You Need To Comply With HIPAA And You Probably Don t Even Know It!



Similar documents
End of the SAS 70 Era

Security Awareness: Looking Beyond Regulations

Banking Industry Regulations: Don t Burn A Hole In Your Pocket

VoIP Security: Do You Have a Good Voice over IP?

Guided HIPAA Compliance

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire

A Walk In The Clouds

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

HOW SECURE IS YOUR PAYMENT CARD DATA?

Security Is Everyone s Concern:

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

HIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates

Lessons Learned from HIPAA Audits

SecurityMetrics Business Associate HIPAA compliance program

SecurityMetrics. history products expertise team awards

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

Managing data security and privacy risk of third-party vendors

HIPAA and HITRUST - FAQ

Business Associates and HIPAA

OCR HIPAA AUDITS THEY RE BACK!

Am I a Business Associate?

HIPAA Compliance and Reporting Requirements

SECURITY CONSIDERATIONS FOR LAW FIRMS

HIPAA Health & Medical Billing Requirements and Risk Management

SECURETexas Health Information Privacy & Security Certification Program FAQs

Arizona State University. HIPAA Compliance. Audit Report Number May 7, 2015

Law Firm Cyber Security & Compliance Risks

Healthcare in the Crosshairs for Data Breaches. April 22, Deborah Hiser (512)

HIPAA compliance audit: Lessons learned apply to dental practices

Is Your Organization Compliant With The HIPAA Final Omnibus Rule Of 2013?

SecurityMetrics. PCI Starter Kit

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

Sustainable Compliance: A System for Ongoing Audit Readiness

HIPAA Changes Mike Jennings & Jonathan Krasner BEI For MCMS 07/23/13

HIPAA Compliance: Are you prepared for the new regulatory changes?

Data Security Breach. How to Respond

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

How Secure is Your Payment Card Data?

Network Security & Privacy Landscape

Presented by Jack Kolk President ACR 2 Solutions, Inc.

Keeping watch over your best business interests.

Intelligent Vendor Risk Management

The silver lining: Getting value and mitigating risk in cloud computing

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 18 PageID: 4861 THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY

HIPAA and the HITECH Act

PCI Compliance The Road Ahead. October 2012 Hari Shah & Parthiv Sheth

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist.

CSR Breach Reporting Service Frequently Asked Questions

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

HIPAA Final Rule Changes

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Discussion on Network Security & Privacy Liability Exposures and Insurance

The State of Security and Compliance for E- Commerce and Retail

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Why Lawyers? Why Now?

SecurityMetrics Introduction to PCI Compliance

Western Australian Auditor General s Report. Information Systems Audit Report

Document Imaging Solutions. The secure exchange of protected health information.

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Greenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Our Commitment to Information Security

Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW

Frequently Asked Questions

Texas Medical Records Privacy Act

Brown Smith Wallace, LLC

HIPAA Violations Incur Multi-Million Dollar Penalties

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

Cyber Liability. AlaHA Annual Meeting 2013

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

HIPPA Goes HITECH. Data Protection for Agents

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Well-Documented Controls Reduce Risk and Support Compliance Initiatives

Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape

PCI Compliance: Protection Against Data Breaches

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

Dissecting New HIPAA Rules and What Compliance Means For You

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS

Implementation Business Associates and Breach Notification

HIT Audit Workshop. Jeffrey W. Short.

The HIPAA Omnibus Final Rule

HIPAA Compliance Calendar

PAI Secure Program Guide

HIPAA Violations Incur Multi-Million Dollar Penalties

4 Essential Steps to a Successful HIPAA Audit. by Roman Diaz, Touchstone Compliance President. Assessment & solutions for meeting HIPAA standards

On Demand Unlimited Network Vulnerability Scanning. February 2013

Business Communications for Healthcare

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

HOW TO PREPARE FOR A PCI DSS AUDIT

troinet.com Why the HIPAA Police Woke Up, New Rules & 5 Things You Can Do To Protect Your Practice

Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

Transcription:

You Need To Comply With HIPAA And You Probably Don t Even Know It! If a hospital or healthcare institution is one of your customers/clients, I hope you changed the way you approached the Health Insurance Portability and Accountability Act (HIPAA) in 2013; especially after the Omnibus Final Rule that released in January 2013. HIPAA now affects so many industries, other than just Healthcare, and chances are that companies in these industries either don t know that yet or know it but don t know what to do next. I Don t Have Time For This! well of course you don t! According to the Omnibus Final Rule the compliance deadline after which the full force of the new rule came into effect was September 23, 2013. The one thing you should surely stand up and take notice of in the new provisions is the direct liability, without limitation, of Business Associates and their subcontractors. Any third-party vendor or service provider, or its subcontractor, who handles Protected Health Information (PHI) needs to comply with HIPAA.

