BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Red Flag Rules: What they are? & What you need to do
Hipaa privacy and Security
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA How It Is Affecting Information Systems Within Companies Around Us.
NAU HIPAA Awareness Training
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.
Health information security & compliance
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Steps to Compliance: Risk Assessment PRESENTED BY.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
HIPAA PRIVACY AND SECURITY AWARENESS.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.
New A.M. Best Cyber Questionnaire
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
Health Insurance Portability and Accountability Act By Bradley Gleich.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
Computer Security and the “H” word Glen Klinkhart, CEO Mike Messick, CTO.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
1 HIPAA Privacy Rule Clean-Up Following Compliance Date Tracie Hanna & Emily McConkey American Republic Insurance Company.
Health Insurance Portability and Accountability Act of 1996
By: Eamon Callahan and Wilston Johnston
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
By Joseph Carnevale, CIP Partner & Director of Sales
Lesson 1  7 Basic Components of an Effective Compliance Plan
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
Drew Hunt Network Security Analyst Valley Medical Center
Cyber Security: What the Head & Board Need to Know
Iowa Association of Community Providers/ Holmes Murphy NEW Employee Benefits Partnership January 15, 2019.
Introduction to the PACS Security
Presentation transcript:

BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE

AWARENESS Understand the new rules. Perform a “HIPAA gap” analysis Look at in-house policies Do an acceptable-use policy of computers in your organization What are grounds for termination? Prioritize actions to achieve compliance Got to’s, needs to’s and nice to’s Understand the new rules. Perform a “HIPAA gap” analysis Look at in-house policies Do an acceptable-use policy of computers in your organization What are grounds for termination? Prioritize actions to achieve compliance Got to’s, needs to’s and nice to’s

AWARENESS Implement privacy & security initiatives Administrative, technical and physical controls Physical safeguard: Is anybody at the front, asking who they are, why they are there Keeping physical log of who’s there, and why Administrative controls Acceptable use policy of computers SANS.org has education and material about HIPPA rules, templates, sharing group for best practices on privacy and security development Technical controls Meeting with network administrator, listen to them about why they see and fee feel is going on Social networking sites are often griped about as a time Review/update annually Look at polices and work with consultant to see if they’re up to date or if new rules have been established Implement privacy & security initiatives Administrative, technical and physical controls Physical safeguard: Is anybody at the front, asking who they are, why they are there Keeping physical log of who’s there, and why Administrative controls Acceptable use policy of computers SANS.org has education and material about HIPPA rules, templates, sharing group for best practices on privacy and security development Technical controls Meeting with network administrator, listen to them about why they see and fee feel is going on Social networking sites are often griped about as a time Review/update annually Look at polices and work with consultant to see if they’re up to date or if new rules have been established

PREPARATION Perform a PHI data risk analysis Hire out if you don’t know how to, lawyers, consultants Look at state government for example security plans Update BA Agreements Explore cyber liability insurance Transfer the cost of remediating a data breach Major insurers have cyber liability coverage AIG, Zurich (A-Z) Legal defense, breach notification costs, credit monitoring (things you offer people who have been victims) Benefit: they’ll do a HIPPA privacy and security assessment for you! Can give discount if you have a response plan in place Perform a PHI data risk analysis Hire out if you don’t know how to, lawyers, consultants Look at state government for example security plans Update BA Agreements Explore cyber liability insurance Transfer the cost of remediating a data breach Major insurers have cyber liability coverage AIG, Zurich (A-Z) Legal defense, breach notification costs, credit monitoring (things you offer people who have been victims) Benefit: they’ll do a HIPPA privacy and security assessment for you! Can give discount if you have a response plan in place

PREPARATION Develop/test an incident response plan Document which pulls together the actions the organization will take when breach is caught Who is on the response team (IT, HR, PR, account management)? Who calls the lawyer, and when? Goes through scenarios (what happens if someone’s laptop gets stolen?) to anticipate before a breach happens Develop/test an incident response plan Document which pulls together the actions the organization will take when breach is caught Who is on the response team (IT, HR, PR, account management)? Who calls the lawyer, and when? Goes through scenarios (what happens if someone’s laptop gets stolen?) to anticipate before a breach happens

RESOURCES AND WEBSITES Oregon HIPAA Forumhttp:// Oregon Health Authority CABLEDISEASE/LOCALHEALTHDEPARTMENTS/Pages/hipaa.aspx Office for Civil Rightshttp:// Dept. Health and Human Services

RESPONSE TO BREACH Anatomy of a data breach Roles Who will take various roles? Communication to patient Communication to OCR Communication to technology staff/consultant Communication to attorneys Best practices Anatomy of a data breach Roles Who will take various roles? Communication to patient Communication to OCR Communication to technology staff/consultant Communication to attorneys Best practices