The Impact of HIPAA and HITECH



Similar documents
Payment Card Industry Data Security Standard

COMPLIANCE ALERT 10-12

Overview of the HIPAA Security Rule

Leveraging a Maturity Model to Achieve Proactive Compliance

Data Sheet: IT Compliance Payment Card Industry Data Security Standard

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

North American Electric Reliability Corporation (NERC) Cyber Security Standard

8 Key Requirements of an IT Governance, Risk and Compliance Solution

HIPAA and HITECH Compliance for Cloud Applications

Security and Privacy for Healthcare Providers

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

Risk Management and Compliance: Healthcare Best Practices Guide

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

How To Monitor Your Entire It Environment

Symantec Control Compliance Suite. Overview

Security and Privacy for Healthcare Providers

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

HIPAA Security Rule Compliance

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Symantec Mobile Management 7.1

Joe Dylewski President, ATMP Solutions

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Somansa Data Security and Regulatory Compliance for Healthcare

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

Symantec DLP Overview. Jonathan Jesse ITS Partners

Data Breach, Electronic Health Records and Healthcare Reform

VMware vcloud Air HIPAA Matrix

Meeting HIPAA Compliance with EventTracker

Using NetIQ Security and Administration Products to Ensure HIPAA Compliance March 25, Contents

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

Altiris Asset Management Suite 7.1 from Symantec

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

Cyber Security Services: Data Loss Prevention Monitoring Overview

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

Business Associates and HIPAA

HIPAA and Mental Health Privacy:

efolder White Paper: HIPAA Compliance

CHIS, Inc. Privacy General Guidelines

Symantec Control Compliance Suite Standards Manager

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Business Associates, HITECH & the Omnibus HIPAA Final Rule

HIPAA/HITECH Compliance Using VMware vcloud Air

Athena Mobile Device Management from Symantec

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Document Imaging Solutions. The secure exchange of protected health information.

HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

Community First Health Plans Breach Notification for Unsecured PHI

University Healthcare Physicians Compliance and Privacy Policy

ALERT LOGIC FOR HIPAA COMPLIANCE

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

Endpoint Virtualization for Healthcare Providers

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment

Best Practices for DLP Implementation in Healthcare Organizations

HIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

WHITEPAPER Complying with HIPAA LogRhythm and HIPAA Compliance

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

What do you need to know?

BUSINESS ASSOCIATE AGREEMENT

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

BUSINESS ASSOCIATE AGREEMENT

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

LogRhythm and HIPAA Compliance

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Medicaid MITA: Innovative COTS solutions for IT Risk Management

HIPAA Compliance and the Protection of Patient Health Information

PCI Compliance for Cloud Applications

M E M O R A N D U M. Definitions

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

HIPAA Business Associate Agreement

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HIPAA Changes Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

OCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013

Disclaimer: Template Business Associate Agreement (45 C.F.R )

BUSINESS ASSOCIATE AGREEMENT

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Transcription:

The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients healthcare information from paper to electronic format. The primary goal of HIPAA is to: 1. Ensure health insurance portability 2. Reduce healthcare fraud and abuse (medical identify theft) 3. Guarantee security and privacy of healthcare information 4. Enforce standards for healthcare information. The HIPAA Administrative Simplification is an attempt to improve the efficiency and effectiveness of the healthcare system by standardizing electronic transmission of certain health care transactions. The HIPAA Administrative Simplification includes the following three components: 1. Transactions, Code Sets, & Identifiers 2. Privacy Standards 3. Security Standards The Health Information Technology for Economic and Clinical Health (HITECH) regulations under the American Recovery and Reinvestment Act of 2009 has increased the requirements around the protection of protected health information (PHI). The HITECH regulations apply to both electronic and paper records. The breach notification and penalties which only applies to PHI that is unsecured, have been increased and now includes civil and criminal penalties for HIPAA violations to business associates. Additional benefits of the HITECH Act include reimbursements for meaningful use of electronic medical records (EMRs) and patients rights to obtain copies of EMRs. Symantec can provide the tools and solutions to support the privacy and security requirements of Meaningful Use of EMRs. Who Must Comply? All entities that create, receive, maintain, or transmit patients healthcare information must comply, including but not limited to the following entities; Healthcare Insurance Providers Hospitals Healthcare Clearinghouses Physician s Private and Group Practices Healthcare Clinics Business Associates Breach Notification When a breach occurs, the entity involved or business associate involved must comply with the following requirements: Must determine and notify individuals and Health and Human Services (HHS) of the breach within 60 calendar days without unreasonable delay. Page 1 of 7

If a breach involves greater than 500 affected individuals, the Secretary of HHS must be notified immediately, the breach must be posted on the HHS website and the covered entity must notify prominent media outlets. If the breach involves less than 500 affected individuals, the covered entity may maintain a log of documented breaches occurring during the year and submit the log to the Secretary of HHS annually. NIST HIPAA Security Rule There are 2 types of Standards; Required and Addressable Required Standard these are control requirements that all applicable entities MUST implement. Addressable Standards these are control requirements that applicable entities must perform an assessment to determine whether the implementation specification is a reasonable and appropriate safeguard. The HIPAA Security Standard is grouped into three distinct Safeguards; Administrative, Physical and Technical. The following details how solutions from Symantec can assist in meeting each type of safeguard. Page 2 of 7

Page 3 of 7

Page 4 of 7

The Breadth Of Symantec Solutions Symantec Control Compliance Suite (CCS) CS) assists organizations in assessing the degree of non-compliance with the organizations established Information Security Policies, Standards, Industry Best Practices and numerous regulatory requirements like HIPAA and the HITECH Act. Risk mitigation recommendations are provided as part of the CCS Standards Management module. The CCS Standards Management module also verifies mitigating controls were implemented. CCS Policy Manager assists organizations in the creation, management and distribution of written Security and Compliance policies and procedures. The Policy Manager allows procedures to be distributed and accepted by designated end-users. CCS allows organizations to maintain the documentation required for various retention regulations. CCS Response Assessment Manager (RAM) enables organizations to automate the validation of procedural checks and automate the distribution of security awareness training content along with providing an online test to assess the users knowledge of the material. The RAM component enables organizations to complete three key steps to security awareness: 1. Educate the user community 2. Evaluate users understanding of security topics 3. Provide evidentiary support for compliance and auditing purposes Symantec Data Loss Prevention (DLP) enables organizations to discover PHI data exposed on file servers, databases, content and email repositories, web servers, laptops and desktops, and other data repositories. It also proactively monitors and protects PHI usage across the network, storage media and endpoints. Identified risks are reported using pre-built HIPAA compliance reports and role-based dashboards. The proactive notification of violations directly to end users facilitates awareness of the organizations security policies. Symantec DLP assists organizations in answering the following key questions: Where is confidential data/phi being stored, and How is the PHI data being used? Symantec DLP can assist organizations in reducing the risk of penalties associated with the new HITECH Breach Notification requirements. The use of the Symantec DLP Protect functionality prevents the transmission of non-encrypted PHI data outside an organization s network, to help reduce the risk of a declared breach and associated penalties. Symantec Security Information Manager (SSIM) is a real-time security incident tracking tool that assists organizations in collecting, aggregating and correlating Information Security Events from an organization s logged security events. The tool contains a incident ticketing system that can be integrated with an organization s existing Service Desk application. The comprehensive SSIM management console provides quick, easy, and flexible log management of all events, including over 400 pre-configured analysis queries and flexible compliance reporting and log retention policies. It enables healthcare organizations to collect, store, and analyze log data, as well as monitor and respond to security events to meet IT risk and compliance requirements of HIPAA, HITECH and many State Privacy Laws. It can collect and normalize a broad scope of event data and correlate the impact of incidents based on the criticality to business operations or level of compliance to various regulatory mandates. The solution prioritizes incidents using its built-in asset management function, which is populated using scanning tools and allows confidentiality, integrity, and response ratings and policies to be assigned to help prioritize incidents. Integrating SSIM and Symantec Global Intelligence Network helps to identify external threats to the organization s infrastructure that stores and transmits PHI. SSIM is also integrated with third party EMR Privacy monitoring tools. Symantec Critical System Protection (SCSP) prevention techniques shield operating systems, applications, and services by defining acceptable behaviors for each authorized application running on the system. The solution then protects systems from misuse by unauthorized users and applications, and prevents the inappropriate copying or transferring of PHI through system Page 5 of 7