In plain English, even if you just happened to create, receive, maintain, or transmit PHI, then you need to be HIPAA compliant; even if a Business Associate passed on PHI to a subcontractor, who then passed it on to its subcontractor, then all the companies in that chain too need to be HIPAA compliant. Oh, and given that the September deadline has passed, you should actually be already compliant! Here s a quick way to identify if you re affected Do you create, receive, maintain, transmit, or even as much as touch PHI for a brief second? If yes, go on to the next bullet. Are you a courier service or an Internet Service Provider? If no, then you need to be HIPAA compliant. This is bad news for the Business Associates, who now bear the full onus of ensuring that they and their subcontractors (that entire chain we just talked about) secure the PHI they deal with. Business Associates The Largest Sources of Breaches HealthcareInfoSecurity reported that about 22% of breaches reported on the Office of Civil Rights (OCR) website from September 2009 to August 2013 have involved Business Associates. The fact is that Business Associates makes a great target because they haven t had to deal with the full force of HIPAA compliance and often have lax security measures in place to protect PHI. Given the way the HIPAA Omnibus Final Rule has gone after the entire subcontractor chain, compliance will have a whole new meaning for Business Associates and their subcontractors. How Bad Is It? Very bad! The direct monetary penalty impact of not being in compliance could be a few million dollars, but the breach notification clauses in HIPAA and HITECH will mean some very bad publicity in the news for your organization. It s very difficult to resurrect back to normal after going through that.

On Another Note Obamacare! By now, we re pretty tired of hearing about the torrent of glitches, hiccups and bugs that have piggybacked the Affordable Care Act (aka Obamacare ) via its HealthCare.gov website. Yes, most of us know that the website has glitches and was down and so on, but you probably aren t aware that there were some glaring security vulnerabilities in the system as well. The site had error messages that relayed personal information without encryption. Remember: This site holds a great deal of personal information, from names, social security numbers, email addresses and phone numbers to social security numbers, income, employers names and details about countless individual family members of anyone who signed up. Even the email verification system could be bypassed without access to the actual email account. Protect Your Personal Information Our take isn t really about what s happened. Instead, we re interested in pointing out something much more important! It s time for some serious personal risk management. All HealthCare.gov users (past, present and future) would best take precautions to ensure that they don t become victims of identity theft Actively monitor your credit reports. Don t use the same password for everything! Also, please change all passwords that you ve used on HealthCare.gov or related state sites if you re one of those who use the same password everywhere. The Federal Trade Commission (FTC) offers some great guidelines to help you protect your information. Protect Your Customers and Clients If you re reading this, reach out to your customers and clients and show them that you truly care about their privacy and security. Make sure they don t become victims of a personal data breach.

CEOs, CIOs, and Board Members Touch base with your customers and clients and let them know these best practices especially that using the same password on the ACA site as the one they use for email, banking, etc. is not smart. Insurance Companies Since the ACA is essentially setting up a sort of marketplace to buy insurance, you should be offering added protection to customers who are applying online through HealthCare.gov. Introduce more robust checks and balances into the insuranceacquisition process than you normally would, especially given the fact that people who used the first version of the site could have potentially exposed and compromised their data. Protect Your Business! Protect Yourself!

Enterprise Risk Management: At a Glance ERM brings clients the highest level of expertise to assess and address risks, comply with standards and regulations and mitigate risks, using integrated and reasonably priced security services and solutions. Our practice provides organizations with the tools they need to address the compliance and risk management issues of today, as well as the broader and ever-increasing security challenges of the future. Services Cyber Security & Information Assurance Regulatory Compliance IT Audit Computer Forensics Risk Management Attestation Universities Carnegie Mellon University Massachusetts Institute of Technology State University of New York - Albany University of Miami Certifications Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM) Certified Information Technology Professional (CITP) Six Disciplines Strategic Planning Coach GIAC Security Essentials Certification GIAC Systems and Network Auditor Payment Card Industry Professional (PCIP) PCI Qualified Security Assessor (QSA) Project Management Professional (PMP) ISO/IEC 27001:2005 ISMS Lead Auditor Certified in Risk and Information Systems Control (CRISC) Information Technology Infrastructure Library (ITIL) v3 Certified Public Accountant (CPA) Some of our Clients Government Department of State - USAID Department of Defense - DeCA Department of Defense - US Army INSCOM Department of Homeland Security - FLETC Department of Treasury - BPD Department of Treasury - OCC Dallas Area Rapid Transit (DART) Metropolitan Washington Airports Authority State of Kansas State of Mississippi State of Oregon University of Texas - Pan American West Virginia State Treasurer s Office Private Assurant Solutions Bacardi-Martini, Inc. Banco Santander Banco Itau Europa International Banesco Biltmore Hotel Brightstar Corporation Carnival Cruise Lines HEICO Aerospace Jackson Memorial Hospital Laureate Education Mount Sinai Medical Center Nova Southeastern University SONY Electronics Latin America Tracfone Wireless University of Miami XTec, Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information