HIPAA Privacy and Security Vulnerabilities and Opportunities in High Risk Populations!



Similar documents
HIPAA Audits Are Happening. eroi

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Joe Dylewski President, ATMP Solutions

9/25/2012. Agenda. Defining the interrelation of MU, HIM and Release of Information IOD s partnership approach to MU

Meaningful Use Stage 2. Meeting Meaningful Use Stage 2 with InstantPHR TM.

Increasing Security Literacy: Supporting Your Staff in Understanding their Role in HIPAA HITECH Compliance. NHCHC May 7, 2015 Washington DC

2/9/ HIPAA Privacy and Security Audit Readiness. Table of contents

HIPAA Security Risk Analysis for Meaningful Use

The HIPAA Audit Program

Healthcare IT (HIT) Strategic Planning & Budgeting MARCH 26, 2014

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HIPAA Changes Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13

Empowering Nurses & Building Trust Through Health IT

HIPAA COMPLIANCE PLAN FOR 2013

HIPAA - Breaking News!

The CIO s Guide to HIPAA Compliant Text Messaging

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

Ensuring Privacy & Security of Patient Information

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

2012 HIPAA Privacy and Security Audits

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

HIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

A PRACTICAL GUIDE TO USING ENCRYPTION FOR REDUCING HIPAA DATA BREACH RISK

Six Steps to Achieving Meaningful Use Qualification, Stage 1

Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014

HIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE

Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

Straight from the Source: HHS Tools for Avoiding Some of the Biggest HIPAA Mistakes

HITRUST CSF Assurance Program

Intelligent Vendor Risk Management

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

Privacy and Security: Meaningful Use in Healthcare Organizations

InfoGard Healthcare Services InfoGard Laboratories Inc.

Frequently Asked Questions: Electronic Health Records (EHR) Incentive Payment Program

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

Community-Wide EHR Data and Patient Referrals A Legal Perspective

HIPAA and HITECH Compliance for Cloud Applications

Top 20 IT Risks for the Healthcare Industry and How to Mitigate Them

The HIPAA Omnibus Final Rule

HIPAA regulation: The challenge of integrating compliance and patient care

HIPAA Risk Assessments for Physician Practices

Increasing Security Defenses in Cost-Sensitive Healthcare IT Environments

Toward Meaningful Use of HIT

Industry leading Education

To: From: Date: Subject: Proposed Rule on Meaningful Use Requirements Stage 2 Measures, Payment Penalties, Hardship Exceptions and Appeals

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Best Practices in Cloud Computing for Healthcare

HIPAA Overview and updates since HITECH and PPACA

Understanding Health Information Technology and Health Information Exchange

Managing the Privacy and Security of Patient Portals

Managing Privacy and Security Challenges of Patient EHR Portals

Healthcare and IT Working Together KY HFMA Spring Institute

Lessons Learned from HIPAA Audits

CWRU REC Answers to RFQ

Health Information Technology (IT) Simplified

Opportunities for Medicaid to Invest in HIT. Shannah Koss, Principal Koss on Care LLC

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

Securing Patient Portals

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

HIPAA Security & Compliance

Medicaid Electronic Health Records Meaningful Use Audits. Lisa Reuland, Program Manager October 22, 2015

Stage 2 Medical Billing and reconciliation of Patients

How To Bridge The Chasm Between Provider And Patient

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by.

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review

How To Protect Your Health Care From Being Stolen From Your Computer Or Cell Phone

The Road to Robust Use of HIT: Navigating Meaningful Use and Beyond. by Jennifer McAnally, tnrec Director

Creating Stable Security & Compliance Relationships

How To Prepare For A Patient Care System

Len Bowes, MD, MS, Intermountain Healthcare Medical Informatics Jan *ARRA = American Recovery and Reinvestment Act

Meaningful Use Audit Red Flags: Pay Careful Attention To The Security Risk Analysis - Or Else

HIPAA Compliance Guide

Dissecting New HIPAA Rules and What Compliance Means For You

HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES

Florida Medicaid EHR Incentive Program. Eligible Hospitals

Adding Cloud Solutions to Customer Contracts Robert J. Scott

Community Health Center Association of Connecticut Meaningful Use: Audit Preparedness And Other Challenges February 12, 2015