and device controls that lock down configuration settings, file systems, and the use of removable media. SCSP s monitoring, notification, and auditing features assist organizations in ensuring their regulatory compliance to HIPAA and HITECH. SCSP assists organizations in meeting various Administrative and Technical Safeguards of the HIPAA requirements. Many HIPAA related breaches that occur in the healthcare industry are done by well intended individuals through the use of USB storage devices. Hospitals can reduce the risk of such violations as well as the new HITECH Breach Notification requirements and penalties by using SCSP to limit the use of removable media on the workstations located throughout their facilities. Symantec Endpoint Encryption (SEE) enables an organization to reduce the risk associated with data breaches per the new HITECH Breach Notification regulations. The encryption of laptops and removable media reduces the risk of inappropriate exposure of PHI when such devices are lost. Did you know there are over 45 states that have passed data security laws that apply to companies that do business within the state that requires the businesses to encrypt data in storage and in transit to avoid the data breach notifications? Endpoints such as laptops and USB devices that are encrypted using SEE will reduce violations of State specific data security laws while providing auditable evidence that data on the device was encrypted. These audit trails are valuable evidence when a endpoint is lost or stolen. Limiting access to data by encrypting data on all endpoints also reduces the risk of identity theft. Additional benefits of SEE are achieved when integrated with other Symantec solutions like the Altiris Client Management solution. Symantec Services advocates an end-to-end risk management approach to help ensure security and privacy in the healthcare industry. A risk management approach focuses on; the assessment of information exposure and vulnerabilities, implementation of security controls and automation of compliance focused around various regulatory requirements such as HIPAA, HITECH, PCI to list a few. This approach not only identifies risks but it also finds operational and process efficiencies. Symantec provides leading services around all of our products and solutions including services ranging from architecting, designing, implementing and managing HIPAA compliant infrastructure to risk management services. Symantec architecture and design services leverages existing infrastructure while integrating both existing and future products into a solution that automates security and compliance functionality. Risk management services include HIPAA Risk Assessments, Vulnerability Assessment, PCI Assessments, Data Loss Prevention Assessments and more. Find Out More Join Symantec for one of our various Healthcare Specific Webinars, Executive Briefings or stop by our booth at various Healthcare Conferences to find how Symantec can proactively monitor and reduce your IT HIPAA risk, protect the PHI that you manage and help support the privacy requirements of Meaningful Use. See Symantec Healthcare Website at http://www.symantec.com/healthcare or contact your local Symantec Healthcare Sales Representative for more information of upcoming events. NO WARRANTY. The information contained in this document is being delivered to you AS-IS, and Symantec Corporation makes no without warranty as to its accuracy or use. Any use of the information contained herein is at the risk of the user. This document may include technical or other inaccuracies or typographical errors, and may be changed or corrected. Symantec reserves the right to make changes without prior notice. The information contained in this document is provided for informational purposes only and is not legal advice. The information may or may not reflect current legal developments. This information is not intended to constitute legal advice or to substitute for obtaining legal advice from an attorney licensed in your state, and is specifically not intended to provide advice Page 6 of 7

or counsel on compliance recommendations for the Health Insurance Portability & Accountability Act, the Health Information Technology for Economic and Clinical Health regulations, or other regulatory requirements. More Information Visit our website http://www.symantec.com/healthcare To speak with a Product Specialist in the U.S. Call toll-free 1 (800) 745 6054 To speak with a Product Specialist outside the U.S. For specific country offices and contact numbers, please visit our website. About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Copyright 2010 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, Altiris and Deepsight are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 20988230 06/11 Page 7 of 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information