Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Project Framework & Structure

Published byElvin Morton Modified over 6 years ago

Similar presentations

Presentation on theme: "Privacy Project Framework & Structure"— Presentation transcript:

1 Privacy Project Framework & Structure
HIPAA Summit Brent Saunders

2 Philosophy and Approach to Privacy
Six key concepts drive the project philosophy: Primary focus on business drivers, secondary on regulatory drivers Privacy and security programs should be well coordinated (information protection) Good faith efforts and documentation are essential to demonstrate compliance Approach privacy as a series of manageable implementation projects Integrate privacy and security programs into existing organizational structure and reporting realities Partner compliance and business resources The approach recognizes that, beyond legal and regulatory requirements, information protection is an emerging business imperative, whether it’s employee, patients, members, clinical and/or corporate information

3 An Approach – Implementing a Privacy Program
Assessment vs. Implementation Projects should be developed by teams and refined with the business people/department to meet your organization’s business needs, processes and environment An “implementation” approach can be broken down into the following phases: Project Organization and Impact Program and Project Structure Refinement Detail Planning/Rollout Implementation

4 The 4 Phases Project Management and Quality Assurance
Phase II – Program and Project Structure Refinement Phase III – Detail Planning and Rollout Phase I – Project Organization Phase IV – Implementation Set Expectations, Objectives, Approach Goals & Strategic Direction Build Detailed Project Plans Project Management Organizational and Legal Analysis Document Review Develop Integrated Project Plan Ongoing Oversight (as needed) Project Management Setup and Initiation Information Flow Analysis Assign Project Accountability Specific Project Assistance (as needed) Privacy Laws and Regulations - Impact Analysis Needs Assessment Finalize Project Management Structure Progress Validation (as needed) Awareness Training (as needed) Project Identification Launch Privacy & related Security Projects Compliance Maintenance Project Management and Quality Assurance

5 Steering Committee Work Groups Project Management Privacy Office
V.P.-level members from Compliance, Legal, and Functional areas Establish mission Obtain support from senior management Oversight Oversight Strategy Work Groups Work Groups established for each functional area, e.g., medical records, finance Report findings Project Management Privacy Office Develop and coordinate risk-management and compliance activities Strategy Data mapping Gap analysis Monitor compliance Implementation Develop and oversee training Business Processes Maintain compliance Assist and support business units

6 Ongoing Program Organization
Compliance Model Hub and Spoke Model Privacy Committee Model Legal Model IT Model

Download ppt "Privacy Project Framework & Structure"

Similar presentations

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS 1 1 1.

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Organizational Governance

Organizational Governance
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner www.ociusmedinfo.com.

Electronic Medical Records: Implications of HIPAA for Selecting and Implementing an EMR Todd Frech Senior Partner
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Business Continuity and Disaster Recovery Planning.

Business Continuity and Disaster Recovery Planning.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Baseline Assessments / Swim Lane Diagrams Presented by: Helen C. Burch, MBA Managed Care Advisors, Inc.

Baseline Assessments / Swim Lane Diagrams Presented by: Helen C. Burch, MBA Managed Care Advisors, Inc.
Implementing SMS in Civil Aviation: the Canadian Perspective.

Implementing SMS in Civil Aviation: the Canadian Perspective.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Coordinating Center Overview November 18, 2010 SPECIAL DIABETES PROGRAM FOR INDIANS Healthy Heart Project Initiative: Year 1 Meeting 1.

Coordinating Center Overview November 18, 2010 SPECIAL DIABETES PROGRAM FOR INDIANS Healthy Heart Project Initiative: Year 1 Meeting 1.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],

Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
1 CHCOHS312A Follow safety procedures for direct care work.

1 CHCOHS312A Follow safety procedures for direct care work.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Session No. 3 ICAO Safety Management Standards ICAO SMS Framework

Similar presentations

Ads by Google