February 3, 2009 Bridging Academic and Medical Cultures Academic Research Systems and HIPAA William K. Barnett Anurag Shankar.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

A Guide to Compliant Data Management

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

Presents: Weekly HIPAA Teleconference Revised

ICN PresentationHIPAA Compliance Training February 5, 2003 Presented by the State of Iowa Enterprise HIPAA Compliance Project Office and.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Bill Barnett, Bob Flynn & Anurag Shankar Pervasive Technology Institute and University Information Technology Services, Indiana University CASC. September.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Steps to Compliance: Electronic Devices Overview PRESENTED BY.

Steps to Compliance: Risk Assessment PRESENTED BY.

Living with HIPAA: Compendium of Next steps from Rural Hospitals to Large Health Systems to Physician Practices Presented by HIPAA Pros 5th Annual HIPAA.

2002 Quality Report Presented to the Board of Trustees March 2003.

| Establishing a Contingency Plan.

August 22, 2002 THE HIPAA COLLOQUIUM at Harvard University A. John Blair, III, MD Chairman and Chief Executive Officer Taconic IPA, Inc. Fishkill, NY HIPAA.

Peer Information Security Policies: A Sampling Summer 2015.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Revenue Cycle Management Medical Technology Acquisition and Assessment Team Members: Joseph Dixon, Michael Morotti, Mari Pirie-St. Pierre, David Robbins.

HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.

HUBZERO AT INDIANA UNIVERSITY: THE INDIANA CTSI HUB Bill Barnett EDUCAUSE October 14, 2010.

Re-organizing Information Technology University at Buffalo.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

HIPAA Revisions! Section 1104 THE PATIENT PROTECTION AND AFFORDABLE CARE ACT February 17, Nachimson Advisors, LLC.

ACCELERATING CLINICAL AND TRANSLATIONAL RESEARCH A simple, flexible tool for inexpensively building secure data capture systems Andy.

UCSF IT Update November 2013 Presenter: Joe Bengfort.

State of Iowa Enterprise HIPAA Compliance

Marcia Gonzales, JD Compliance Officer & Privacy Officer

1 HIPAA: Privacy Regulations Addressing HIPAA at Harvard University Tina S. Sheldon Harvard University HIPAA Colloquium at Harvard University Cambridge,

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Report on the Reorganization of UITS IT Leaders Program 13 June 2007 Presented by the Indiana University Cohort Debby Allmayer Human Resources Officer.

February 27, 2007 University Information Technology Services Research Computing Craig A. Stewart Associate Vice President, Research Computing Chief Operating.

HIPAA Health Insurance Portability and Accountability Act of 1996.

The IT Vendor: HIPAA Security Savior for Smaller Health Plans?

DATA IT Senate Data Governance Membership IT Senate Data Governance Committee Membership Annie Burgad, Senior Programmer, Central IT Julie Cannon, Director.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Bio-IT World Conference and Expo ‘12, April 25, 2012 A Nation-Wide Area Networked File System for Very Large Scientific Data William K. Barnett, Ph.D.

Galaxy Community Conference July 27, 2012 The National Center for Genome Analysis Support and Galaxy William K. Barnett, Ph.D. (Director) Richard LeDuc,

1 Role of the Privacy Office in VA Research Stephania H. Putt VHA Privacy Officer.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

PRECONFERENCE III Advanced Strategies to Achieve ROI in Implementing HIPAA Karl Ideman, CEO Pool Administrators Inc. September 14, 2003.

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

Providing Private Cloud Services to Support HIPAA Compliance Dennis Cromwell – Associate Vice President of Enterprise Infrastructure at Indiana University.

Bill Barnett and Michel Tavares

Higher Education’s 2016 Top 10 IT Issues: Divest, Reinvest,

CCNET Managed Services

Research Data Storage Resources at IU

Agenda Workforce Development Coaching Mentoring

Drew Hunt Network Security Analyst Valley Medical Center

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Making Your IRBs and Clinical Investigators HIPAA-Ready

Pam Matthews, FHIMSS Director of Business Information Systems Business Information Systems is focused around administrative and financial information.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Privacy and Security Update - 5 Years After Implementation

Data Governance & Management Skills and Experience

Introduction to the PACS Security

Protect data in core business applications

Information Technology Organization Overview RFP #220-05

Presentation transcript:

