Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Practical Side of Meaningful Use:

Published byMargery Bertha Henderson Modified over 6 years ago

Similar presentations

Presentation on theme: "The Practical Side of Meaningful Use:"— Presentation transcript:

1 The Practical Side of Meaningful Use:
What we learned from a Security Perspective Presented to: HIPAA Privacy and Security Summit 2018 Raymond Ribble Founder & President SPHER Inc. CONFIDENTIAL This document may not be reproduced, transmitted, or distributed without the prior permission of SPHER Inc.

2 SoCal RECs – Certified Service Partner
1500 Providers 800 Providers From Paper to Digital Attestations 91% Success Rate

3 The Early Stages: How Meaningful was it?
Data Capture & Sharing STAGE 2 2014 Adv. Clinical Processes STAGE 3 2016 Improved Outcomes Meaningful Use Security Focused On: Meaningful Use Security Focused On: Meaningful Use Security Focused On: Electronic capture of patient PHI in standard format More rigorous Health Information Exchange (HIE) Technology solutions tied to improved health outcomes for patients Conduct Initial Security Risk Assessment to address ePHI safety Regular & Appropriate Updates to SRAs and Review Processes TeleHealth solutions start to expand Knowing who is logging in and looking at the data System Audit Controls Monitoring application audit logs (b) Electronic transmission of patient ePHI across multiple settings, increased exposure to data breach risk More patient access to Self-management tools Increased monitoring obligations Information System Activity Review Reviewing all records in the application (a)(1)(ii)(D) Patient-controlled data portals Access to ePHI through patient-centered HIE. Monitoring access to the HIE 2100 Provider engagements over 5.5 years

4 Core Security Problems Observed
Lack of understanding of what PHI Security involved. No Encryption, Weak Password Policies, Shared Kiosks No System Back-ups in place No Phishing or Ransomware monitoring No Network Monitoring No User Access Monitoring Again, No Security Risk Assessment awareness Security was NOT a priority

5 Major Problems & Concerns 2011 - Now
Strong network Monitoring 75% Some network Monitoring 50% No network Monitoring 0% No network Monitoring 0% Enterprise Hospital Regional Health Clinic Clinic Private Practice Yes-SRA, User Activity Monitoring Low Some-SRA, User Activity Monitoring None No-SRA, User Activity Monitoring None No-SRA, User Activity Monitoring None *ePHI Security was not and continues to be a Low Priority

6 Security Rule - Risk Assessment
Policies & Procedures People Information Assets Workforce Training & Evaluation Security Management Process Administrative Safeguards Assigned Security Personnel Information Access Management Measures, Policies, and Procedures to protect ePHI CE & BA Facility Access and Control Physical Safeguards CE & BA Workstation Security Device and Media control ePHI Transmission Security Access Controls Technical Safeguards Audit Controls Integrity Controls *MIPS requirements and heightened awareness are driving adherence

7 The Cyber-Security Landscape
Cybersecurity awareness and audit processes are lacking Continuing convergence of EMR/EHR solutions Unsecured health systems - remain vulnerable Influx of personal/device IoT solutions Insider threats are increasing Phishing attacks increasingly sophisticated Healthcare reform impacting change/upgrades Breaches are accelerating: 171 million records in ‘17 © Copyright 2018 SPHER Inc.

8 Find the PHI here Desktops Laptops Tablets Paperwork/Files Printer
Copier Physician’s BYOD Medical Devices

9 Or here as well…

10 Layers of Security: Required
Policies & Procedures Physical Perimeter Hosting Application ePHI © Copyright 2018 SPHER Inc.

11 Artificial Intelligence detectors analyze the behaviors of
end-users within information systems to identify unauthorized access. Machine Learning is then applied towards remediation, without human intervention, when activity deviates from the norm.

Download ppt "The Practical Side of Meaningful Use:"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Similar presentations

Ads by Google