Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
PRIVACY, SECURITY AND MEANINGFUL USE Is your practice compliant?
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Security Controls – What Works
Computer Security: Principles and Practice
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
Privacy and Security Tiger Team Subgroup Discussion: MU3 RFC July 29, 2013.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Medicaid EHR Incentive Program For Eligible Professionals Overview of the Proposed 2015 Modification Rule Kim Davis-Allen Outreach Coordinator
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Affordable Healthcare IT Solutions. MU RX Compliance with Meaningful Use Stage 2.
Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Meaningful Use Security Risk Analysis Passing Your Audit.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Eliza de Guzman HTM 520 Health Information Exchange.
MU and HIPAA Compliance 101 Robert Morris VP Business Services Ion IT Group, Inc
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
An Independent Licensee of the Blue Cross Blue Shield Association Right Sizing the HIPAA Security Program Laurie Leer, CISSP;Manager Information Systems.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
Community Health Center Security Risk Management
In-depth look at the security risk analysis
Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.
Paul T. Smith Davis Wright Tremaine LLP
Health Insurance Portability and Accountability Act
A Tale of Snooping: Lessons Learned the Hard Way Nebraska Rural Health Association September 21, 2015 Vickie B. Ahlers Baird Holm LLP
CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.
The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture
2017 Modified Stage 2 Meaningful Use Objectives Overview Massachusetts Medicaid EHR Incentive Program September 19 & 20, 2017 September 19,
Final HIPAA Security Rule
Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.
The Practical Side of Meaningful Use:
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
Drew Hunt Network Security Analyst Valley Medical Center
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
5 Steps to get funding for IT Security
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Security Risk Assessment (SRA)
Presentation transcript:

How to Conduct and Implement a Security Risk Assessment (SRA) September 12 & 13, 2016

Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration – BP: Secure™ Portal Questions

Introduction Mark E. Ferrari, MS, PMP, CISSP, HCISPP Vice President, Chief Information Security Officer BluePrint Healthcare IT Email: Mark.Ferrari@blueprinthit.com Phone: 732.343.3502

What is MU Objective #1 all about? Protect Patient Health Information Objective Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities. Measure Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI created or maintained by CEHRT in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP's risk management process. Exclusion No exclusion.

Specifics of the Measure: Meeting MU Objective #1 Specifics of the Measure: Implement policies and procedures to prevent, detect, contain, and correct security violations. Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate. Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level. Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures. Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Implement a mechanism to encrypt and decrypt electronic protected health information. Equivalent alternative measures

Meeting MU Objective #1 Conduct a thorough assessment or review covering the key security areas for all locations Identifying threats, vulnerabilities, risks and deficiencies by reviewing: Physical safeguards Administrative safeguards Technical safeguards Policies & procedures Organizational requirements

Meeting MU Objective #1

Best Practices – Completing a Security Risk Analysis Who should complete the SRA? When should the SRA be completed? At least annually; during program year and before attestation How to document completion? How to address data encryption? What to do after system upgrades? Deficiencies addressed/corrections made consistent with risk management process

Best practices – Creating an Action Plan Who should be involved in decision-making? Demonstrate decision-maker commitment to and involvement in the process Assigning responsibility and accountability Creating a timeline Reviewing progress as a group Documenting progress Implementing a robust, ongoing risk management process

Tools for Performing an SRA Spreadsheets ONC SRA Tool - https://www.healthit.gov/providers- professionals/security-risk-assessment-tool BP: Secure™ - SRA Portal - http://mehi.masstech.org/services/meaningful-use- services-overview/privacy-security/securetm

BP: Secure™ Portal Demonstration

Questions Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.