Business Associate Considerations for the HIE Under the Omnibus Final Rule

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality

LOOKING FORWARD TO STAGE 2 MEANINGFUL USE Louisiana HIPAA & EHR Conference Presenter: Kathleen Keeley

Objectives 5/5/2015. Quality Health Associates (QHA) of ND

Security Is Everyone s Concern:

Patient Privacy and Security. Presented by, Jeffery Daigrepont

EHR Incentive Program Updates. Jason Felts, MS HIT Practice Advisor

AHLA. Y. Advising Providers in Adopting or Substituting a Health IT System. Charles C. Dunham Bond Schoeneck & King PLLC Albany, NY

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

South Central Indiana Regional Health Care Network Paoli, Indiana. Internet2 October 2009

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

THE HIPAA TANGO CHOREOGRAPHING PRIVACY AND SECURITY UNDER THE FINAL RULE

Transcription:

HIPAA Privacy and Security Vulnerabilities and Opportunities in High Risk Populations!

Learning Objectives Recognize the distinct HITECH HIPAA privacy and security vulnerabilities in high-risk health care settings. Explain the process and procedures to avoid costly data breaches in a health system affiliated with small-medium size practices and safety net medical and behavioral health practices. Identify strategies, partnerships and resources to develop best practices in HIPAA HITECH privacy and security compliance. List risk management and training solutions that have been successful for small-to-medium size and safety net providers who serve the high risk populations.

The Risk Gap is growing faster than! the healthcare industry is prepared to adapt to it! Health Care Security and Privacy Investments! are Lagging Behind 3

Myths about HIPAA & Meaningful Use Security Risk Analysis Requirement It is optional for small providers and practices Installing a certified EHR fulfills the MU security requirement My EHR vendor handled everything so I m fine A checklist will suffice Once I complete a risk analysis I m done I only need to do a risk analysis once

5

6

Case Study Large, multi-location FQHC Minors and adults treated for STD Typical environment for those most in need Funding from state-sanctioned grant-funder in return for data BAA in place Computers stolen from grant-funder but never determined if patient data accessed no encryption no risk analysis or contingency plan for notification

Potential Vulnerabilities State or City! Health Dept. FQHC Grant Funder! and Data Collector Managed Care! Medicaid! Health Plan Medicare! MA Advantage Private! Insurance Self Pay Medical! Respite Behavioral Health Center! (Outpatient & Inpatient) Health Information! Exchange 8 Health! System Physician! Specialists Hospital Discharge Planners ACO

Don t Leave Out Business Associates and Subcontractors e-billing! Vendor Management/Consulting! Advisors FQHC EHR! Vendor! Host HIE! Vendor Sub-! Contractor Sub-! Contractor Sub-! Contractor Sub-! Contractor 9

Obligation vs. Reality Obligation Notification to! Patients Notification to! Public Obligations under! BAA Cooperate with! Police Investigation of theft Notification to! OCR Reality Minors, parents not! aware of STD treatment Concern about negative! publicity Refusal of BA to! take action Computers never found,! not sure if accessed Delayed due to! police investigation of theft 10

HIPAA Guidance Can Be Overwhelming Mobile Media Integrity Risk Assessment HIPAA Privacy Confidentiality Risk Management Breach Notification Access Control Availability Contingency Planning Encryption Business Associates Authentication Patient Access Disaster Recovery Fines Audits 2

Privacy and Security Risk Assessment 10 questions to begin assessing your organization s needs

