CSIA 412 Final Project 10 July 2015 By: Brandon D. Waugh

Slides:



Advertisements
Similar presentations
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Security Controls – What Works
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc
The IT Vendor: HIPAA Security Savior for Smaller Health Plans?
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
PHASE II OF HIPAA AUDIT PROGRAM June 2016 Presented by John P. Murdoch II, Esq. of Wilentz, Goldman & Spitzer, P.A. Two Industrial Way West Two Industrial.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.
The Health Insurance Portability and Accountability Act 
HIPAA Privacy Rule Training
Enforcement, Business Associates and Breach Notification. Oh my!
By: Eamon Callahan and Wilston Johnston
HIPAA.
Chapter 3: IRS and FTC Data Security Rules
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
County HIPAA Review All Rights Reserved 2002.
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
Drew Hunt Network Security Analyst Valley Medical Center
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
The Health Insurance Portability and Accountability Act
Presentation transcript:

CSIA 412 Final Project 10 July 2015 By: Brandon D. Waugh The Department of Veteran Affairs Security and Improvement Recommendations Welcome to my presentation about my chosen organization The Department of Veteran Affairs (VA). The presentation will provide information on VA’s security as well as improvement recommendations. This final project is submitted in partial fulfillment of the course requirements for UMUC Course CSIA 412, Security Policy Analysis, summer semester 2015, Professor Sharp. This presentation was completed on approximately 8 July 2015. Please sit back and enjoy the presentation! CSIA 412 Final Project 10 July 2015 By: Brandon D. Waugh

Agenda Legislative Impact on The Department of Veteran Affairs Information Security Standards of The Department of Veteran Affairs The Department of Veteran Affairs Cybersecurity Profile Summary/Conclusion References I will be covering the following major topics in regards to the Department of Veteran Affairs security. First, I will discuss the legislative impact on the VA. The legislations discussed will be the Federal Information Security Management Act (FISMA) and the Health Insurance Portability and Accountability Act (HIPAA). Next, I will cover information standards of the VA. I will follow the standards described in National Institute of Standards and Technology (NIST) SP 800-30 as well as FIPS 200/199. We will also cover the Department of Veteran Affairs cybersecurity profile. The cybersecurity profile will touch on the Government Accountability Office (GAO) 10-4 which lists the vulnerabilities of VA and its information security program. Finally, I will sum up the final thoughts in a summary in addition to a listing of all references used to complete this presentation.

Legislative Impacts Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act Executive Orders

FISMA The Federal Security Management Act (FISMA), directs the National Institute of Standards and Technology (NIST) to create and formalize a publication that introduces a means necessary for agencies to create information security policies. These publications introduce standards, guidelines, techniques, and best practices for private sectors, government, and other agencies. These publications are public and require no cost. So, in other words NIST is not a law, not a regulation, or an executive order per say. However, NIST was mandated by legislation, and works along the side of the executive office. NIST collaborates with the United States Office of Management (OMB), the U.S. Government Accountability Office (GAO), and other information technology agencies to develop standards both internally and international partners. FISMA is responsible for auditing agencies annually to ensure that these practices and standards are being followed.

HIPPA HIPPA consist of four rules that must be followed by the VA which are; the HIPAA Privacy Rule, Security Rule, Enforcement Rule, and Breach Notification Rule. Within these rules, thee are safeguards/practices that are subcategories of the work that needs to be done to protect health information (PHI). HIPAA Security Rule Within the security rule there are three subcategory safeguards that protect health information. Those safeguards are, “technical safeguards, physical safeguards, and administrative safeguards” (Wang, J. 2013, October 30). Technical safeguards comprise of, “access controls, audit, controls, integrity, authentication, and transmission security” (Wang, J. 2013, October 30). Basically, these controls are the technology that the company uses to safeguard its information which includes software, hardware, encryption, and monitoring tools. Physical safeguards comprise of, “facility access controls, workstation use, workstation security, device and media controls” (Wang, J. 2013, October 30). Essentially, these topics cover a variety of security procedures and policies to include disaster recovery planning, emergency planning, incident response planning, conducting security risk assessments, developing technical infrastructure to deploy policies and track compliance, the disposal of media, maintaining records, and validating security procedures. This safeguard ensures that tampering, theft, and physical unauthorized access to the facility doesn’t occur. Administrative safeguards consist of; “security management process, assigned security responsibility, workforce security, information access management, security awareness/training, security incident procedures, contingency planning, evaluation, and business associate contracts” (HIPAA). Administrative safeguards maintain all documented security controls, technical, physical, or administrative. This process maintains currency, accuracy, redundancy, and compliance. More importantly, administrative safeguards keep the company trained, informed, and alerted with current information that could possibly affect the loss of protected health information. HIPAA Privacy Rule HIPAA privacy rule protects the customer’s privacy, and it protects the health care providers. The privacy rule readdresses all the safeguards that were mentioned above. Jason Wang, a researcher that works for Truevault.com summarized HIPAA privacy rule in six statements. These statements are brief; however, they do provide guidance on how to get started. Recommend that your company still dissect all requirements, but use these statements to get started. Jason Wang’s six statements in regards to the HIPAA privacy rule are as follows: “Do not allow any impermissible uses or disclosures of PHI.” “Provide breach notification to the covered entity” “Provide either the individual or the covered entity access to PHI” “Disclose PHI to the Secretary of HHS, if compelled to do so.” “Provide an accounting of disclosers” “Comply with the requirements of the HIPAA Security Rule” (Wang, J. 2013, October 30) HIPAA Enforcement Rule It’s important for your new business to understand that there are legal ramifications for not following HIPAA privacy rule, security rule, administrative, and breach notification rule. Your company must read HIPAA enforcement rules outlined in 45 CFR Part 160, Subparts C, D, and E. These rules are not there to punish the business associate or the health care practice, however, the rules are written in order to maintain protected health information. Again, HIPAA was enacted to protect both the customer and health care providers. HIPAA is a federal standard that requires compliance, discloser, and safeguards. HIPAA Breach Notification Rule Maintaining communication with your patients is crucial. Anytime there is a breach of the customer’s medical information, it is the duty as the health care provider to notify the customer or client immediately that you’re working to locate their data. If you fail to notify the customer it could possibly cost your company civil money penalties or resolution agreements. In return this could financially harm your business. Summary and Conclusions The amount of information can become overwhelming, however, when you have a high performance teams that are all trained and understand your companies’ security standing operating procedures and mission intent, the amount of tasks will diminish. Your primary goal once compliant is to maintain compliance with enforcement, and ensuring that all HIPAA requirements are being met with current reports. In fact, if you broke down all the information/ requirements HIPAA demands, it’s really is stating four main objectives. These objectives are important because, they are based on the four security requirements as discussed in each paragraph outlines above. “Put safeguards in place to protect patient health information.” “Reasonably limit uses and sharing to the minimum necessary to accomplish your intended purpose.” “Have agreements in place with any service providers that perform covered functions or activities for you. These agreements (BAAs) are to ensure that these services providers (Business Associates) only use and disclose patient health information properly and safeguard it appropriately.” “Have procedures in place to limit who can access patient health information, and implement a training program for you and your employees about how to protect your patient health information.” (Wang, J. 2013, October 30) Again, these requirements are in place to protect health information. Security has to constantly advance due to the growing number of tools being developed to attack information security systems. That is why it is essential to always maintain the CIA triad when developing new procedures.

References

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.