February 3, 2009 Bridging Academic and Medical Cultures Academic Research Systems and HIPAA William K. Barnett Anurag Shankar

Agenda IU, IU Bloomington, and IU School of Medicine Academic and Medical Research Cultures IU Organization for Information Assurance Strategic Positioning and Execution October 1, 2016Customize footer: View menu/Header and Footer

October 1, 2016Customize footer: View menu/Header and Footer 50

Research Need IU October 1, 2016Customize footer: View menu/Header and Footer Academic Researcher Needs Control Sensitive Control Sensitive Schedule Insensitive Schedule Insensitive Security Insensitive Security Insensitive No Subject Privacy Concerns No Subject Privacy Concerns Expert Users Expert Users Budget Sensitive Budget Sensitive Medical School Researcher Needs Control Sensitive (but different) Control Sensitive (but different) Schedule Sensitive Schedule Sensitive Security Sensitive Security Sensitive Subject Privacy Concerns Subject Privacy Concerns Inexpert Users Inexpert Users Budget Insensitive Budget Insensitive

Research Need IU Rapidly Growing Data Increasing use of Computational Approaches Security Threat Increases Growth of Online Tools Local to National Collaborations October 1, 2016Customize footer: View menu/Header and Footer Academic Researcher Needs Medical School Researcher Needs

Unique IT Organization at IU University Information Technology Service (UITS) provides services for all 8 IU campuses Information Assurance is managed by UITS, reports to Board of Trustees Center for Applied Cybersecurity Research (CACR) a leader in privacy policy research Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) leadership at IU Office of Research Administration NOW covers both IU Bloomington and IU Medical School campuses – IRB and Compliance October 1, 2016Customize footer: View menu/Header and Footer

UITS at IU Office of the VP of IT and CIO at Indiana University Research Technologies (RT) Learning Technologies Support Enterprise Software Enterprise Infrastructure Networks School of Medicine CIO October 1, 2016Customize footer: View menu/Header and Footer

Research Technologies (RT) at IU High Performance Systems Big Red (30.7 TeraFLOPS) Quarry (7 TeraFLOPS) Research File System with 500 TB Mass Store archive with 4 PB (4,000 TB) High Speed Parallel Storage with 1 PB Advanced Visualization Laboratories High Performance Applications and Grids Life Sciences, including IUSM Advanced IT Core October 1, 2016Customize footer: View menu/Header and Footer

What are the HIPAA Rules? Privacy Rule Policies and standards for protected health information (PHI) For ‘covered entities’ (those who manage PHI) Security Rule Security of PHI in electronic form (ePHI) Transactional Rule Electronic billing and electronic claims October 1, 2016Customize footer: View menu/Header and Footer

What is the HIPAA Security Rule? It Does Deal with electronic protected health information (ePHI) In databases, files, compute systems, in transit Represent a real legal and trust threat It is NOT A standard (but NIST is) It cannot be complied with It is not certifiable It IS Auditable by CMS (Health and Human Svcs) October 1, 2016Customize footer: View menu/Header and Footer

Strategic Positioning for HIPAA Establish Information Protection for Privacy and Security (IPPS) oversight Committee and Review Process Office of Research Administration, Compliance Office IUSM CIO IUSM Faculty IU Information Assurance (Policy and Implementation) UITS Enterprise Infrastructure Director of High Performance Systems, Research Technologies October 1, 2016Customize footer: View menu/Header and Footer

IPPS Committee Role Review Progress Provide Advice Act as Advocate with Medical Researchers Provide Signoff on ability to handle ePHI October 1, 2016Customize footer: View menu/Header and Footer IPPS Committee Goals Prevent violation of patient privacy Prevent loss of customer trust

Implementation Process 1.Establish RT Implementation Group 2.Outside Consultant for Gap Analysis 3.Establish Controls and fill gaps with RT-wide team 4.Outside Consultant for Risk Analysis (required) 5.90% of work was documenting controls 6.Establish ongoing Risk Management Plan 7.Change the way RT does business, including biannual review 8.Education and tools for Medical and Academic Researchers October 1, 2016Customize footer: View menu/Header and Footer

Questions? Bill Barnett, Indiana University, Anurag Shankar, Indiana University, October 1, 2016Customize footer: View menu/Header and Footer Thank you!