Presentation is loading. Please wait.

Presentation is loading. Please wait.

BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE.

Published byJames Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE."— Presentation transcript:

1 BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE

2 AWARENESS Understand the new rules. Perform a “HIPAA gap” analysis Look at in-house policies Do an acceptable-use policy of computers in your organization What are grounds for termination? Prioritize actions to achieve compliance Got to’s, needs to’s and nice to’s Understand the new rules. Perform a “HIPAA gap” analysis Look at in-house policies Do an acceptable-use policy of computers in your organization What are grounds for termination? Prioritize actions to achieve compliance Got to’s, needs to’s and nice to’s

3 AWARENESS Implement privacy & security initiatives Administrative, technical and physical controls Physical safeguard: Is anybody at the front, asking who they are, why they are there Keeping physical log of who’s there, and why Administrative controls Acceptable use policy of computers SANS.org has education and material about HIPPA rules, templates, sharing group for best practices on privacy and security development Technical controls Meeting with network administrator, listen to them about why they see and fee feel is going on Social networking sites are often griped about as a time Review/update annually Look at polices and work with consultant to see if they’re up to date or if new rules have been established Implement privacy & security initiatives Administrative, technical and physical controls Physical safeguard: Is anybody at the front, asking who they are, why they are there Keeping physical log of who’s there, and why Administrative controls Acceptable use policy of computers SANS.org has education and material about HIPPA rules, templates, sharing group for best practices on privacy and security development Technical controls Meeting with network administrator, listen to them about why they see and fee feel is going on Social networking sites are often griped about as a time Review/update annually Look at polices and work with consultant to see if they’re up to date or if new rules have been established

4 PREPARATION Perform a PHI data risk analysis Hire out if you don’t know how to, lawyers, consultants Look at state government for example security plans Update BA Agreements Explore cyber liability insurance Transfer the cost of remediating a data breach Major insurers have cyber liability coverage AIG, Zurich (A-Z) Legal defense, breach notification costs, credit monitoring (things you offer people who have been victims) Benefit: they’ll do a HIPPA privacy and security assessment for you! Can give discount if you have a response plan in place Perform a PHI data risk analysis Hire out if you don’t know how to, lawyers, consultants Look at state government for example security plans Update BA Agreements Explore cyber liability insurance Transfer the cost of remediating a data breach Major insurers have cyber liability coverage AIG, Zurich (A-Z) Legal defense, breach notification costs, credit monitoring (things you offer people who have been victims) Benefit: they’ll do a HIPPA privacy and security assessment for you! Can give discount if you have a response plan in place

5 PREPARATION Develop/test an incident response plan Document which pulls together the actions the organization will take when breach is caught Who is on the response team (IT, HR, PR, account management)? Who calls the lawyer, and when? Goes through scenarios (what happens if someone’s laptop gets stolen?) to anticipate before a breach happens Develop/test an incident response plan Document which pulls together the actions the organization will take when breach is caught Who is on the response team (IT, HR, PR, account management)? Who calls the lawyer, and when? Goes through scenarios (what happens if someone’s laptop gets stolen?) to anticipate before a breach happens

6 RESOURCES AND WEBSITES Oregon HIPAA Forumhttp://www.oregonhipaaforum.org Oregon Health Authority http://public.health.oregon.gov/DISEASESCONDITIONS/COMMUNI CABLEDISEASE/LOCALHEALTHDEPARTMENTS/Pages/hipaa.aspx Office for Civil Rightshttp://www.hhs.gov/ocr/hipaa Dept. Health and Human Services http://www.hhs.gov/hipaafaq/use/index.html

7 RESPONSE TO BREACH Anatomy of a data breach Roles Who will take various roles? Communication to patient Communication to OCR Communication to technology staff/consultant Communication to attorneys Best practices Anatomy of a data breach Roles Who will take various roles? Communication to patient Communication to OCR Communication to technology staff/consultant Communication to attorneys Best practices

Download ppt "BROTHERS, HAWN & COUGHLIN, LLP 4-STEP PROGRAM TO HIPAA COMPLIANCE."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Hipaa privacy and Security

Hipaa privacy and Security
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA How It Is Affecting Information Systems Within Companies Around Us.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Health information security & compliance

Health information security & compliance

Similar presentations

Ads by Google