Operating as a Hybrid Entity at Cornell John Ruffing – Assistant Director, Center for Advanced Computing (CAC) Cornell.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA AWARENESS TRAINING
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.
HIPAA Basics David H. Chin, MPA, CHC, CHPC, RHIA Director of Privacy Paula Bistak, DMH, RN,MS,CIP, CHRC.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
CAC we enable your success 5/15/2015www.cac.cornell.edu1 High Performance Computing Center Sustainability NSF Workshop May 3-5, 2010 Stanley Ahalt –
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Security Controls – What Works
US Perspectives on HIT Adoption and Assessment under Meaningful Use Blackford Middleton, MD, MPH, MSc Partners HealthCare System, Inc. Harvard Medical.
Living with HIPAA: Compendium of Next steps from Rural Hospitals to Large Health Systems to Physician Practices Presented by HIPAA Pros 5th Annual HIPAA.
Achieving and Sustaining HIPAA Compliance October 4, 2002 David Swartz George Washington University Melissa Glynn PricewaterhouseCoopers LLP.
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
WHAT'S AHEAD? Kathy Whitmire Dale Gibson February 15, 2011 HIPAA 5010, ICD-10, ACO's, VBP, HIGLAS, PECOS.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
State of Iowa Enterprise HIPAA Compliance
EMS Law Chapter 16. Copyright © 2007 Thomson Delmar Learning Objectives Identify the tools that a state health agency responsible for emergency medical.
2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Eliza de Guzman HTM 520 Health Information Exchange.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Component 8 Installation and Maintenance of Health IT Systems Unit 1a Elements of a Typical Electronic Health Record System This material was developed.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
Working with HIT Systems
Special Topics in Vendor- Specific Systems EHR Go-Live Strategies This material (Comp14_Unit8) was developed by Columbia University, funded by the Department.
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Health Insurance portability and Accountability Act (HIPAA)‏
© 2004 Moses & Singer LLP HIPAA and Patient Privacy Issues Raised by the New Medicare Prescription Drug Program National Medicare Prescription Drug Congress.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
HIPAA Security Final Rule Overview
A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.
Chapter 8 Auditing in an E-commerce Environment
Privacy and Security Tiger Team Potential Questions for Request for Comment Meaningful Use Stage 3 October 3, 2012.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Technology & Private Practice: Understanding the Legal & Ethical Challenges Bianca Puglia, Ph.D., LPC, NCC/Puglia Counseling Services Panagiotis Markopoulos,
Appropriate record of compliance with customs requirements Satisfactory system of managing commercial and, where appropriate, transport.
Audit Trail LIS 4776 Advanced Health Informatics Week 14
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Standards and the National HIT Agenda John W. Loonsk, MD
Paul T. Smith Davis Wright Tremaine LLP
Final HIPAA Security Rule
HIPAA Security Standards Final Rule
Drew Hunt Network Security Analyst Valley Medical Center
Introduction to the PACS Security
Presentation transcript:

Operating as a Hybrid Entity at Cornell John Ruffing – Assistant Director, Center for Advanced Computing (CAC) Cornell University Associate Director, Information Technology and Services Weill Cornell Medical College 1

Overview Informing Perspectives Organizational “Objects” Cornell Logistics

Perspectives Institutional Individual

Perspectives: Institutional Medical campus Significant separation –Distance, governance, ERP Burdens –Extensive –Expensive (potentially)

Burdens: Extensive Executing –Administrative –Technical –Physical Maintaining –Documentation –Training/Awareness –Periodic Review

Perspective: Individual Medical campus Previously led –EHR implementation (Epic) –SAP technical teams Coordinate IT aspects of audit

Overview Informing Perspectives Organizational “Objects” Cornell Logistics

Organizational Objects Covered Entity Organized Healthcare Arrangement Business Associate

Covered Entities Health Plans Healthcare Clearinghouses Healthcare Providers who –Electronically transmit Any health information in connection with –Transactions for which HHS has adopted standards 9

Typical HPC Providers Not covered entities themselves Not part of covered entity Handling identifiable data –Within the same institution –Ultimately from a covered entity 10

Covered Entity Trap Entire legal entity –Often more than really applies Unnecessary burden –Extent –Expense 11

Hybrid Entity Escape? Covered components –Same criteria as entity –Distinct and relevant Function Governance Formal designation 12

Cornell as Hybrid Entity Four components –Medical campus –Student health center –Benefits –Counsel Where is HPC? 13

Typical HPC Providers Not covered components themselves Not part of covered component Resistance to including –Burden –Definition 14

Business Associate Relationship to covered entity –For or on behalf –Other than in the workforce Separate legal entity 15

Overview Informing Perspectives Organizational “Objects” Cornell Logistics

Where is HPC? Privacy Rule –Extend the workforce Security Rule –Extend the protections Only as needed

Including HPC at Cornell Reminder: medical campus perspective Extending walled garden –Potential savings Not yet trying to share full resources Three aspects

Including HPC: Physical Co-lo –Already has personnel controlling and logging –Rationale for remote location Separate racks –Separate keys and associated controls

Extending to HPC: Technical IP Network –Extension of med network into data center With all security trimmings –Air gap (garden wall) to other networks Storage –Separate physical disks Shared array, on private management network –Shared storage switch Separate when volume makes feasible

Extending to HPC: Administrative Sharing Workforce –The lesson of athletics –Sysadmins leverage med training and awareness, follow documentation and procedures –Joint position supervision (direct control) Compliance –Elements accountable within garden E.g. shared array, on private management network –Other frameworks and HITRUST

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.