Presentation is loading. Please wait.

Presentation is loading. Please wait.

How much HIPAA is enough? Session 2: What to Do - HIPAA-compliance with Datto.

Published byTravis Sabins Modified over 10 years ago

Similar presentations

Presentation on theme: "How much HIPAA is enough? Session 2: What to Do - HIPAA-compliance with Datto."— Presentation transcript:

1 How much HIPAA is enough? Session 2: What to Do - HIPAA-compliance with Datto

2 Focus on physician practices, hospitals and Business Associates Regulatory Compliance Experts on staff, HIT experts on-staff Privacy and Security Analysis (Meaningful Use, HIPAA) EHR Consulting – Emphasis on workflow efficiencies We Untangle Healthcare Technology

3 Why do HIPAA at all? Because Datto feels it is critical for their channel partners to understand how the backup and restore process impacts HIPAA compliance. Because Datto feels it is critical for their channel partners to understand the relationship between Datto products and HIPAA requirements. Because you must be able to do 3 compliance-critical things, and this ability starts by learning what is in this session.

4 Things that are backed up that are ePHI…

5 Enforcement Countdown Business Associates must comply with the final rule by September 23, 2013. However, there is a special one-year transition period for implementing business associate agreements to comply with the final rule. What this doesnt say is September 23, 2014 enforcement and settlement agreements begin.

6 The 3 Compliance-critical things to do with Datto The Datto solution must be HIPAA-Compliant The Datto solution must be installed in HIPAA- Compliant Fashion Must be Installed by HIPAA-Compliant Datto Solution Providers

7 Compliance-critical thing #1: You Must Have a HIPAA-Compliant Solution Datto Appliance SIRIS or ALTO 2 Cross walk that Maps Datto to HIPAA security rule HITECH? Is the Datto Solution non-compliant with any of the following applicable security rule safeguards: -Administrative -Physical -Technical

8 Drilldown – HIPAA-Compliant Solutions HIPAA Security Rule, ePHI, Safeguards and Controls that you implement when you install Datto products

9 A HIPAA-Compliant solution: Do a safeguard review Ask this for every client Does the presence of the Datto Solution cause non-compliance with this safeguard?

10 Ask this for every client Does the presence of the Datto Solution cause non-compliance with this safeguard?

11 Ask this for every client Does the presence of the Datto Solution cause non-compliance with this safeguard?

12 Ask this for every client Does the presence of the Datto Solution cause non-compliance with this safeguard?

13 Compliance-critical thing #2: It Must-Be Installed in a HIPAA- Compliant Fashion HIPAA Security Rule, ePHI, Safeguards and Controls that you implement when you install Datto products

14 Drilldown – Installed in HIPAA- Compliant Fashion Datto Appliance SIRIS or ALTO 2 Map to HIPAA Citations -Administrative -Physical -Technical

15 A HIPAA-Compliant Installation: Do a safeguard review Ask this for every client Does the usage of the Datto Solution cause non- compliance with these safeguards?

16 Ask this for every client Does the usage of the Datto Solution cause non- compliance with these safeguards?

17 Ask this for every client Does the usage of the Datto Solution cause non- compliance with these safeguards?

18 Ask this for every client Does the usage of the Datto Solution cause non- compliance with these safeguards?

19 Compliance-critical thing #3: It Must-Be Installed By HIPAA- Compliant Solution Providers We are all BAs whether we like it or not as it pertains to implementing, managing and supporting Datto solutions in environments where ePHI is maintained or stored.

20 Drilldown – By HIPAA- Compliant Solution Providers We are all BAs whether we like it or not as it pertains to implementing, managing and supporting Datto solutions in environments where ePHI is maintained or stored. BA Assurance Evergreen Program

21 A HIPAA-Compliant Business Associate: Do a safeguard review Can you give assurances to every client about how your company meets every single one of these compliance safeguards?

22

23

24

25 How can you give assurances? Security Rule 18 Standards has 18 Standards Safeguards to Implement defines Safeguards to Implement 36 Specifications have

26 Administrative example Column 1 shows the standards (9) Column 2 shows the security rule citation Column 3 shows the specifications for implementing the standards (21 specifications for 9 standards)

27 Physical example Column 1 shows the standards (4) Column 2 shows the security rule citation Column 3 shows the specifications for implementing the standards (8 specifications for 4 standards)

28 Technical example Column 1 shows the standards (5) Column 2 shows the security rule citation Column 3 shows the specifications for implementing the standards (7 specifications for 5 standards)

29 Wrap up: Doing The 3 Compliance-critical things with Datto Profile of a HIPAA-Compliant Datto solution Repeatable process for installing Datto solutions in a HIPAA-Compliant Fashion According to a compliance management system adopted by HIPAA-Compliant Datto Solution Provider

30 Datto meets HIPAA key takeaways Start Now– CEs have been subject to the HIPAA OMNIBUS Rule since September 2013. BAs are now subject to enforcement under the same rule on September 23, 2014.

