Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steps to Compliance: Risk Assessment PRESENTED BY.

Published byJocelin Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "Steps to Compliance: Risk Assessment PRESENTED BY."— Presentation transcript:

1 Steps to Compliance: Risk Assessment PRESENTED BY

2 Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT Total HIPAA Compliance Today’s Presenters

3 This program is educational and does not constitute, and may not be construed as, legal advice to, or creating an attorney-client relationship with, any person or entity. Housekeeping The materials referenced here are subject to change, so frequent review of the source material is suggested. 3

4 What is a Risk Assessment? 4  Requirement for HIPAA Compliance  Written evaluation of Administrative, Physical, and Technical processes in your practice  Administrative Your written process for protecting PHI  Physical How you physically protect PHI  Technical How you protect electronic PHI

5 Why You Need to Conduct a Risk Assessment 1. (45 C.F.R. § 164.308(a)(1).) Risk analysis is one of four required implementation specifications that provide instructions to implement the Security Management Process standard. Section 164.308(a)(1)(ii)(A)  Required by the HIPAA Law This is the first item an auditor will ask for This gives you an outline to develop your Privacy and Security Policies and Procedures  Reveals areas that may require special attention  First step to protecting your business and patients 5

6 Penalties  Alaska Dept. Health & Human Services fined $1.7 million No Risk Assessment  Hospice of North Idaho, settled case for $50,000 Did not conduct a Risk Assessment Fewer than 500 people were affected  Anchorage Community Mental Health Services fined $150k Unpatched software Failed to conduct a Risk Assessment 6

7 What is a Meaningful Risk Assessment? A meaningful Risk Assessment is a thorough audit of your practice’s processes, including: AdministrativePhysical Technical 7

8 Administrative 8  Privacy and Security Compliance Officers  List of all workforce members, roles, and their access  Written disciplinary/sanction policy for HIPAA violations  HIPAA Training Program  Business Associate Agreements in place  Plan for handling Breaches

9 Physical 9  How do you secure your offices…? Locks, key cards, alarms, etc.  How and where are personal records secured and stored?  Do you have an inventory of your electronic assets?  What do you do with old media?  How do you dispose of paper records?  Who has access to your office space?

10  What is your encryption policy for…? Computers Emails Electronic Files  Can you audit who has been accessing records?  Does each employee have their own unique password?  Do you have…? Data Backup Plan Disaster Recovery Plan Emergency Mode of Operation Plan Technical 10

11 How Do You Complete? 11  Small and medium-size practices can conduct a Risk Assessment using HHS’s free tool. Expect to spend 10-20 hours completing this. http://nue.md/hhsriskassessment  Hire an outside vendor to complete  Business Associate Agreement is required with this vendor

12 How Often Should I Perform a Risk Assessment? 12  Establish initial assessment  Major changes in software or hardware  No changes – revisit Assessment every 2-3 years  When you’ve had a Breach

13 Special Thanks Taylor English Duma LLP is a full-service law firm built from the ground up to provide highest-quality legal services for optimal value. The firm was founded in 2005 and its attorneys work each day to provide timely, creative and cost-effective counsel to help clients solve problems and achieve goals. Taylor English represents all types of clients— from Fortune 500 companies to start-ups to individuals. 20

Download ppt "Steps to Compliance: Risk Assessment PRESENTED BY."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Steps to Compliance: Managing Business Associates PRESENTED BY.

Steps to Compliance: Managing Business Associates PRESENTED BY.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.

HIPAA CHANGES: HITECH ACT AND BREACH NOTIFICATION RULES February 3, 2010 Kristen L. Gentry, Esq. Catherine M. Stowers, Esq.
HIPAA How It Is Affecting Information Systems Within Companies Around Us.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.
Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.

Where to start Ben Burton, JD, MBA, RHIA, CHP, CHC.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.

Forming Your HIPAA Compliance Plan PRESENTED BY. Daniel B. Brown, Esq. Healthcare Attorney Taylor English Duma LLP Jason Karn Director Training and IT.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google