Auditing Compliance with the Privacy Rule

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

Managing Compliance Related to Human Subjects Research Review Joseph Sherwin, Ph.D. Office of Regulatory Affairs University of Pennsylvania Fourth Annual.
Preparation of the Self-Study and Documentation
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Red Flag Rules: What they are? & What you need to do
Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Ministry Health Care Corporate Responsibility Program Medical Staff Education.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
RMS – a collaborative approach Presentation Lyn Dare & Stephen Larmour Authorisation & Audit Comcare.
Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.
Peer Review - Overview DEB KAZMERZAK, IOWA PCA ACKNOWLEDGEMENT: LINDA RUBLE, PA/NP, PCA CLINICAL CONSULTANT.
Medication Reconciliation Networking Session Steve Rough, MS., RPh. Director of Pharmacy University of Wisconsin Hospital and Clinics.
Informed Consent and HIPAA Tim Noe Coordinating Center.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
DEBRA A. SCHUCHERT DIRECTOR OF NETWORK OPERATIONS & COMPLIANCE CLAIMS BILLING & ADJUDICATION TRAINING
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Revenue Cycle Management Medical Technology Acquisition and Assessment Team Members: Joseph Dixon, Michael Morotti, Mari Pirie-St. Pierre, David Robbins.
Component 2: The Culture of Health Care Unit 3: Health Care Settings— The Places Where Care Is Delivered Lecture 3 This material was developed by Oregon.
Copyright © 2005 Thomson Delmar Learning. ALL RIGHTS RESERVED.1 This product was funded by a grant awarded under the President’s Community-Based Job Training.
WORKSHOP IV Integrating Ethics, Compliance, Privacy and Security into a Single Organizational Initiative Geralyn Kidera JD Senior Vice President Council.
The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.
HIPAA Presentation Washington D.C April 26, 2002 Presenter: Alice Polley, Vice President Clinical Services, Integrity Officer.
The Perfect Storm: Challenges on the Horizon for Funding and Regulatory Controls in Research Andrew Nelson Executive Director HealthPartners Research Foundation.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
Collaborative Fall Reduction Program Jane Swaim, RN CNO, Senior Vice President, Nursing Jeannie Smith RN, Clinical Data Coordinator, Quality Management.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Auditing Electronic Medical Record Systems
Copyright © Emerson Strategic Group, Inc. All Rights Reserved 1 Ninth National HIPAA Summit Auditing for Privacy Compliance: A Case Study September.
Patrick Sulzberger, CPA, CHC Compliance & The Board A Guide to Excellence.
1 Research Compliance at HMS: What is it Why it is important Who is involved How it affects you and how you can get help Postdoctoral Fellow Orientation.
Office of Human Research Protection Georgia Health Sciences University.
1 Role of the Privacy Office in VA Research Stephania H. Putt VHA Privacy Officer.
The TJU Human Research Protection Program (HRPP): Part I – Which Entities/Offices are Involved ? J. Bruce Smith, MD, CIP.
Patient Administration Performance Delivery Evidence Framework
Title of the Change Project
JMFIP Financial Management Conference
ICD-10 Provider Readiness Survey Results, November 2012
Evolution of a system wide cvo
ISO 14001: 2004 Environmental Management Review Presentation
Corporate Responsibility
SCC Partner Compliance Training Programs
Institute of Municipal Finance Officers & Related Professions
Understanding Costs and Demonstrating Your Impact
WELSH RISK POOL Vicky Langford.
Pharmacy and Therapeutics Committees in Thai Hospitals under Health Reform Sripairoj A, Liamputtong P, Harvey K La Trobe University, Australia.
Conducting an RHC Evaluation and
The Value of Advocacy: How to Become an Advocate for your Profession
TRINITY UNIVERSITY HOSPITAL INTERNAL EXIT MEETING
Introduction to CAUTI and CLABSI Initiatives
Legal, Regulatory & Compliance
Lehigh Valley Health Network: Community Care Team Compact
Office of Human Subjects Research
General Counsel and Chief Privacy Officer
ALLEGATIONS OF ABUSE Internal Occurrence Reporting and Investigation.
Countdown to Compliance
Survey Readiness RIDEOUT HEALTH Kimberly Black
ASSISTANCE DOGS INTERNATIONAL ACCREDITATION PROCEDURES 2018
Centennial Care 2.0 MCO Readiness
Workforce Privacy & Security Training HIPAA Audio Conference
The Practical Side of Meaningful Use:
Executive Committee Meeting May 18, 2018
SCC Partner Compliance Training Progams
Risk Management: why and how to protect your health center
Financial Affairs Users Group Update
Internal Audit Who? What? When? How? Why? In brief . . .
TEXAS DSHS HIV Care services group
Presentation transcript:

Auditing Compliance with the Privacy Rule Saira N. Haque Director, Corporate and HIPAA Compliance St Joseph’s Hospital Health Center

Agenda SJHHC Background Information Importance of Monitoring Monitoring Tools Results of Audits Conclusion

SJHHC Background Information Integrated Delivery Network 431 beds 1 main hospital with 21 ancillary sites Catholic Institution Located in Syracuse, NY Designated a Magnet Hospital for Nursing Excellence Part of a three-hospital alliance for laboratory services Some affiliated physicians use a Physicians Office Building located on campus Most physicians are not employed by the hospital

SJHHC Background Information Compliance Office is new, with few staff members. Other departments must be utilized: Performance Improvement Information Services Network Resource Education Department Financial Services Patient Collections Medical Records

Importance of Monitoring Part of the Privacy Rule History of effective monitoring policies and procedures will be helpful if a complaint about your organization is received Helps integrate Privacy Compliance with compliance efforts in the organization

Importance of Monitoring Results of monitoring efforts can be useful: May help with Security Rule Compliance Bring inconsistencies to light Highlight opportunities to modify policies/procedures

Monitoring Tools Physical Security Systems Security Walkthroughs Policy and Procedure Review Systems Security Access reviews Role-based access Information Security Assessment

Monitoring Tools Physical Security Walkthroughs were done prior to Privacy Rule Implementation Modified self-assessment tool after implementation to incorporate Security Rule Piloted updated tool in a clinical and a non-clinical area Performance Improvement sent out tool to areas and compiled results First time = self-assessment Subsequent times = different departments will survey each other

Monitoring Tools Systems Security Updated access policies as needed Incorporated Role Based Access when possible Conduct a monthly review of access to a sample of patients Employees, Physicians, VIPs, patients with restrictions Conduct reviews of individual employee access when indicated

Monitoring Tools Systems Security Audit Patient list sent monthly to Compliance Officer Compliance Officer selects sample and sends to IM and Medical Records IM pulls access history of designated individuals and sends to Medical Records Medical Records reviews access by system and documents inappropriate access Results sent to Compliance Officer for investigation

Monitoring Tools Information Security Assessment Engaged with Syracuse University to provide a Behavioral Assessment of Information Security Interviews with key staff and management Walkthroughs of various areas Shadowing designated employees

Audit Results Audit results are compiled regularly and reviewed by: Director of Corporate and HIPAA Compliance Designated Performance Improvement Representative Vice President of Corporate Services

Audit Results Suspicious access: Sent to Directors or Managers of designated areas (employee) Sent to Vice President of Medical Affairs (affiliate) Access is investigated and action taken as appropriate

Audit Results Process Gaps: Process gaps are reviewed with the Director or Manager of the appropriate area If gaps are Network-wide, they are reviewed with the appropriate Vice President Policies and procedures are updated as needed Training materials are updated as needed

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.