the security deficiencies that were uldmately exploited. 19
20 Technical Vulnerabilities Identify potential vulnerabilities to the patient portal through technical testing including: o Application-level vulnerabilities o Supporting infrastructure and platforms o Web servers o Databases o Access and authentication Assess against standards such as HITRUST and the Open Web Application Security Project (OWASP) Conduct routine scanning to identify vulnerabilities over time 20
21 21 Source: OWASP, 2014 haps://
22 Technical Vulnerabilities Encryption Requirements o Stage 2 of MU specifically requires addressing the encryption and security of data stored and transmitted via the certified EHR technology o Verify encryption is in place and actively protecting ephi Encryption Solutions o Encrypt data at rest including in backups, laptops, and mobile devices o Use Extended Validation (EV) SSL certificates to secure all transactions and communications on the portal and to visually indicate to visitors that the site is secure. 22
23 What to look for in a PaDent Portal Security SoluDon Blake Sutherland
24 Trend Micro Security for PaDent Portals Patient Portal Landscape Patient Portal Vendors Epic MyChart Cerner Patient Portal RelayHealth Portal McKesson My Care Plus Intuit Health Portal AllScripts Portal eclinicalworks Portal Jardog s FollowMyHealth NextGen Third Party / Cloud Hosted Data Center Home Health PaDent Portal Claims EHR Billing Human Resources AnalyDcs Security for Patient Portals Web site: DS for Web Apps Data: SecureCloud Data Center: Deep Security Advanced Threats: Deep Discovery Endpoints: OfficeScan, Encryption, InterScan Web Security, InterScan Messaging Security, ScanMail EHR Human Resources Claims Patient Portal web app PaDent Portal Pharmacy Home Health Lab AnalyDcs Billing / Finance EHR Lab Patient Portal On-Premise Data Center Medical Devices 24
25 RecommendaDon Reminder You need a Patient Portal security approach that addresses: Routine risk assessment and corrective action tracking Comprehensive vulnerability detection Actionable insight on vulnerabilities for faster mitigation Security for your entire ecosystem including patient portal, data center, medical devices, end user devices and sensitive data Trend Micro can help. Request your Patient portal health check today! webappsecurity.trendmicro.com 25
26 Questions? Thank you for your time 26
27 Contact Us Brian Selfridge Meditology Services Blake Sutherland Trend Micro For more information visit webappsecurity.trendmicro.com Meditology Services, Atlanta, GA. All Rights Reserved
Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use
Securing Patient Portals What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use September 2013 Table of Contents Abstract... 3 The Carrot and the Stick: Incentives and Penalties for Securing
More informationArchitecting Security to Address Compliance for Healthcare Providers
Architecting Security to Address Compliance for Healthcare Providers What You Need to Know to Help Comply with HIPAA Omnibus, PCI DSS 3.0 and Meaningful Use November, 2014 Table of Contents Background...
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationHIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014
HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationLessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Audit. Iliana L. Peters, J.D., LL.M. April 23, 2014
Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Audit Iliana L. Peters, J.D., LL.M. April 23, 2014 OCR RULEMAKING UPDATE What s Done? What s to Come? What s Done: Interim Final Rules
More informationHIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality
HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.
More informationThe HIPAA Omnibus Final Rule
WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationGreenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013
Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationOIG Security Audit: What You Need To Know
Watch the Replay on YouTube OIG Security Audit: What You Need To Know Executive Series Webinar July 23rd, 2015 Today s Speakers Elana R. Zana Attorney & Author Ogden Murphy Wallace P.L.L.C. ezana@omwlaw.com
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationStraight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes
Watch the Replay Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes FairWarning Executive Webinar Series May 20, 2014 #AnytimeAudit Today s Panel Laura E. Rosas, JD, MPH
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationIntelligent Vendor Risk Management
Intelligent Vendor Risk Management Cliff Baker, Managing Partner, Meditology Services LeeAnn Foltz, JD Compliance Resource Consultant, WoltersKluwer Law & Business Agenda Why it s Needed Regulatory Breach
More informationDeveloping HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant
Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationSecure Endpoint Management. Presented by Kinette Crain and Brad Lewis
Secure Endpoint Management Presented by Kinette Crain and Brad Lewis Brad Lewis Brad Lewis - Service Specialist 14 years of IT experience In-House Support Manager Network Administrator Assessing Risk:
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationHIPAA LIAISON MEETING PRESENTAITON. August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer
HIPAA LIAISON MEETING PRESENTAITON August 11, 2015 Leslie J. Pfeffer, BS, CHP University HIPAA Privacy Officer Current State of HIPAA Enforcement Content Contributor Abby Bonjean, Investigator Office for
More informationSustainable Compliance: A System for Ongoing Audit Readiness
View the Replay on YouTube Sustainable Compliance: A System for Ongoing Audit Readiness FairWarning Executive Webinar Series November 14, 2013 Agenda Sustainable Compliance at St. Charles Health System
More informationTools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits
Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer
More informationPrivacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:
HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates
More informationCompliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire
Compliance, Security and Risk Management Relationship Advice Andrew Hicks, Director Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control panel on
More informationHIPAA - Breaking News!
