Presentation is loading. Please wait.

Presentation is loading. Please wait.

Auditing Compliance with the Privacy Rule

Published byJane Stewart Modified over 5 years ago

Similar presentations

Presentation on theme: "Auditing Compliance with the Privacy Rule"— Presentation transcript:

1 Auditing Compliance with the Privacy Rule
Saira N. Haque Director, Corporate and HIPAA Compliance St Joseph’s Hospital Health Center

2 Agenda SJHHC Background Information Importance of Monitoring
Monitoring Tools Results of Audits Conclusion

3 SJHHC Background Information
Integrated Delivery Network 431 beds 1 main hospital with 21 ancillary sites Catholic Institution Located in Syracuse, NY Designated a Magnet Hospital for Nursing Excellence Part of a three-hospital alliance for laboratory services Some affiliated physicians use a Physicians Office Building located on campus Most physicians are not employed by the hospital

4 SJHHC Background Information
Compliance Office is new, with few staff members. Other departments must be utilized: Performance Improvement Information Services Network Resource Education Department Financial Services Patient Collections Medical Records

5 Importance of Monitoring
Part of the Privacy Rule History of effective monitoring policies and procedures will be helpful if a complaint about your organization is received Helps integrate Privacy Compliance with compliance efforts in the organization

6 Importance of Monitoring
Results of monitoring efforts can be useful: May help with Security Rule Compliance Bring inconsistencies to light Highlight opportunities to modify policies/procedures

7 Monitoring Tools Physical Security Systems Security
Walkthroughs Policy and Procedure Review Systems Security Access reviews Role-based access Information Security Assessment

8 Monitoring Tools Physical Security
Walkthroughs were done prior to Privacy Rule Implementation Modified self-assessment tool after implementation to incorporate Security Rule Piloted updated tool in a clinical and a non-clinical area Performance Improvement sent out tool to areas and compiled results First time = self-assessment Subsequent times = different departments will survey each other

9 Monitoring Tools Systems Security Updated access policies as needed
Incorporated Role Based Access when possible Conduct a monthly review of access to a sample of patients Employees, Physicians, VIPs, patients with restrictions Conduct reviews of individual employee access when indicated

10 Monitoring Tools Systems Security Audit
Patient list sent monthly to Compliance Officer Compliance Officer selects sample and sends to IM and Medical Records IM pulls access history of designated individuals and sends to Medical Records Medical Records reviews access by system and documents inappropriate access Results sent to Compliance Officer for investigation

11 Monitoring Tools Information Security Assessment
Engaged with Syracuse University to provide a Behavioral Assessment of Information Security Interviews with key staff and management Walkthroughs of various areas Shadowing designated employees

12 Audit Results Audit results are compiled regularly and reviewed by:
Director of Corporate and HIPAA Compliance Designated Performance Improvement Representative Vice President of Corporate Services

13 Audit Results Suspicious access:
Sent to Directors or Managers of designated areas (employee) Sent to Vice President of Medical Affairs (affiliate) Access is investigated and action taken as appropriate

14 Audit Results Process Gaps:
Process gaps are reviewed with the Director or Manager of the appropriate area If gaps are Network-wide, they are reviewed with the appropriate Vice President Policies and procedures are updated as needed Training materials are updated as needed

15 Questions?

Download ppt "Auditing Compliance with the Privacy Rule"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Managing Compliance Related to Human Subjects Research Review Joseph Sherwin, Ph.D. Office of Regulatory Affairs University of Pennsylvania Fourth Annual.

Managing Compliance Related to Human Subjects Research Review Joseph Sherwin, Ph.D. Office of Regulatory Affairs University of Pennsylvania Fourth Annual.
Preparation of the Self-Study and Documentation

Preparation of the Self-Study and Documentation
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,

Preparing for Compliance Monitoring Reviews Understanding CMS Protocols Used by Review Organizations January 14, 2009 Presented by: Margaret deHesse, RN,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Ministry Health Care Corporate Responsibility Program Medical Staff Education.

Ministry Health Care Corporate Responsibility Program Medical Staff Education.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
RMS – a collaborative approach Presentation Lyn Dare & Stephen Larmour Authorisation & Audit Comcare.

RMS – a collaborative approach Presentation Lyn Dare & Stephen Larmour Authorisation & Audit Comcare.
Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.

Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.
Peer Review - Overview DEB KAZMERZAK, IOWA PCA ACKNOWLEDGEMENT: LINDA RUBLE, PA/NP, PCA CLINICAL CONSULTANT.

Peer Review - Overview DEB KAZMERZAK, IOWA PCA ACKNOWLEDGEMENT: LINDA RUBLE, PA/NP, PCA CLINICAL CONSULTANT.
Medication Reconciliation Networking Session Steve Rough, MS., RPh. Director of Pharmacy University of Wisconsin Hospital and Clinics.

Medication Reconciliation Networking Session Steve Rough, MS., RPh. Director of Pharmacy University of Wisconsin Hospital and Clinics.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
DEBRA A. SCHUCHERT DIRECTOR OF NETWORK OPERATIONS & COMPLIANCE CLAIMS BILLING & ADJUDICATION TRAINING 2014-2015.

DEBRA A. SCHUCHERT DIRECTOR OF NETWORK OPERATIONS & COMPLIANCE CLAIMS BILLING & ADJUDICATION TRAINING
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Revenue Cycle Management Medical Technology Acquisition and Assessment Team Members: Joseph Dixon, Michael Morotti, Mari Pirie-St. Pierre, David Robbins.

Revenue Cycle Management Medical Technology Acquisition and Assessment Team Members: Joseph Dixon, Michael Morotti, Mari Pirie-St. Pierre, David Robbins.

Similar presentations

Ads by Google