One Academic Medical Center’s Response to HIPAA David McKelvey DUHS January 12, 2001.

Slides:

Advertisements

Similar presentations

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner

Advertisements

(Individuals with Disabilities Education Improvement Act) and

Program Management Office (PMO) Design

January 2011 National Alliance for Public Safety GIS Foundation Presentation to the Geospatial World Forum.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

Strengthening Institutions Programs Title III

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Electronic Digital Computer Mechanic Apprentice Program Cultivating technical skills critical to current & future needs Preparing our workforce to support.

BUMC Early Career Faculty Development Program Executive Summary Mentorship Task Force.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

NORMA GOMEZ, MBA, MSN, RN, CNN Unique Challenges for the Nephrology Professional in Managing Change.

Community Information Technology Engagement (CITE): Program Overview

NASA PKI for PKI FORUM Presenters: Paul Ma, NASA-Ames Research Center

Security Guide for Interconnecting Information Technology Systems

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

HW&W, Incorporated 7602 Granada Drive Bethesda, MD Telephone: H W & W, Incorporated e-Business Strategies “Providing Just-in-Time Solutions.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

Agents of Change Project Information Sessions December 2014 Speaker: Agata Stypka and Liza Oulman.

The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.

State of Iowa Enterprise HIPAA Compliance

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Changes in the International Standards for the Professional Practice of Internal Auditing & Implications for Healthcare Organizations AHIA Northwest Regional.

Internet2 Health Sciences Security Jere Retzer, OHSU March 7, 2001.

Objectives 4 Understand the importance of communication in projects 4 Understand the need and importance of project management.

College Application Week Ohio Appalachian Center for Higher Education.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

The Fifth National HIPAA Summit – October 30, 2002 What to Do Now: Operational Implementation of HIPAA Privacy and Security Training Presented by: Steven.

1 SAFECOM/Interoperability Overview Dr. David Boyd, Director Public Safety Wireless Interoperability Policy Academy.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

EDUCAUSE 2005 Annual Conference October 19, 2005.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

National HIPAA Audioconference: Analysis of the National Provider Identifier Preparing for the NPI Transition January 11, 2006.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

What is NCHICA ? 501(c)(3) nonprofit research & education 250+ members including: Providers Health Plans Clearinghouses Professional Associations and Societies.

ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.

TAX-AIDE District Coordinator Training & Orientation 1 Aug 2015.

Public Safety and Homeland Security Bureau 2006 Annual Report January 17, 2007.

Standards Education 18 March 2009 Steve Mills, Chair, SEC Standards Board Forum.

Employment Now: Building a Foundation for Change AN UPDATE FROM THE 2005 SUMMIT.

ROUNDTABLE New Tools & Initiatives for Addressing Medical Device Security Thursday, February 17, 9:45am ROUNDTABLE New Tools & Initiatives for Addressing.

E-Health Working Group: Questionnaire Helsinki, 30 September, 2015 E-Health Working Group: Preparing for the Kosovo conference Questionnaire Helsinki,

HIPAA Summit Practical Approaches to Sticky Payer Issues April 26, 2002 Bob Perlitz, AVP, HIPAA Compliance Officer.

Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.

Academic Medical Centers and Health Insurance Portability and Accountability Act of 1996 (HIPAA) Ken Klingenstein - Michael Pickett Rob Carter - Duke OIT.

1 An Overview of Process and Procedures for Health IT Collaboration GSA Office of Citizen Services and Communications Intergovernmental Solutions Division.

HIPAA COMPLIANCE IN WASHINGTON STATE Vicki Hohner Washington State Dept. of Health March 15, 2002.

IS3220 Information Technology Infrastructure Security

1 Security Perspective - Rail Stable workforce, well trained / closely supervised Larger railways have permanent security forces Professional Railway personnel.

ERA-PLANET KoM, Brussels February 2016 WP4- Follow-up and monitoring of projects Dr. Joan Masó Center of Research in Ecology and Forestry Application.

Traveling into the Future with the 5010 Implementation Timeline HIPAA COW Spring 2009 Conference Presented by Laurie Burckhardt, WPS EDI Manager.

PRECONFERENCE III Advanced Strategies to Achieve ROI in Implementing HIPAA Karl Ideman, CEO Pool Administrators Inc. September 14, 2003.

State Coordinator Intervention

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

THE ACCOUNTABLE NET: INFORMATION SECURITY GOVERNANCE

TM Workgroup for Electronic Data Interchange.

TM Workgroup for Electronic Data Interchange.

Presented by: Steven S. Lazarus, PhD, FHIMSS

HIMSS National Conference New Orleans Convention Center

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Introduction to the PACS Security

Presentation transcript:

One Academic Medical Center’s Response to HIPAA David McKelvey DUHS January 12, 2001

Education Goal: Learn the material. Regulations in the Federal Register Expert analyses / interpretations Conferences NCHICA HIPAA HealthKey WEDI conference INfoSec 2000 GG/healthcare symposium HIPAA National Summit in DC AMC HIPAA Workshop Awareness Orientation Identification Organization Technology Normalize Contacts

HIPAA security training sessions Goal: Introduce HIPAA to the organization and stimulate planning required to become compliant. 4 hours long Held approximately every 6 weeks Lecture style presentation Several hundred people have attended so far Awareness Orientation Identification Organization Technology Normalize Contacts

HIPAA first look meetings (Gap Analysis) Goals: Equip groups with information required to prepare HIPAA budget requests. Give snapshot to senior mgmt. 3-6 hours long Scheduled with individual groups In attendance management and IT people Deliverable is a spreadsheet filled out by the group Compliance level (L M H) Challenges, needs, success factors in becoming compliant ($ ET ST OC T O SL HSL SD) Opportunities while/in becoming compliant ($ ST O SL HSL TEAM STDS SD) Cost estimate to become compliant (L M H) Cost estimate to stay compliant (L M H) About 18 groups have participated so far

Awareness Orientation Identification Organization Technology Normalize Contacts Groups Goal: Organize people and activities required to bring the organization into HIPAA compliance. Changes to policy, procedures, and technology in equal measure is required. Executive committee Policy group Evaluation and monitoring committee Information security office Technical security guidance groups Oversight groups Managers

Awareness Orientation Identification Organization Technology Normalize Contacts Goal: Prototype, pilot, and implement technological solutions to HIPAA requirements best addressed by common or interoperable technological solutions. Firewall Public Key Infrastructure (PKI) Digital Signature Virtual Private Network (VPN) Wireless network access Anti-virus software Personal firewall PDA access Intrusion detection Security incident

Awareness Orientation Identification Organization Technology Normalize Contacts Goal: Participate in activities with representatives of other HCOs intended to define what is adequate, promote interoperable standards, and coordinate implementation. North Carolina Healthcare Information and Communications Alliance (NCHICA) Implementation Planning Task Force Data Security Workgroup Network Security and Interoperability Workgroup Transactions Workgroup Workgroup for Electronic Data Interchange (WEDI)

Awareness Orientation Identification Organization Technology Normalize Contacts David NCHICA: WEDI: