TURN HIPAA COMPLEXITY INTO HIPAA COMPLIANCE

Similar documents
Turn hipaa. hipaa compliance

2016 OCR AUDIT E-BOOK

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Bridging the HIPAA/HITECH Compliance Gap

The Impact of HIPAA and HITECH

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

Cirius Whitepaper for Medical Practices

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HIPAA and HITECH Compliance for Cloud Applications

Greenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Overview of the HIPAA Security Rule

Vendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Nine Network Considerations in the New HIPAA Landscape

PCI DSS Top 10 Reports March 2011

HITRUST CSF Assurance Program

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

How to Use the NYeC Privacy and Security Toolkit V 1.1

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

HITRUST CSF Assurance Program

What do you need to know?

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Compliance in 5 Steps

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

HIPAA Compliance Review Analysis and Summary of Results

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Why Encryption is Essential to the Safety of Your Business

Lessons Learned from HIPAA Audits

HIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014

Security Incident Response Process. Category: Information Security and Privacy. The Commonwealth of Pennsylvania

July 6, Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263

Can You be HIPAA/HITECH Compliant in the Cloud?

Preparing for the HIPAA Security Rule

How To Find Out What People Think About Hipaa Compliance

Document Imaging Solutions. The secure exchange of protected health information.

Guided HIPAA Compliance

Arizona Physicians Group To Pay $100,000 To Settle HIPAA Charges

Preemptive security solutions for healthcare

HIPAA Security Rule Compliance

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

10 Hidden IT Risks That Threaten Your Practice

Healthcare Information Security Today

Managing data security and privacy risk of third-party vendors

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE

Encryption Services

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

HIPAA Compliance: Efficient Tools to Follow the Rules

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

SECURETexas Health Information Privacy & Security Certification Program FAQs

Encryption Services

Security Is Everyone s Concern:

Emptoris Contract Management Solution for Healthcare Providers

Regulatory Compliance Management for Energy and Utilities

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

FACT SHEET: Ransomware and HIPAA

What s New with HIPAA? Policy and Enforcement Update

COMPLIANCE ALERT 10-12

ForeScout MDM Enterprise

The ForeScout Difference

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

HIPAA Compliance: Are you prepared for the new regulatory changes?

Transcription:

BUSINESS CASE TURN HIPAA COMPLEXITY INTO HIPAA COMPLIANCE In today s world of HIPAA and HITECH regulations, not developing a plan for compliance is risky business for Healthcare providers. Multiple government agencies are actively enforcing these laws, and the penalty for non-compliance can be up to $1.5 million over the course of a calendar year. QUICK FACTS: Over 30 million electronic medical records have been compromised since 2009 Yet most facilities simply do not have the manpower to research, implement and enforce a complex set of regulations and controls. And doing so is not a one-time event, but rather a continuous process that requires up to date research, analysis and monitoring. In response to this challenge, many healthcare providers have partnered with BlueOrange Compliance to help them turn HIPAA complexity into HIPAA compliance. Penalties can be up to $1.5 million over the course of a calendar year

PROJECT DESCRIPTION Miami Jewish Health Systems did just that. This internationally renowned organization encompasses long term care facilities, assisted and independent living facilities, and on-campus acute care services. For nearly a century, Miami Jewish Health Systems has established a successful track record of promoting patient health and improving the quality of resident life. In the expanding complexity of a paperless healthcare world, safeguarding the privacy and security of their patients electronic medical and billing records became progressively more challenging. Bernardo Larralde, the Director of Information Technology for Miami Jewish Health Systems was working to keep up with the complex and numerous laws, but quickly realized they would benefit by leveraging BlueOrange compliance experience. We had purchased a generic security policies package to help us develop the required HIPAA security measures alone, but the policy development process was cumbersome, complicated and did not provide the required support and guidance offered by BlueOrange. Recognizing the challenge, Bernie partnered with BlueOrange Compliance, a company specializing in assisting Healthcare organizations navigate privacy and security laws. We had purchased a generic security policies package to help us develop the required HIPAA security measures alone, but the policy development process was cumbersome, complicated and did not provide the required support and guidance offered by BlueOrange. Bernardo Larralde Director of Information Technology for Miami Jewish Health Systems 2

COMPANY PROFILE Miami Jewish Health Systems Miami, Florida Miami Jewish Health Systems is an innovative healthcare provider helping people of all ages, cultures and faiths to enjoy longer, healthier and more enriched lives. 800 FULL-TIME staff members plus 400 business partners 550 WORKSTATION devices deployed LTC SOFTWARE PointClick Care Visit Miami Jewish Health Systems at www.miamijewishhealthsystems.org In a matter of weeks, Miami Jewish Health Systems received an easy-toread snapshot that identified key areas of importance and set benchmarks for improvement over the next nine months. 3

