Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of the Final HIPAA Security Rule

Published byうきえ はやしもと Modified over 6 years ago

Similar presentations

Presentation on theme: "Analysis of the Final HIPAA Security Rule"— Presentation transcript:

1 Analysis of the Final HIPAA Security Rule
Sponsored by: HIPAA Summit February 18, 2003 Chris Apgar, CISSP HIPAA Compliance Officer Providence Health Plans

2 Presenter - Chris Apgar, CISSP
Key Points Where to start Objective steps Good news Resources February 18, 2003 Presenter - Chris Apgar, CISSP

3 Presenter - Chris Apgar, CISSP
Where To Start Data security as a strategic versus tactical objective Overcoming the belief that security is another IT initiative Problem generally not getting to the top but keeping top management engaged February 18, 2003 Presenter - Chris Apgar, CISSP

4 Presenter - Chris Apgar, CISSP
Where to Start Focus on culture, business process versus technology – change the belief “this is only an IT issue” Partner with regulatory, compliance, clinical – generally deep concern felt for privacy of patient/member Patience & a sense of humor a must! February 18, 2003 Presenter - Chris Apgar, CISSP

5 Presenter - Chris Apgar, CISSP
Objective Steps Define business objectives & constraints Road map required or “how does security impact me?” Business objectives, constraints helps define required security infrastructure Determine Security Scope Due diligence => much broader than HIPAA Project management required – success requires proper planning, resources, measurable results, etc. February 18, 2003 Presenter - Chris Apgar, CISSP

6 Presenter - Chris Apgar, CISSP
Objective Steps Beyond the risk assessment Risk assessment/gap analysis paints the picture Business decisions required – not all risks will be mitigated Results will define required scope, plan and resources It needs to be sustainable following implementation (and there’s a cost) February 18, 2003 Presenter - Chris Apgar, CISSP

7 Presenter - Chris Apgar, CISSP
Object Steps You need to be able to see it On the organizational chart and in knowledgeable staff Simple & current policies & procedures Risk assessment repetition and integration Technology needs to protect, remain flexible In operation security stretches beyond organizational boarders February 18, 2003 Presenter - Chris Apgar, CISSP

8 Presenter - Chris Apgar, CISSP
Objective Steps Simple walkabout test What is in plain sight? Passwords on post its under keyboards? Logged in and unattended computers? Easy access to secure areas like the data center? What’s in the dumpster? February 18, 2003 Presenter - Chris Apgar, CISSP

9 Presenter - Chris Apgar, CISSP
Good News Often Little/no technology required Relatively low budget – high priced consultants not necessarily required Rule not proscriptive – security program requirements flexible Most “bang for the buck” - can get great results through strong workforce education programs February 18, 2003 Presenter - Chris Apgar, CISSP

10 Presenter - Chris Apgar, CISSP
Resources HHS HIPAA Web Site: National Institute of Health (regulatory information): HealthExec Online (HIPAA): Tunitas Group: February 18, 2003 Presenter - Chris Apgar, CISSP

11 Presenter - Chris Apgar, CISSP
Resources Workgroup for Electronic Data Interchange: CPRI-Host Resource Center: HIPAA Assessment: Thomas Legislative Guide: February 18, 2003 Presenter - Chris Apgar, CISSP

12 HIPAA Compliance Officer Providence Health Plan
Question & Answer Chris Apgar, CISSP HIPAA Compliance Officer Providence Health Plan 3601 SW Murray Blvd., Suite 10 Beaverton, OR (503) (voice) (503) (fax) February 18, 2003 Presenter - Chris Apgar, CISSP

Download ppt "Analysis of the Final HIPAA Security Rule"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Challenges to Implementation of [real] Information Security August 21, 2002 Chris Apgar, CISSP Kate Borten, CISSP Ken Patterson, CISSP.

Challenges to Implementation of [real] Information Security August 21, 2002 Chris Apgar, CISSP Kate Borten, CISSP Ken Patterson, CISSP.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.

12 th National HIPAA Summit – Managing a Data Security Audit Program 2.05, 1:15 PM Chris Apgar, CISSP Apgar & Associates, LLC.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
Members Meeting WINGSForum 2014 March 29, 2014 Istanbul, Turkey

Members Meeting WINGSForum 2014 March 29, 2014 Istanbul, Turkey
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.

The Implementation of HIPAA Joan M. Kiel, Ph.D., C.H.P.S. Duquesne University Pittsburgh, Pennsylvania.
1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,

1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,
Privacy & Security Policy Meets Technology at the Crossroads: Best Practice Methods & Approaches to Developing Organizational Frameworks to Avoid Collision.

Privacy & Security Policy Meets Technology at the Crossroads: Best Practice Methods & Approaches to Developing Organizational Frameworks to Avoid Collision.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Privacy Project Framework & Structure HIPAA Summit Brent Saunders

Privacy Project Framework & Structure HIPAA Summit Brent Saunders
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.

Similar presentations

Ads by Google