Health IT and Meaningful Use Update Nebraska Healthcare Quality Forum June 4, 2014 Barbara E. Person and Michael W. Chase Baird Holm LLP #1258792 HIPAA - Breaking News! Office for Civil Rights (OCR) will
More informationPrivacy and Security Challenges of Meaningful Use
Privacy and Security Challenges of Meaningful Use Rich Cohan, MBA, FACHE, CHC, CCEP Adam H. Greene, JD, MPH DISCLAIMER: The views and opinions expressed in this presentation are those of the author and
More informationAssessing Your HIPAA Compliance Risk
Assessing Your HIPAA Compliance Risk Jennifer Kennedy, MA, BSN, RN, CHC National Hospice and Palliative Care Organization HIPAA Security Rule All electronic protected health information (PHI and EPHI)
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationSustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments
View the Replay on YouTube Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments FairWarning Executive Webinar Series October 31, 2013 Today s Panel Chris Arnold
More informationQ: How does a provider know if their Email system has encryption? Do big email services (gmail, yahoo, hotmail, etc.) have built-in encryption?
Q: How does a provider know if their Email system has encryption? Do big email services (gmail, yahoo, hotmail, etc.) have built-in encryption? A. Most e-mail systems do not include encryption. There are
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Simplifying the Meaningful Use Privacy and Security Risk Assessment September 2010 Table of Contents Regulatory Background CSF Assurance Program Simplifying the Risk Assessment
More informationHIPAA Privacy and Information Security Management Briefing
HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationStrategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager
Strategies for 1 Proactively Auditing HIPAA Security Compliance to Mitigate Risk Matt Jackson, Director Kevin Dunnahoo, Manager AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationOutline. Outline. What is HIPAA? I. HIPAA Compliance II. Why Should You Care? III. What Should You Do Now?
Outline MOR-OF Education and Medical Expo August 23, 2014 Tatiana Melnik Melnik Legal PLLC tatiana@melniklegal.com 734-358-4201 Tampa, FL I. HIPAA Compliance II. Why Should You Care? A. Market Pressure
More informationHIPAA COMPLIANCE PLAN FOR 2013
HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt
More informationOCR UPDATE Breach Notification Rule & Business Associates (BA)
OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the
More informationMeaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality
Meaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality Meaningful Use Stage 1 Focuses on Functional & Interoperability
More informationHealthcare and IT Working Together. 2013 KY HFMA Spring Institute
Healthcare and IT Working Together 2013 KY HFMA Spring Institute Introduction Michael R Gilliam Over 7 Years Experience in Cyber Security BA Telecommunications Network Security CISSP, GHIC, CCFE, SnortCP,
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationPatient Privacy and Security. Presented by, Jeffery Daigrepont
Patient Privacy and Security Presented by, Jeffery Daigrepont Jeffery Daigrepont, SVP No Financial Conflicts to Report Jeffery Daigrepont, Senior Vice President of The Coker Group, specializes in health
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA Summit. March 10, 2011. Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC
HIPAA Summit March 10, 2011 Phyllis A. Patrick, MBA, FACHE, CHC Phyllis A. Patrick & Associates LLC The Secretary shall provide for periodic audits to ensure that covered entities and business associates
More informationHIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1
HIPAA/HITECH Privacy and Security for Long Term Care 1 John DiMaggio Chief Executive Officer, Blue Orange Compliance Cliff Mull Partner, Benesch, Healthcare Practice Group About the Presenters John DiMaggio,
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationSanta Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid
Santa Rosa Presents Webinar Series Electronic Health Records & Meaningful Use Incentives: Medicare & Medicaid February 11, 2011 Chris Apgar, CISSP President Overview ARRA & Meaningful Use Rule Overview
More informationOCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013
ISACA - North Texas Chapter April 11, 2013 Introduction 1 2 Basic components of HIPAA and HITECH legislation HITECH and rising breaches 3 4 OCR HIPAA audits Key findings of the pilot audits 5 Approaches
More informationHIPAA Changes 2013. Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13
HIPAA Changes 2013 Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13 BEI Who We Are DC Metro IT Service Provider since 1987 Network Design/Upgrade Installation/Managed IT Services for small to medium-sized
More informationHIPAA in an Omnibus World. Presented by
HIPAA in an Omnibus World Presented by HITECH COMPLIANCE ASSOCIATES IS NOT A LAW FIRM The information given is not intended to be a substitute for legal advice or consultation. As always in legal matters
More informationBuild a HIPAA- Compliant Prac5ce. Wes Strickling, Founder & CEO
Build a HIPAA- Compliant Prac5ce Wes Strickling, Founder & CEO Agenda What is HIPAA Compliance? What does it mean to your prac5ce? What should you do? Q & A What Is HIPAA Compliance? Health Insurance Portability
More informationMeaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM. www.getrealhealth.com