IMPLEMENTATION APPROACH The implementation approach was simple and lowtouch. BlueOrange Compliance began their work with Miami Jewish Health Systems by performing a thorough assessment to identify security deficiencies that might allow unauthorized access or risk. A heavy emphasis was placed on existing EMR use, practices and oversight. An on-site visit was conducted to gather, confirm and evaluate all pertinent security data. The entire assessment process relied on the up-to-date industry knowledge of BlueOrange Compliance staff to evaluate all relevant policies, procedures and controls, and required a minimal amount of time from the Miami Jewish Health Systems staff. BlueOrange customized the evaluation and assessment to meet the unique business practices and resource availability of Miami Jewish Health Systems. BlueOrange was able to analyze our environment and provide guidance to help us mitigate our risk exposure. Bernardo Larralde Director of Information Technology for Miami Jewish Health Systems ADVANTAGES TO APPROACH The advantages to the approach were quickly apparent. In a matter of weeks, Miami Jewish Health Systems received an easy-to-read snapshot that identified key areas of importance and set benchmarks for improvement over the next nine months. The assessment also showed how Miami Jewish Health Systems compared to other healthcare organizations. We have a good understanding of our security infrastructure and any possible area of concern, Bernie stated BlueOrange was able to analyze our environment and provide guidance to help us mitigate our risk exposure. After providing the initial assessment, BlueOrange is with you every step of the way by supporting and guiding the remediation process. We had a long list of remediation opportunities and limited resources, Bernie recalled, and BlueOrange made our remediation successful by providing project lead and oversight. 4

OUTCOME Bernie indicates that one of the most significant security improvements achieved was in documentation and analysis. We used to just think about security with each new roll-out, now we analyze, document, and monitor all security aspects. Bernie stresses the need to constantly monitor and evaluate. We had good policies in place, but did not have a process for monitoring their use. Now, for instance, our system alerts us if a user sends ephi data unencrypted. Ensuring encryption is what I have for breakfast, and BlueOrange provided guidance to effectively achieve and manage our compliancy. Another important outcome of the BlueOrange partnership has been the implementation of more robust security practices. Bernie states that we now go the extra step with the management of business contracts to ensure business associates are compliant, and our end-user training has been expanded and continually enhanced. Perhaps the most long-term impact of the BlueOrange partnership has been in educational development. Bernie estimates that his IT staff realized a 25% improvement in their security knowledge skill-set the first year, and an additional 35% by the second year. After Blue Orange s initial assessment and remediation, Bernie states It was like opening our eyes. Our HIPAA security compliance went from a 3 to a 7+ in the first year. LESSONS LEARNED Building compliancy without compromising efficiency can be a frustrating challenge. BlueOrange Compliance simplifies the process and ensures an outcome that is not only HIPAA compliant, but also manageable for the unique aspects and resources of each organization. It is a team effort and it has to include all business units. It would make no sense to adopt a policy that could not, or is not, followed. BlueOrange helped us build flexibility into the policies that maintain compliance, but still allow our business units to perform their primary function. Bernie goes on to say that the key to compliancy is becoming proactive rather than reactive. He estimates that he spends at least 25% of his time managing HIPAA compliance, and maintains that success relies on an ongoing commitment. Security compliancy is a continuous cycle. To be successful, you must continually analyze, implement, monitor and adjust. 5

ADVICE TO SHARE WITH OTHERS Healthcare providers are legally and ethically obligated to ensure patient privacy. HIPAA law mandates documentation, processes and security controls that must be implemented to protect privacy and security of health information. Complex, ever-changing regulations, increased vulnerabilities and lack of policy can make it difficult to stay in front of emerging threats. Bernie advises other healthcare providers to meet this challenge by embracing compliancy as a continuous effort. To do this right, it takes time. This is not a one-time event. My biggest dayto day challenge is safeguarding data security, and BlueOrange s ongoing project lead and insight has helped ensure our success. HIPAA law also requires covered entities to appoint a Security and Privacy Officer. Bernie holds the HIPAA Security Officer role at Miami Jewish Health Systems, and believes that this corporate commitment is crucial. As Jeffrey P. Freimark, President and CEO of Miami Jewish Health Systems remarks, In today s healthcare environment, data management and security have quickly Bernardo Larralde become paramount concerns for Director of Information healthcare providers around the Technology for Miami Jewish Health Systems country. We are pleased to turn to an experienced professional like Bernie to ensure Miami Jewish Health Systems remains a leader not only in healthcare, but also one in data security. Bernie contends that having corporate commitment and partnering with a company like BlueOrange can make the difference between success and failure. My biggest day-to day challenge is safeguarding data security, and BlueOrange s ongoing project lead and insight has helped ensure our success. Let s Connect blueorangecompliance.com 855-500-6272 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information