Presentation is loading. Please wait.

Presentation is loading. Please wait.

EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics.

Published byArthur Nathan Modified over 9 years ago

Similar presentations

Presentation on theme: "EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics."— Presentation transcript:

1 EHR Privacy & Security

2 Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics  Center for Health Policy  Department of Family and Community Medicine  Missouri School of Journalism  Partners:  EHR Pathway  Hospital Industry Data Institute (Critical Access Hospitals)  Missouri Primary Care Association  Missouri Telehealth Network  Primaris

3 Assist Missouri's health care providers in using electronic health records to improve the access and quality of health services; to reduce inefficiencies and avoidable costs; and to optimize the health outcomes of Missourians

4  For providers who do not have a certified EHR system - We help you choose and implement one in your office  For providers who already have a system - We help eligible providers meet the Medicare or Medicaid criteria for incentive payments 4

5 Cerner and the University of Missouri Health System have an independent strategic alliance to provide unique support for the Tiger Institute for Health Innovation, a collaborative venture to promote innovative health care solutions to drive down cost and dramatically increase quality of care for the state of Missouri. The Missouri Health Information Technology Assistance Center at the University of Missouri, however, is vendor neutral in its support of the adoption and implementation of EMRs by health care providers in Missouri as they move toward meaningful use. This regional extension center is funded through an award from the Office of the National Coordinator for Health Information Technology, Department of Health and Human Services Award Number 90RC0039/01

6 Information Security Risk Assessment Process Becky Thurmond Fowler System Security Analyst –Principal Division of IT, University of Missouri

7 Agenda Introduction Risk Assessment Process Risk Assessment Cheat Sheet Moving Forward… Questions?

8 Why Are We Doing This? Increased focus on security & privacy in society Federal and state laws and regulations Heard of a little thing called HIPAA?

9 HIPAA Covered Entities (CE’s) and Business Associates of CE’s must comply with the HIPAA Security Rule, including: ◦Due diligence ◦Good business practices ◦Analysis of risk ◦Creation of appropriate safeguards ◦Documentation

10 The Process – An Overview 1. Identify key relevant systems 2. Conduct a risk assessment 3. Implement a risk management program 4. Acquire IT systems and services as necessary 5. Create and deploy policies and procedures 6. Develop and implement a sanction policy 7. Develop and deploy the information system activity review process

11 Risk Assessment Process Identify key relevant systems ◦Categorize the sensitivity of the data ◦Which information systems are involved? ◦Perform inventory – who owns? ◦Configuration management and documentation

12 Risk Assessment Process Conduct a risk assessment ◦Variety of checklists and procedures to help you through the process ◦Document what you’re doing, do what you’re documenting! ◦Answers to questions raised in your risk assessment can help you determine where your data is vulnerable

13 Risk Assessment Cheat Sheet Section 1: Organizational Information ◦Definition of Personally Identifiable Information (PII) What kind of PII does your organization have, and what do you do with it?

14 Risk Assessment Cheat Sheet Section II: Access to Work Area Objective: To control unauthorized access to work areas where confidential or sensitive information is held or utilized

15 Risk Assessment Cheat Sheet Section III: Access to Work Equipment/Information/Materials Objective: To control unauthorized access to confidential or sensitive materials and work equipment

16 Risk Assessment Cheat Sheet Section IV: Information Systems Security & Access Objective: To appropriately manage confidential and sensitive electronic files and IT resources

17 Risk Assessment Cheat Sheet Section IV: (continued) ◦This section will require close work with your Information Technology folks.  Technical reviews  Application and server level controls  Networking  Disaster Recovery and Business Continuity

18 Risk Assessment Cheat Sheet Section V: Access to Waste Materials Objective: To ensure paper and electronic files and media are properly destroyed when appropriate

19 Risk Assessment Cheat Sheet Section VI: Organizational Procedures & Employee Training Objective: To set expectations and raise awareness among employees who handle confidential and sensitive information

20 Risk Assessment Process Implement Risk Management program ◦Thoughtfully choose security measures to reduce risks. ◦Qualitative vs. quantitative Looking to: ◦Reduce risk ◦Transfer risk ◦Accept risk ◦Avoid risk

21 Risk Assessment Process Acquire IT systems and services as necessary ◦Security isn’t free! What is your desired end result?

22 Risk Assessment Process Create and deploy policies and procedures Develop and implement a sanction policy Develop and deploy the information system activity review process (rinse & repeat)

23 Q & A Questions? Thank you!

24  If you do not wish to ask a question, please press * 6 to mute your phone.

25 Meaningful Use & Physician Quality Reporting System (PQRS) Wednesday, November 9 th Presenter: Sandra Pogones Program Manager Primaris

26  Contact MO HIT Assistance Center for details and pricing

27  Website: http://ehrhelp.missouri.eduhttp://ehrhelp.missouri.edu  E-Mail: ◦ EHRhelp@missouri.edu EHRhelp@missouri.edu  Phone: ◦ 1-877-882-9933

Download ppt "EHR Privacy & Security. Missouri’s Federally-designated Regional Extension Center  University of Missouri:  Department of Health Management and Informatics."

Similar presentations

Office of Provider Adoption Support (OPAS): Supporting Primary Care Providers to Achieve Meaningful Use February 29, 2012.

Office of Provider Adoption Support (OPAS): Supporting Primary Care Providers to Achieve Meaningful Use February 29, 2012.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.

Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Population Management & Reporting. Federally-designated Regional Extension Center for the State of Missouri  University of Missouri:  Department of.

Population Management & Reporting. Federally-designated Regional Extension Center for the State of Missouri  University of Missouri:  Department of.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Security Controls – What Works

Security Controls – What Works
What Happens after You Sign with Missouri Health Information Technology Assistance Center?

What Happens after You Sign with Missouri Health Information Technology Assistance Center?
Better, Smarter, Healthier Delivery System Reform Presentation to the Health IT Policy Committee March 10, 2015 U.S. Department of Health and Human Services.

Better, Smarter, Healthier Delivery System Reform Presentation to the Health IT Policy Committee March 10, 2015 U.S. Department of Health and Human Services.
US Perspectives on HIT Adoption and Assessment under Meaningful Use Blackford Middleton, MD, MPH, MSc Partners HealthCare System, Inc. Harvard Medical.

US Perspectives on HIT Adoption and Assessment under Meaningful Use Blackford Middleton, MD, MPH, MSc Partners HealthCare System, Inc. Harvard Medical.
Temporary Certification Program: Overview Educational Session August 18, 2010 Carol Bean, PhD Director, Certification Division Office of the National Coordinator.

Temporary Certification Program: Overview Educational Session August 18, 2010 Carol Bean, PhD Director, Certification Division Office of the National Coordinator.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
Protecting and Promoting the Practice of Good Medicine Getting Started with Meaningful Use: The impact on the professional eligible provider MMIC Health.

Protecting and Promoting the Practice of Good Medicine Getting Started with Meaningful Use: The impact on the professional eligible provider MMIC Health.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)

Lecture 14 Policy, Legal, and Regulatory Issues in HIS (Chapters 18,19,20)

Similar presentations

Ads by Google