www.getrealhealth.com Meaningful Use Overview We are at the forefront of the patient engagement era. The American Recovery and Reinvestment Act of 2009 included the Health Information Technology for Economic
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationHIPAA Security & Compliance
Creative Mind. Creative Heart. Creative Care. 2014 WALA Spring Conference HIPAA Security & Compliance Jeff Grady Thursday, March 27 10:30 am HIPAA Security & Compliance A TIME FOR ACTION Jeff Grady, Senior
More informationAre You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives
Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)
More informationHIPAA: Compliance Essentials
HIPAA: Compliance Essentials Presented by: Health Security Solutions August 15, 2014 What is HIPAA?? HIPAA is Law that governs a person s ability to qualify immediately for health coverage when they change
More informationSecurity & Privacy Strategies for Expanded Communities. Deven McGraw Partner Manatt, Phelps & Phillips LLP
Security & Privacy Strategies for Expanded Communities Deven McGraw Partner Manatt, Phelps & Phillips LLP 1 Key Challenges in Community Data Sharing Patient-mediated data sharing Sharing data with companies
More informationOIG Security Audits of EHR Incentive Program Participants
OIG Security Audits of EHR Incentive Program Participants April 12-16, 2015 David G. Schoolcraft and Elana R. Zana Attorneys Ogden Murphy Wallace, P.L.L.C. 1 DISCLAIMER: The views and opinions expressed
More informationHIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates
HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the
More informationSurviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow.
Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN Jonathan Krasner www.beinetworks.com www.hipaasecurenow.com Healthcare IT Landscape Meaningful Use Incentives Technology Advances
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper
ARRA HITECH Stimulus HIPAA Security Compliance Reporter White Paper ARRA HITECH AND ACR2 HIPAA SECURITY The healthcare industry is in a time of great transition, with a government mandate for EHR/EMR systems,
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationHow to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents
More informationAVOIDING THE BREACH 5 Common Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
AVOIDING THE BREACH 5 Common Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk Chris Bowen, MBA, CISSP, CIPP/US, CIPT Founder, Chief Privacy & Security Officer The majority of breaches
More informationTHE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE
THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE The Speakers Cinda Velasco Attorney, Manager, Privacy Officer Patient Safety and Risk Management Trish Lugtu Senior Manager MMIC
More informationJoe Dylewski President, ATMP Solutions
Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationDocument Imaging Solutions. The secure exchange of protected health information.
The secure exchange of protected health information. 2 Table of contents 3 Executive summary 3 The high cost of protected health information being at risk 4 The compliance officer s dilemma: keeping PHI
More informationTrend Micro Data Protection
Trend Micro Data Protection Solutions for privacy, disclosure and encryption A Trend Micro White Paper I. INTRODUCTION Enterprises are faced with addressing several common compliance requirements across
More informationIncreasing Security Defenses in Cost-Sensitive Healthcare IT Environments
Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments Regulatory and Risk Background When the Health Insurance Portability and Accountability Act Security Standard (HIPAA) was finalized
More informationDisclaimer 8/8/2014. Current Developments in Privacy and Security Rule Enforcement
Office of the Secretary Office for Civil Rights () Current Developments in Privacy and Security Rule Enforcement Michigan Medical Billers Association Andrew C. Kruley, J.D. Equal Opportunity Specialist
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationPreparing for HIPAA and Meaningful Use Compliance Audits
Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationRaymond: Beyond Basic HIPAA - GSHA Convention 2-28-15 1 HIPAA HIPAA HIPAA. Financial. Carol Ann Raymond, MBA, Ed.S., CCC-SLP
Carol Ann Raymond, MBA, Ed.S., CCC-SLP Associate Clinical Professor/Clinic Director Department of Communication Sciences and Disorders Financial o Employed by the University of Georgia o Non-Financial
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationEnsuring Privacy & Security of Patient Information
Ensuring Privacy & Security of Patient Information Danika Brinda, Assistant Professor and REACH P&S Subject Matter Expert Jane McGrath, Program Manager REACH/Stratis Health Session 12, Thursday, June 12,
More informationHIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates
HIPAA Myths WEDI Member Town Hall Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationSECURETexas Health Information Privacy & Security Certification Program FAQs
What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationMU Security & Privacy Risk Assessments: What It Is & How to Approach It
MU Security & Privacy Risk Assessments: What It Is & How to Approach It Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, ASEP, CCSFP CISO & VP, CSF Development & Implementation Health Information Trust Alliance
More informationWhat can HITRUST do for me?
What can HITRUST do for me? Dr. Bryan Cline CISO & VP, CSF Development & Implementation Bryan.Cline@HITRUSTalliance.net Jason Taule Chief Security & Privacy Officer Jason.Taule@FEIsystems.com Introduction
More information