31 Datto meets HIPAA key takeaways Secure Backups and Restores are both required Covered Entities and Business Associates must backup retrievable exact copies of electronic protected health information (CFR 164.308(7)(ii) (A)) and be able to restore any loss of data. (CFR 164.308(7)(ii) (B))

32 Datto meets HIPAA key takeaways Security Requirements are in effect during emergencies compliance requires the protection of the security of electronic protected health information while operating in emergency mode. (CFR 164.308(7)(ii) (C))

33 Datto meets HIPAA key takeaways A Backup policy is not a procedure, a backup procedure is not a backup plan, a backup plan is not a contingency plan (neither is it a disaster recovery plan) - Policies, procedures and plans (CFR 164.312(b)(1)) are not interchangeable forms of documentation (CFR 164.312(b)(2)(i))is a huge part of HIPAA. Ask me about our HIPAA Book of Evidence Tool

34 How to use this slide deck as a workbook Step 1 Review CE/BA client solution stacks by following slides 9-12 Step 2 Review Completed CE/BA client implementations by following slides 15-18 Step 3 Create a repeatable CE/BA new client implementation procedure from slides 15-18 Step 4 Do a self-Assessment by following slides 21-24 Step 5 Provide Assurances to each CE/BA client by describing how you implement the standards according to the specifications on slides 26-28 (email me for PDF of the safeguards in these slides)

35 Ask Me About these Webinars Ask Me About HIPAA Evergreen for BAs Email chris@untangledsolutions.comchris@untangledsolutions.com Phone (909) 563-8578 x2101 Chris Johnson is CEO and founder of Untangled Solutions, his motto, We untangle healthcare technology has catapulted his company on to the go to short list for healthcare providers across the United States. With more than fifteen years of experience in IT services and web development, he specializes in helping medical practices make strategic HIT decisions that improve how providers safely treat their patients, productively run their practice and profitably manage their business. A thought leader in his industry and a desire to give back, Chris is the current Vice Chair for CompTIAs IT Security Community, an active CompTIA Ambassador and is the former chairperson of the Healthcare IT Community. Chris Johnson is CEO and founder of Untangled Solutions, his motto, We untangle healthcare technology has catapulted his company on to the go to short list for healthcare providers across the United States. With more than fifteen years of experience in IT services and web development, he specializes in helping medical practices make strategic HIT decisions that improve how providers safely treat their patients, productively run their practice and profitably manage their business. A thought leader in his industry and a desire to give back, Chris is the current Vice Chair for CompTIAs IT Security Community, an active CompTIA Ambassador and is the former chairperson of the Healthcare IT Community.

36 Ask Me About these Webinars Ask Me About HIPAA Evergreen for BAs Upcoming events: HIPAA Resources http://Dattobackup.com/hipaahttp://Dattobackup.com/hipaa User Conference ww.Dattopartnerconference.com/ww.Dattopartnerconference.com/ Email chris@untangledsolutions.comchris@untangledsolutions.com Phone (909) 563-8578 x2101

Download ppt "How much HIPAA is enough? Session 2: What to Do - HIPAA-compliance with Datto."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Office of Provider Adoption Support (OPAS): Supporting Primary Care Providers to Achieve Meaningful Use February 29, 2012.

Office of Provider Adoption Support (OPAS): Supporting Primary Care Providers to Achieve Meaningful Use February 29, 2012.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
2009 Data Protection Seminar

2009 Data Protection Seminar
Planning for Progress Judith Lindenau, CAE, RCE www.judithlindenau.com.

Planning for Progress Judith Lindenau, CAE, RCE
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,

SCHIE Mission To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Westbrook Technologies from Document Management’s Role in HIPAA.

Westbrook Technologies from Document Management’s Role in HIPAA.
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
ICD-10 Planning and Assessment

ICD-10 Planning and Assessment
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues

Similar presentations

Ads by Google