Healthcare Security Professional Roundtable John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions, Inc.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Implementing and Enforcing the HIPAA Security Rule John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions,
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Health information security & compliance
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance, guidance and.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations.
Information Security Policies and Standards
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Information Systems Controls for System Reliability -Information Security-
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Introduction and Overview- The HIPAA Security Rule
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
HCCA HIPAA Readiness Survey Results Jody Noon Principal Deloitte & Touche Portland, OR November, 2002 John Steiner Esq. Chief Compliance Officer Cleveland.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA COMPLIANCE WITH DELL
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Implementing the HIPAA Security Rule John Parmigiani National Practice Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Eliza de Guzman HTM 520 Health Information Exchange.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
1 PARCC Data Privacy & Security Policy December 2013.
National Hipaa summit: Response to ocr audits Presented by: Mac McMillan CEO CynergisTek, Inc. February 19, 2013.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
IS4680 Security Auditing for Compliance
General Counsel and Chief Privacy Officer
Final HIPAA Security Rule
County HIPAA Review All Rights Reserved 2002.
Thursday, June 5 10: :45 AM Session 1.01 Tom Walsh, CISSP
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Lesson 1  7 Basic Components of an Effective Compliance Plan
HIPAA Security Standards Final Rule
The Tenth National HIPAA Summit April 7, 2005
HIPAA Policy & Procedure Strategies
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Healthcare Security Rule Compliance: Afternoon Plenary Session
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

Healthcare Security Professional Roundtable John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions, Inc. (Moderator)

2 Panelists  John Parmigiani (moderator)  Ali Pabrai  Ken Patterson  Tom Walsh  Drew Hunt  Richard Marks

3 Agenda  Individual Presentations on Key Topic Areas  Familiarity with Polling Mechanism and Audience Views on Security Issues  Questions and Answers

4 Presentation Topics  Security Policies- John Parmigiani  Risk Analysis- Ali Uday  Password Authentication- Ken Patterson  Audit Control- Tom Walsh  Contingency Planning- Drew Hunt  Legal Considerations for Enforcement- Richard Marks

5 John Parmigiani  CTGHS National Practice Director for Regulatory and Compliance Services  CTGHS National Practice Director of HIPAA Compliance Services  HCS Director of Compliance Programs  HIPAA Security Standards Government Chair/ HIPAA Infrastructure Group  Directed development and implementation of security initiatives for HCFA (now CMS)- Director of Enterprise Standards  Security architecture  Security awareness and training program  Systems security policies and procedures  E-commerce/Internet  Directed development and implementation of agency-wide information systems policy and standards and information resources management  AMC Workgroup on HIPAA Security and Privacy;Content Committee of CPRI- HOST/HIMSS Security and Privacy Toolkit; Editorial Advisory Boards of HIPAA Compliance Alert’s HIPAA Answer Book and HIPAA Training Line; Chair,HIPAA- Watch Advisory Board; Train for HIPAA Advisory Board; HIMSS Privacy and Security Task Force

6 Security Goals  Confidentiality  Integrity  Availability of protected health information

7 Good Security Practices  Access Controls- restrict user access to PHI based on need-to-know  Authentication- verify identity and allow access to PHI by only authorized users  Audit Controls- identify who did what and when relative to PHI

8 Symbiotic Relationship  Privacy + Security = Confidentiality (the Present- HIPAA Compliance)  Electronic information security provides the necessary trusted environment for e-Health (the Future- total e-Health)

9 Immediate Steps  Assign responsibility to one person-CSO and establish a compliance program  Conduct a risk analysis  Develop/update policies, procedures, and documentation as needed  Deliver security training, education, and awareness in conjunction with privacy  Review and modify access (authentication) and audit controls  Establish security incident reporting and response procedures  Develop business continuity procedures (contingency planning)  Make sure your business associates and vendors help enable your compliance efforts

10 HIPAA = Culture Change Organizational culture will have a greater impact on security than technology. Must have people optimally interacting with technology to provide the necessary security to protect patient privacy. Open, caring-is-sharing environment replaced by “need to know” to carry out healthcare functions. Organizational Culture Technology 20% technical 80% policies & procedures !!!

11 Policies, Procedures & Documentation Policies Procedures Forms & Memos Detail High Level Low Level

12 Importance of Policies/Procedures  State the organization’s intent relative to what it will do to protect patient- identifiable and sensitive health information  Must be clear and concise and “actionable”  Must be implemented and enforced  Foundation piece for helping to prove “due diligence” along with other “documentation”

13 Privacy Policies and Procedures  Corporate and department policies and procedures relating to: confidentiality, information security, information security incident reporting, disciplinary action and sanctions for security and confidentiality breaches, physical and technical security  Confidentiality agreements-employees and vendors

14 Information Security Policy  The foundation for an Information Security Program  Defines the expected state of security for the organization  Defines the technical security controls for implementation  Without policies, there is no plan for an organization to design and implement an effective security program  Provides a basis for training  Must be implemented and enforced or just “shelf ware”

15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.