Effective Integration of HIPAA Information Security with Privacy Compliance Richard B. Boyer, Privacy Officer Jody S. Hawkins, Information Security Officer.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Role of Senior Management
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Choosing Community Health Services
Introduction to Standard 5: Patient Identification and Procedure Matching Advice Centre Network Meeting Nicola Dunbar March 2013.
ISO in Histopathology Louise O’Callaghan MSc FAMLS
Satellite Operations Center Emergency Management Update & Exercise Review 4/3/2009.
Unit 1: Introductions and Course Overview Administrative Information  Daily schedule  Restroom locations  Breaks and lunch  Emergency exit routes 
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Are you ready for HIPPO??? Welcome to HIPAA
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
© 2012 Cengage Learning. All Rights Reserved. May not be scanned, copied, duplicated, or posted to a publicly accessible website, in whole or in part.
2010 Region II Conference Corporate Compliance Panel June 3, 2010
Clinical Information System Implementation Project Prepared for Clinical Affairs Committee December 4, 2002.
Department of Patient RelationsMeasuring to Achieve Patient Safety General Information Session.
1 Drug and Therapeutics Committee Session 10. Standard Treatment Guidelines.
Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.
Employee Orientation and Training
Centers of Excellence Monterey Bay Public Employees Trust Centers of Excellence 2014 Centers of Excellence are selected after careful review by.
Standard 5: Patient Identification and Procedure Matching Nicola Dunbar, Accrediting Agencies Surveyor Workshop, 10 July 2012.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Science & Technology Grades Spring 2007
Institute for Criminal Justice Studies School Safety Teams School Safety Teams ©This TCLEOSE approved Crime Prevention Curriculum is the property of CSCS-ICJS.
Memorial Hermann Healthcare System Clinical Integration & Disease Management Dan Wolterman April 15, 2010.
HOSPITAL PHYSICIAN INTEGRATION ACHE WEST VIRGINIA CONFERENCE MAY 30, 2014.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Introduction to Healthcare and Public Health in the US Delivering Healthcare (Part 2) Lecture a This material (Comp1_Unit3a) was developed by Oregon Health.
WORKSHOP IV Integrating Ethics, Compliance, Privacy and Security into a Single Organizational Initiative Geralyn Kidera JD Senior Vice President Council.
Integrating HIPAA Into Your Compliance Program Fifth Annual National Congress on Health Care Compliance February 7, 2002 Glenna S. Jackson Vice President.
The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.
Risk Management, Assessment and Planning Committee III-4.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
The Expectation Triad Healthcare Engineering Consultants Regulatory Compliance: “Ensuring that all of the required standards are being met”
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Security and Privacy Practices for Electronic Health Records Joseph W. Hales, PhD, FACMI Intermountain Healthcare Salt Lake City, UT.
The Purchase and Implementation of Smart Infusion Pump Technology: Lessons Learned at a Multi-Hospital System Deborah Christopher, BSN, RN, Six Sigma Black.
Together.Today.Tomorrow. The BLUES Project Karen C. Fox, PhD Chief Executive Officer.
Introduction Research indicates benefits to companies who establish effective worker safety and health programs: –Reduction in the extent and severity.
Eliza de Guzman HTM 520 Health Information Exchange.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
1 Your Skills and Experience Are a Valuable Resource to Your Department and to the City of Houston. We Wish You an Expedited Recovery and Safe Return to.
Seventh National HIPAA Summit HIPAA Compliance Case Study: HIPAA and Academic Medicine - Lessons Learned Past, Present and Future.
Working with HIT Systems
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S.
Bill Van Hout Aspect 3/1/2010 Uniting Healthcare Communications for Improved Health Outcomes and Patient Satisfaction.
Memphis, TN Thomas Duarte, Executive Director, MSeHA.
Warm-up List 5 influences on your choice of health care products or services. Circle the two that most often affect your decisions Remember yesterday we.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
The Hospital & Healthsystem Association of Pennsylvania© Updated August 2015 Pennsylvania Hospital Perspective, Ten Year Trend in Inpatient and.
Strategic Approaches to HIPAA Access & Audit HIPAA Summit West II March 15, 2002 San Francisco, CA Mariann Yeager tel cel
Randall (Randy) Snyder, PT, MBA Division Director January 27, 2016
First Impressions and an Ethical Foundation
Maxim Health Information Services
The Privacy Cycle A Five-Step Process to Improve Your Privacy Culture
Workforce Privacy & Security Training HIPAA Audio Conference
OH&S Procedure Roll-out Update to Best Practices Committee
HIPAA Security Standards Final Rule
Drew Hunt Network Security Analyst Valley Medical Center
Emergency Dept. Process Improvement for Behavioral Health Patients
Auditing Compliance with the Privacy Rule
Continuing challenges regarding previous “findings” :
Chapter 11 Management Skills.
Presentation transcript:

Effective Integration of HIPAA Information Security with Privacy Compliance Richard B. Boyer, Privacy Officer Jody S. Hawkins, Information Security Officer Children’s Medical Center Dallas

2 Agenda Introduction and Objectives Children’s background information Important considerations for effective integration of security with existing privacy initiatives Using lessons learned from Privacy to successfully implement HIPAA Security Compliance Policy and Procedural changes Effective Communications Plan Training Plan Questions and Answers

3 Objectives Explain areas where the necessary changes needed for Security compliance may be implemented in a more efficient way than with HIPAA Privacy Demonstrate the benefits of systematic cooperation between Privacy Officer, Information Security Officer and other departments responsible for compliance activities Show important areas where we can effectively integrate Privacy and Security efforts

4 Background on Children’s Medical Center Dallas Private – Not for profit, located in Dallas, TX 325 operating patient-beds with 61 critical care and 264 medical/ surgical beds Fourth largest pediatric hospital in the United States. A system of nearly 50 outpatient specialty clinics providing a comprehensive range of care to children with specialized medical needs Children’s Dallas cares for more than 325,000 children each year. One out of every seven children in North Texas is treated at the hospital. (17,229 inpatient admissions in 2003) The nation’s busiest pediatric emergency room. In 2003 there were more than 98,000 emergency visits. The nation’s first pediatric day-surgery program with two dedicated surgery facilities for inpatient and outpatient surgeries with more than 10,000 day-surgeries performed in A major pediatric kidney, liver and heart transplant center with more than 36 transplants in Access to the most advanced medical research and treatments available through its affiliation as the primary pediatric teaching facility for UT Southwestern Medical Center at Dallas.

5 Important Consideration Factors for Integrating Security and Privacy

6 Important Consideration Factors Several Privacy concerns may have been handled with Information Security implementations in 2003 System/Application Access Limitations Physical Safeguards Audit Functions (technical) HIPAA as a whole should appear seamless to the end users Single HIPAA “hotline” for questions and reporting incidents for Privacy and Security Constant communications between Privacy Officer, ISO and CCO

7 Important Consideration Factors Workforce should not have to repeat processes for Security that have already been accomplished for Privacy if those processes can be combined Learning Management Systems Location of posted policies “HIPAA at Childrens” HIPAA awareness activities Audits, Reports, and Investigations for Privacy and Security can be handled together for a clearer picture of compliance

8 Using lessons learned from Privacy to successfully implement HIPAA Security Compliance

9 Areas of Opportunity for Utilizing Lessons Learned Policy and Procedure Development

10 Policy and Procedures ISO and Privacy Officer Review Privacy P&P rollout strategy and results to evaluate strengths and areas for improvement Ensure that everyone is clear on the review and approval process for P&P Eliminate overlap by clearly defining P&P ownership by category (Privacy or Security) Cross reference between Privacy and Security Policies where applicable Update Privacy Policies as Security Policies are implemented Watch out for redundant redundancy It is better to have a weaker policy that you can follow than to write a strict policy you know will be consistently violated

11 Areas of Opportunity for Utilizing Lessons Learned Policy and Procedure Development Effective Communications Plan

12 Effective Communications Plan Remember that to staff… HIPAA is HIPAA is HIPPA – meaning the majority of them do not understand the difference between Privacy, Transactions/Code Sets and Security 4 C’s of employee communications Clear Concise Consistent Correct Utilize Multiple Media resources to deliver the message Stress importance of compliance as an overall organization goal rather than a departmental mandate

13 Areas of Opportunity for Utilizing Lessons Learned Policy and Procedure Development Effective Communications Plan Training Plan

14 Training Plan “piggy back” where possible Capitalize on successful methods when rolling out Security training Success of Training effort is quality indicator for your Communications Plan Consider implementing a Privacy Refresher with Information Security HIPAA training

15 Summary and Questions

16 Summary There is no “silver bullet” to guarantee success for Security implementation, but building on the experiences of preparing for the April 2003 Privacy compliance date can provide a good road map Security compliance should complement the overall HIPAA compliance effort and not live in a vacuum There are opportunities to utilize “lessons learned from Privacy to improve the approach and success of Security implementation; especially in the areas of P&P development, communications planning and training of the workforce

17 Questions????

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.