Presentation is loading. Please wait.

Presentation is loading. Please wait.

County HIPAA Review All Rights Reserved 2002.

Published byPierce Fletcher Modified over 6 years ago

Similar presentations

Presentation on theme: "County HIPAA Review All Rights Reserved 2002."— Presentation transcript:

1 County HIPAA Review All Rights Reserved 2002.
IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

2 Security Awareness Training
12/2/2018

3 HIPAA Health Insurance Portability & Accountability Act of 1996 HIPAA helps you understand your responsibilities based on your job responsibilities Procedures to Guard Data Integrity, Confidentiality, and Availability Such as: Administrative Procedures Physical Safeguards Technical Security Services Mechanisms Electronic Signature All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

4 Administrative Procedures
Personnel Security Assure supervision of maintenance personnel as set forth by security protocol Maintain a record of all access authorizations Personnel security policy/procedure reviewed at County compliance meeting System users trained in security and ways to identify breaches All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

5 Administrative Procedures, cont.
Security Configuration Management Documentation Hardware/Software installation Maintenance review Testing for security Inventory of all hardware/software Virus checking Procedures outlined Policies enforced All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

6 Administrative Procedures, cont.
Security Incident/ ManagementReporting Report procedures Incident reported to management Report written with witnesses involved and then forwarded to security personnel Response procedures Response will be documented and accurate the first time Risk analysis A periodic assessment will be taken after an initial analysis Risk management All identifiable risks will be documented and due diligence planning will be instituted All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

7 Administrative Procedures
Termination Procedures In the Event of Termination: Combination locks changed Removal from access lists Removal of user account(s) Turn in keys, token or cards that allow access All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

8 Administrative Procedures, cont.
Training Training is provided for all personnel(incl.mgmt) Periodic security reminders will be issued in our newsletter Users will receive training concerning virus protection Users will receive training concerning monitoring success/failure and how to report discrepancies User education in password mgmt All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

9 Physical Safeguards Assigned Security Responsibility
Responsibility will be assigned as follows: Federal Regulations Security Officer-HIPAA Management Supervisors Users Clients and Employee affected PHI will be trained by correspondence, leaflets, etc. All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

10 Physical Safeguards Media Controls Assigned access to media
Accountability-tracking is done on media Data backup is done by Information Systems and is not to be backed up on floppy, cd or any other type of media Data storage is done offsite at Approved Locations Information Systems or assigned personnel are responsible for disposal of media and no user will destroy media Media Controls All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

11 Physical Safeguards Physical Access Controls Disaster Recovery
In the event of a disaster all access will be secured if possible All liabilities are documented Emergency Mode Operation There are drills performed on a random basis to test the physical control in the event of an emergency All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

12 Physical Safeguards Physical Access Controls Equipment Control
All equipment is asset tagged, documented and tested to meet security requirements Check in/out procedures are in place and no protected health information (PHI) is allowed to leave the premises without written authorization Facility Security Plan All physical security is documented and floor plans are mapped out All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

13 Physical Safeguards Physical Access Controls
Pre-registered Access Authorizations All authorizations will be pre-registered. All maintenance on the facility should be reported and documented All access is on a need to know basis Example, the Board of Supervisors do not need to know the passwords of the Public Health Nurse staff. Information Systems will not volunteer access specifications Any changes will be sent via appropriate documentation All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

14 Physical Safeguards Physical Access Controls Testing and Revision
All procedures and policies will be tested periodically Upon completion, the needed changes will be documented and due diligence will be initiated to correct any breaches or gaps in security It is everyone’s responsibility to protect the facility and work with their management team to assess and correct any lapses All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

15 Physical Safeguards Policies Procedures
Policies & Procedures are written for: Workstation Use Secure Workstation Location These are discussed in Security Policies and Procedures training Training sessions on Physical Safeguards will be conducted one (1) time per year or as needed All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

16 Technical Security Services
Access Control Context-based access Based on a transaction, date, time, etc. Role-based access RBAC used for mapping specific functions in an organization User-based access Based on the identity of the person involved Encryption Transforming confidential plaintext into ciphertext to protect it This feature is automatic on most systems All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

17 Technical Security Services
Audit Controls Authorization Control Data Authentication Audits are done by Information Systems and outside services These are closely protected audits and safeguarded by contracts In the event of an audit, your department will be notified and you will comply with said audit Role-based authorization Based on specific software, hardware and procedures but, is regulated by Information Systems All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

18 Technical Security Services
Entity Authentication Automatic logoff is in place on all systems Passwords are required on all operating systems and systems accessed via the network Unique user identification is used to protect you and your workmates All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

19 Technical Security Mechanisms
Communications Network Control All communications have access controls All network devices have access controls, anti-hack devices and alarms Audit trails are generated on virtually every device on the network or communicating with the network Certain data sets are encrypted and this is documented Tokens are passed between systems to assure genuine identity Event alarms report problems or hacks Integrity devices alert us to hardware or software problems and IDS reports continually on unauthorized access Transaction logs are generated to assure message authentication and accurate access control verification All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

20 Security Awareness Training
All Rights Reserved 2002. IMA is a trademark of Internal Medicine Associates, P.C. and may only be used with specific directions from IMA. 12/2/2018

Download ppt "County HIPAA Review All Rights Reserved 2002."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.

Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
The EHR: Benefits for Privacy and Security How the EHR Protects Health Information.

The EHR: Benefits for Privacy and Security How the EHR Protects Health Information.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.

Compliance: A Traditional Risk-Based Audit Approach GR-ISSA Lloyd Guyot, MCS GSEC Sarbanes-Oxley USA PATRIOT Act Gramm-Leach-Bliley … more November, 2005.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google