Presentation is loading. Please wait.

Presentation is loading. Please wait.

Culture of Compliance HIPAA Privacy & Security Compliance Office.

Published byZoie Scarbro Modified over 10 years ago

Similar presentations

Presentation on theme: "Culture of Compliance HIPAA Privacy & Security Compliance Office."— Presentation transcript:

1 Culture of Compliance HIPAA Privacy & Security Compliance Office

2 OCR Calls for a “Culture of Compliance” OCR is aggressively enforcing the HIPAA Privacy and Security Rules Covered Entities and Business Associates should have robust HIPAA Privacy and Security compliance programs 2

3 OCR Calls for a “Culture of Compliance” A robust compliance program includes: Employee training Vigilant implementation of policies and procedures Regular audits Prompt Action Plan to respond to incidents 3

4 Program Goals Outline Organization’s responsibilities under the Privacy and Security Rules Identified IU HIPAA Affected Areas IU HIPAA Privacy and Security Compliance Plan Provide strategies to build and maintain a culture of compliance Leadership – Set an Example Ongoing awareness 4

5 Program Goals Motivation for complying with the regulations? Just doing the “Right Thing” Leadership acts as a model that doing the “Right Thing” is the expected Out of fear of getting caught (hopefully not) Gauging Success Responding to incidents Awareness of responsibilities Questions related to HIPAA 5

6 Program Goals Be Proactive and not reactive Auditing and monitoring Education Mitigate the risks Not punitive * We would rather find areas we need to address before there is an incident or before an outside Agency identifies a problem 6

7 Current Policies – University Level Breach Notification  Information and Information System Incident Reporting, Management and Breach Notification  ISPP-26 http://policies.iu.edu/policies/categories/information-it/ispp/ISPP-26.shtml Privacy Complaints  ISPP-27 http://policies.iu.edu/policies/categories/information-it/ispp/ISPP-27.shtml 7

8 IU Guidance Materials & Resources HIPAA Website http://researchadmin.iu.edu/HIPAA/index.html Encryption Tools http://protect.iu.edu/tools/pgp Reporting Suspected Sensitive Data Exposures http://protect.iu.edu/cybersecurity/incident/sensitive- data Reporting Security Incidents http://protect.iu.edu/cybersecurity/incident 8

9 IU Guidance Materials & Resources Mobile Device Security http://protect.iu.edu/cybersecurity/mobile Handheld Device Security http://protect.iu.edu/cybersecurity/mobile/handhel d Laptop Security http://protect.iu.edu/cybersecurity/computers/laptop “How can I protect data on my mobile device” https://kb.iu.edu/data/bcnh.html 9

10 Drafting Policies – HIPAA Specific Minimum Necessary Fundraising Authorizations Individuals’ Rights De-identified Data & Limited Data Sets HIPAA Security Risk Management Disposition of Electronic Media Backup and Recovery Encryption 10

11 Interim HIPAA Officers Leslie J. Pfeffer, BS, CHP Interim University HIPAA Privacy Officer Privacy Officer – IUSM (317) 278-4521 lpfeffer@iu.edu Eric W. Schmidt, CISSP, CISM Interim University HIPAA Security Officer Chief Security Officer - IUSM (317) 278-8751 erschmid@iu.edu 11

Download ppt "Culture of Compliance HIPAA Privacy & Security Compliance Office."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
AMSRO Leaders Forum 2014 Presentation by Timothy Pilgrim to AMSRO Sydney, Thursday 20 March 2014.

AMSRO Leaders Forum 2014 Presentation by Timothy Pilgrim to AMSRO Sydney, Thursday 20 March 2014.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Security Controls – What Works

Security Controls – What Works

Similar presentations

Ads by Google