Analysis of the Final HIPAA Security Rule

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Challenges to Implementation of [real] Information Security August 21, 2002 Chris Apgar, CISSP Kate Borten, CISSP Ken Patterson, CISSP.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
Members Meeting WINGSForum 2014 March 29, 2014 Istanbul, Turkey
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.
1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,
Privacy & Security Policy Meets Technology at the Crossroads: Best Practice Methods & Approaches to Developing Organizational Frameworks to Avoid Collision.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
Regulatory Transparency and Efficiency in the Communications Industry in Australia Jennifer Bryant Office of Regulation Review Australia.
NetMRI Network Change & Compliance Management Software.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Cloud Compliance Considerations March 24, 2015 | Jason Smith, CISSP.
Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.
1 Research Compliance at HMS: What is it Why it is important Who is involved How it affects you and how you can get help Postdoctoral Fellow Orientation.
Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
March 19, 2003 Audioconference Approaches to Compliance with the HIPAA Privacy and Security Workforce Training Requirements Presented by: Steven S. Lazarus,
Healthcare Security Professional Roundtable John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions, Inc.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Implementation: The Challenge Ohio Department of Job and Family Services October 23, 2002.
Presenter Gene Geiger, A-LIGN Partner -HITRUST Practitioner -CPA -CISSP -CCSK -QSA -PCIP -ISO 27K LA.
Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.
LRC Network Planning for Records Management improvement Kathryn Dan, GM University Records and Policy.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
Monitoring & Evaluation Capacity Strengthening Workshop WORKSHOP INTRODUCTION AND OVERVIEW.
What is the Best Way to Select an EHR
Presenter: Mohammed Jalaluddin
Securing Critical Assets: Arizona’s Security & Privacy Initiatives
Regulatory Transparency and Efficiency in the Communications Industry in Australia Jennifer Bryant Office of Regulation Review Australia.
European External Investment Plan
Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.
EMPLOYER HIPAA COMPLIANCE STRATEGIES HIPAA Summit Audio Conference
A Practical Risk-Based Approach
Consumer Privacy An Introduction
Privacy Project Framework & Structure
Modified Stage 2 Meaningful Use: Objective #1 – Protect Electronic Health Information July 5, 2016 Today’s presenter: Al Wroblewski, PCMH CCE, Client.
Health Care: Privacy in a Digital Age
Presented by: Steven S. Lazarus, PhD, FHIMSS
Gem Complete Health Services
HIPAA Security Standards Final Rule
Competencies in Health Information Systems
Drew Hunt Network Security Analyst Valley Medical Center
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Scranton School District School Safety Update
Healthcare Security Rule Compliance: Afternoon Plenary Session
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Strategies to Comply with the HPAA Privacy Rule Before the HIPAA Security and Enforcement Rules are Final Presented by: Steven S. Lazarus, PhD, FHIMSS.
CyberSecure: Your Medical Practice
Organizational Priorities
National data opt-out - Preparing for implementation
Penn State Information Technology
Presentation transcript:

Analysis of the Final HIPAA Security Rule Sponsored by: HIPAA Summit February 18, 2003 Chris Apgar, CISSP HIPAA Compliance Officer Providence Health Plans

Presenter - Chris Apgar, CISSP Key Points Where to start Objective steps Good news Resources February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Where To Start Data security as a strategic versus tactical objective Overcoming the belief that security is another IT initiative Problem generally not getting to the top but keeping top management engaged February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Where to Start Focus on culture, business process versus technology – change the belief “this is only an IT issue” Partner with regulatory, compliance, clinical – generally deep concern felt for privacy of patient/member Patience & a sense of humor a must! February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Objective Steps Define business objectives & constraints Road map required or “how does security impact me?” Business objectives, constraints helps define required security infrastructure Determine Security Scope Due diligence => much broader than HIPAA Project management required – success requires proper planning, resources, measurable results, etc. February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Objective Steps Beyond the risk assessment Risk assessment/gap analysis paints the picture Business decisions required – not all risks will be mitigated Results will define required scope, plan and resources It needs to be sustainable following implementation (and there’s a cost) February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Object Steps You need to be able to see it On the organizational chart and in knowledgeable staff Simple & current policies & procedures Risk assessment repetition and integration Technology needs to protect, remain flexible In operation security stretches beyond organizational boarders February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Objective Steps Simple walkabout test What is in plain sight? Passwords on post its under keyboards? Logged in and unattended computers? Easy access to secure areas like the data center? What’s in the dumpster? February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Good News Often Little/no technology required Relatively low budget – high priced consultants not necessarily required Rule not proscriptive – security program requirements flexible Most “bang for the buck” - can get great results through strong workforce education programs February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Resources HHS HIPAA Web Site: http://aspe.hhs.gov/admnsimp National Institute of Health (regulatory information): http://list.nih.gov HealthExec Online (HIPAA): http://www.healthexec.net/index.html Tunitas Group: http://www.tunitas.com February 18, 2003 Presenter - Chris Apgar, CISSP

Presenter - Chris Apgar, CISSP Resources Workgroup for Electronic Data Interchange: http://www.wedi.org CPRI-Host Resource Center: http://www.cpri-host.org HIPAA Assessment: http://www.nchica.org/activities/EarlyView/nchicahipaa_earlyview_tool.htm Thomas Legislative Guide: http://thomas.loc.gov February 18, 2003 Presenter - Chris Apgar, CISSP

HIPAA Compliance Officer Providence Health Plan Question & Answer Chris Apgar, CISSP HIPAA Compliance Officer Providence Health Plan 3601 SW Murray Blvd., Suite 10 Beaverton, OR 97005 (503) 574-7927 (voice) (503) 574-8655 (fax) chris.apgar@providence.org February 18, 2003 Presenter - Chris Apgar, CISSP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.