© HIPAA Continuity Planners 2012 1 HIPAA Mandates a PLAN! (beyond hardware and software) Presented in Partnership with.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

CIP Cyber Security – Security Management Controls

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

NAU HIPAA Awareness Training

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Privacy, Security, Confidentiality, and Legal Issues

PRIVACY, SECURITY AND MEANINGFUL USE Is your practice compliant?

March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.

Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.

Capability Cliff Notes Series PHEP Capability 8—Medical Dispensing and Countermeasures What Is It And How Will We Measure It?

The Food Hygiene Rating Scheme [EH Team member] [Local Authority name] [Local Authority address]  [relevant telephone number] [relevant address]

Security Controls – What Works

Computer Security: Principles and Practice

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

Steps to Compliance: Risk Assessment PRESENTED BY.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

TELLEFSEN AND COMPANY, L.L.C. SEC Regulation SCI and Automation Review Policy Compliance March 2013 Proprietary and Confidential.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Department of Human Resources. Progressive Process A progressive discipline system gives employees ample warning of misconduct or work-related problems;

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Network security policy: best practices

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

National Public Health Performance Standards Local Assessment Instrument Essential Service:3 Inform, Educate, and Empower People about Health Issues.

Leaders Manage Daily Operations

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Hazards Identification and Risk Assessment

Annex A ASBOs are a powerful tool for protecting victims and stopping anti-social behaviour. Much effort goes into getting the ASBO by the agencies involved.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Working with HIT Systems

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

Western Asset Protection

Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.

Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,

OHSAS Occupational health and safety management system.

EXPECT THE UNEXPECTED Prepare Your Business for Disaster.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Essential Requirements of Pool Management Companies

Non-Compliance Behaviors General Overview of Physical Restraint Requirements for Public Education Programs Prepared by the Massachusetts Department of.

Reporting personal data breaches to the ICO

Disability Services Agencies Briefing On HIPAA

Final HIPAA Security Rule

County HIPAA Review All Rights Reserved 2002.

Small Business Technical Checkup for the 21st Century

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

The Health Insurance Portability and Accountability Act

Continuity of Operations Planning

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Presentation transcript:

© HIPAA Continuity Planners HIPAA Mandates a PLAN! (beyond hardware and software) Presented in Partnership with

855.85HIPAA Compliance Simplified – Achieve, Illustrate, Maintain Industry leading Education Certified Partner Program Todays Webinar Please ask questions via questions or chat Todays slides are available Past webinars and recordings

© HIPAA Continuity Planners HIPAA Mandates: Risk Analysis Continuity Plan Security Procedures An Incident Response Plan Contact Procedures Documentation Employee Training

© HIPAA Continuity Planners Processes and Procedures Risk Analysis Process of identifying possible external and internal conditions, events or situations, determination of causal relationships between probable happenings, their magnitude with likely outcomes, as they might effect the continuing operation of the office.

© HIPAA Continuity Planners Processes and Procedures Continuity Plan Set of documents, instructions, and procedures which enable a business to respond to accidents, disasters, emergencies, and threats without any stoppage or hindrance in its key operations. Business resumption plan, disaster recovery plan, or resilience plan* * From BusinessDictionary.com

© HIPAA Continuity Planners Processes and Procedures Security HIPAA mandates security procedures for: Premises Access Computer Access authorization Server Access Log-in Monitoring Password management Health information sharing Termination procedures Compliance Tracking Software with logs Business Associates

© HIPAA Continuity Planners Processes and Procedures for Incident Response Plan Some steps of the IRP may include the following: Define the incident – what happened? When did it happen? Who was involved? When was it discovered? Stop the incident – if a smartphone is lost take the steps to disable the access, if a breach is found take the steps to prevent further access, etc. Document the incident – fill in all the details of what occurred from step 1 (define the incident) and step 2 (steps taken to stop the incident). Clearly document all aspects of the incident.

© HIPAA Continuity Planners Processes and Procedures for Incident Response Plan Notify appropriate individuals / agencies –the amount of patient records affected will determine what notification steps are needed. Individual patients and Health and Human Services (HHS) will need to be notified. In addition, local media may need to be notified as well. Provide guidance to prevent the incident from occurring again – an important aspect of an incident response is to ensure that the same incident does not happen in the future. Recommendations to increase security and reduce the risk of an incident are essential.

© HIPAA Continuity Planners Processes and Procedures Contact Plan Establish: Procedures to contact employees via telephone, text and/or in case of office closing. A copy of employee emergency notification outside of the office A copy of patient contacts for daily appointments be available outside the office for notification of an office closing.

© HIPAA Continuity Planners Documentation HIPAA required documentation: Risk Analysis Written Continuity Plan Security Procedures Emergency operation mode plan Periodic Evaluations Compliance Tracking Software with logs

© HIPAA Continuity Planners Training Security Awareness Training Computer Security Incident Command Evacuation Procedures and Responsibility Basic HIPAA Requirements Employee buy-in through understanding

© HIPAA Continuity Planners Tier A is for violations in which the offender didn’t realize he or she violated the Act and would have handled the matter differently if he or she had. This results in a $100 fine for each violation, and the total imposed for such violations cannot exceed $25,000 for the calendar year. Tier B is for violations due to reasonable cause, but not “willful neglect.” The result is a $1,000 fine for each violation, and the fines cannot exceed $100,000 for the calendar year. Tier C is for violations due to willful neglect that the organization ultimately corrected, and the fines cannot exceed. The result is a $10,000 fine for each violation $250,000 for the calendar year. Tier D is for violations of willful neglect that the organization did not correct. The result is a $50,000 fine for each violation, and the fines cannot exceed $1,500,000 for the calendar year. The HITECH Act allows states attorneys general to levy fines and seek attorneys fees from covered entities on behalf of victims. Courts now have the ability to award costs, which they were previously unable to do. HIPAA/HITECH Penalties

855.85HIPAA Compliance Simplified – Achieve, Illustrate, Maintain Compliance Simplified! Maintain Illustrate Achieve Free Demo and 15 Day Evaluation HIPAA New & Past Webinars HIPAA Compliance HITECH Attestation Meaningful Use core measure 15

© HIPAA Continuity Planners Questions? A.J. (Andy) Weitzberg President Ofc Cell