The Must Have Tools To Address Your Compliance Challenge

Transcription

1 The Must Have Tools To Address Your Compliance Challenge

2 Industry leading Education October 21 - Top 5 tools to help you achieve HIPAA compliance November 11 - Saving time and money through web-based benefits administration and consolidated billing Certified Partner Program For Today Please ask questions! (We are going to) Today s Slides Upcoming & past webinars: Get Involved #cgwebinar HIPAA

3 The Must Have Tools To Address Your Compliance Challenge Question What best describes your organization s view of HIPAA compliance?

4 The Must Have Tools to Address Your HIPAA Compliance Challenge - Encryption Andy Nieto, Health IT Strategist

5 Agenda Introductions? Has anybody not heard of HIPAA? Three keys for successful encryption 5

6 First Utilize existing workflow» Easier for sender and receiver» Increased user acceptance» Often more efficient 6

7 It s not just technology Cultivate a culture of compliance» Endorsed and practiced from the top down» Becomes a way of working 7

8 Go beyond your own walls Develop security risk awareness» Business Associates» Patients» Providers 8

9 Thanks Andy Nieto Healthcare IT Strategist x240 9

10 The Must Have Tools To Address Your Compliance Challenge Question Do you think Meaningful Use attestation makes you HIPAA compliant?

11 Why a Risk Assessment is NOT enough!

12 What Do All Compliance Regulations Have In Common? Step 1. Assess where you are against the regulation (GAP) The key to a risk analysis is auditing yourself against the administrative, technical, and physical aspects of HIPAA A risk analysis will help you attest to Meaningful Use Stage 1 Core Requirement 15 Step 2. Remediation Plan Prove that you remediated the deficiencies identified in the risk analysis For example, lack of Policies & Procedures, Training, Attestation, and IT deficiencies

13 Beyond a Risk Analysis Step 3. How do you illustrate your compliance plan? Administrative Policies & Procedures Technical IT security including, servers, routers firewalls and Devices with PHI on them Physical Security within physical locations of your practice(s) Step 4. Creating a culture of compliance Maintaining your compliance Auditing your sites regularly Refreshing your staffs training

14 What CMS, HHS & OCR is Saying ***Only 11% of Covered Entities passed the audit, 70% of Covered Entities are not compliant*** "OCR determined that the most common cause of findings or observations was that the CE was entirely unaware of the requirement. Pleading ignorance will not be a defense when OCR comes to call. * *

15 The Must Have Tools To Address Your Compliance Challenge Question Have your Business Associates signed a BAA and provided the necessary documentation?

16 HIPAA COMPLIANT CLOUDS Should be: Independently HIPAA audited to the OCR Audit Protocol Guidelines Include encryption out of the box FIPS requires AES 256 bit encryption End-to-end: All the way to the backup Within high-availability data center with rigorous physical and network security safeguards Give you options: Not all private clouds can scale Not all clouds provide compliant offsite backup & recovery Copyright 2014 Online Tech. All rights reserved. CONFIDENTIAL

17 CLOUD BACKUP & RECOVERY Get offsite Ask yourself, would Mr. FIPS approve? What are your recovery oppons? Can you fly/drive/walk/point to where your offsite backup data lives? Copyright 2014 Online Tech. All rights reserved. CONFIDENTIAL

18 CULTURE OF COMPLIANCE HIPAA Certified = Healthcare s unicorn Ask for and read the independent audit report Experience the culture for yourself Partner or liability? Ask yourself, will I sleep better here? Copyright 2014 Online Tech. All rights reserved. CONFIDENTIAL

19 The Must Have Tools To Address Your Compliance Challenge Question When it comes to HIPAA non-compliance, what do you think is worse?

20 HIPAA Breaches AffecPng 500+ Records [Source: HHS] 4.92% 1.31% 9.43% 12.31% 46.01% 12.96% 13.04% Portable Media Network Server Computer Laptop EMR Paper E- mail Most breaches: lost/stolen devices

21 Top HIPAA File Sharing Risks Not Solved by BAA 1. Device Loss with Unencrypted PHI 2. Accidental Sharing of PHI 3. Unencrypted PHI on Cloud? Solved by BAA

22 Sookasa: Top 5 Tools Signed BAA Dropbox Box Google Drive Sookasa + Dropbox On- device EncrypPon Prevent Accidental Sharing Access Control for On- device Data End User Experience and Sync Popularity (Network Effect)

23 The Must Have Tools To Address Your Compliance Challenge Question Generally speaking, how expensive do you think it is to encrypt?

24 qliqconnect Secure, HIPAA- Compliant Mobile Messaging SoluNons qliqsoft,inc.

25 Risks to Healthcare CIO Smartphones & BYOD - More healthcare providers are using their own smartphones. SMS TexNng - Physicians and nurses have discovered the effec8veness of tex8ng. HIPAA ViolaNons - Increasing audits and financial penal8es for HIPAA viola8ons.

26 Must haves for HIPAA compliant messaging Full HIPAA- compliance No PHI Stored on 3 rd Party Vendor System Public/Private Key EncrypPon Increase in producpvity and happiness of healthcare providers

27 Security and Compliance User authenpcapon (Supports acpve directory) Remote lock and data wipe Configure message retenpon Ability to audit user acpvity Configurable password segngs

28 Q&A Please ask questions! (We are going to) Certified Partner Program Today s Slides: Upcoming & Past webinars: October 21 - Top 5 Compliance Tools November 11 - Saving time and money through Web-based Benefits administration and consolidated billing HIPAA

29 Our Panelists Andy Nieto Healthcare IT Strategist Ext 240 Marc Haskelson President/CEO of Compliancy Group Ext 507 Daryl Glover Executive VP Strategic Initiatives Ext 103 Asaf Cidon CEO and Co-founder of Sookasa April Sage Director Healthcare IT Ext 113

30