Before&Arrival Check&In Waiting Clinical&Encounter Encounter&Closing After&Patient&Leaves& Office Outside&Patient&Specific& Encounter Care&Activity Registration:,Patient,calls,for,triage/appt Review/verify/,update,patient, information Gather,patient,data,,provide, educational,information,patient, completes,screening,forms,,updates, health,information History,and,Physical,, Documentation,,, Assessment/Diagnosis,,Care,Plan,, CPOE,,,Procedures,,Patient, Education Additional,education,and, checkout.,after,visit,summary, provided,(mu,measure) Referrals,,diagnostic,orders,, labs,,encounter,charges/claims, submission:,insurers,,data, warehouses,, Chronic,care,management, registries,,group,visits,,home, visits Which&health&care& personnel&processes& the&information Call,Center,/inhouse,or,contracted,BA),, front,desk,staff,,via,patient,portal Front,Desk Patient/family,member Care,team:,Medical,Assistant,,RN,, Clinician Medical,Assistant,or,at,Check,out, desk Medical,Assistant,,Referral, Manager,,Billing,dept. RN,Care,Manager,,CHW,,Patient, navigator,(insurance,enrollment, counselor),,social,worker What&sensitive&health& information&is&being& processed Demographics,,insurance,#,,SS,#,, encounter,type/reason Patient,health,record.,Include,all, recent,hospital,or,er,information PHI PHI,,eQRX PHI,(meds,,problems,,allergies,, pharmacy,info,,education) PHI,,Claims,data Demographics,,insurance,,SS#,, income,tax,returns Where&does&this& information&exchange& take&place Patient,Management,System,,,EHR,or, Portal HIE,,EHR Paper/clip,board,,kiosk,,tablet EHR,,pharmacy EHR,/PM,system EHR,,HIE,,billing,software,, insurance,portals,, PM/EHR,,Registries,,data, warehouse How? Admin,staff,enters,data,,patient,enters, data,via,portal Access,data,via,PM/EHR,,HIE,,portal Patient Desktop,,laptop EMR Desktop,,laptop,,workstation,, printer/fax/copier Desktop,,laptop,,tablets,,mobile, devices What's&the&Risk? Access,to,Patient,Info,not,controlled,,, Patient,portal,not,secure EHR,access,not,secure,,HIE,data, incomplete,or,corrupted,,,info,is,for, another,patient Paper,or,clip,board,left,unattended,or, misplaced,,kiosk,not,secure,or, general,sign,on,used Access,to,desktop,,laptop,not, secure,(passwords,,role,mgmt),,no, auto,signqout,for,ehr Required,info,not,provided,, Unauthorized,perscriptions, entered,,,required,mu,processes, not,performed Data,not,encrypted,when, transferred,,no,baa,in,place,to, ensure,privacy,adherence Access,to,PHI,data,not,controlled, nor,is,data,encrypted,,,mobile, devices,are,not,secure, (encrypted,,tracked) HIPPA&HITECH&EXPRESS& mitigates&risk Patient&Engagement&in&the&Office:&HIPAA&HITECH&EXPRESS Security,and,privacy,repository,that,contains,all,the,policies,,procedures,,templates,,notices,required, Guided,process,that,assists,you:,Complete,your,PHI,Inventory,and,Risk,Assessment;,Identify,and,prioritize,critical,gaps,requiring,remediation;,Develop,a,remediation,workplan,and,track,progress;,Complete,required,policy,and, procedures,and,plans.

Strategies and Solutions 14

What do you need? ü Security awareness training to ensure educated staff ü Simplified, concise Rapid Risk Assessment, Gap Prioritization and Remediation plan ü Straight forward workflow to manage the process effectively ü Security privacy document library: comprehensive policy, procedures, and templates ü On Going Risk Management and Breach Protection ü On-demand Virtual Privacy Security e-assistant

Where can You get help? Large Academic Medical Centers and Hospitals can assist smaller health centers by creating a consortium to build outreach for better patient care and care coordination Partnering on Grant Opportunities: Health Care Innovation Grant (CMS) Patient Centered Outcome Initiative (PCORI) Grants to Expand Care Coordination through the Use of Technology- Assisted care in Targeted Areas of Need (TCE-TAC) Seek out Foundation Opportunities Gladys Brooks Foundation The Hearst Foundation/Wiliam Randolph Hearst Foundations The Kresge Foundation The Robert Wood Johnson Foundation Vulnerable Populations Health Grant W.K. Kellog Foundation Grants The Arthur Vining Davis Foundation

Questions? Henry Fader, Esq. Pepper Hamilton LLP faderh@pepperlaw.com @PhillyFader Anna Gard, FNP-BC gardanna@gmail.com @amtgnp Robert Zimmerman rzimmerman@qipsolutions.com @HIPAAExpress

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information