Download presentation
Presentation is loading. Please wait.
Published byJessica Johns Modified over 9 years ago
1
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think Tank: Securely Deploying Mobile Technologies & Services
2
The Health Insurance Portability and Accountability Act (HIPAA) is a national law that establishes standards for the privacy and security of protected health information (PHI) PHI includes any individually identifiable health information (health information that identifies a person and relates to his/her physical or mental health or condition) that is transmitted electronically Privacy: The requirement to protect ALL forms of Protected Health Information (PHI) Security: Applies to ELECTRONIC forms of PHI and includes directives regarding physical and technical security measures. 2 HIPAA
3
HIPAA Security Regulations The security regulations are a set of standards that provide directives on how to protect electronic protected health information (ePHI) The security regulation includes physical safeguards administrative safeguards, technical safeguards, organizational requirements and policies & procedures Information Security refers to all the protections in place to ensure that electronic PHI is (1) kept confidential, (2) not improperly altered or destroyed, and (3) is readily accessible to authorized individuals “Confidentiality-Integrity-Availability” Examples of Security Protections Include: Hardware & Software ProtectionsPersonnel Policies Physical Security AwarenessInformation Practices Disaster PreparednessOversight Of All These Areas
4
HITECH ACT HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT (HITECH)-Title 13 Contained within the American Recovery and Reinvestment Act of 2009 (ARRA) “The Stimulus Bill” Signed into law February 17, 2009 (most changes effective in 2010) Subtitle D: Privacy (Expanded scope of HIPAA privacy and security laws) Increased penalties for violating privacy and security laws-includes criminal provisions which apply to any person, including employees, and it creates a State’s right of action for Attorney General(s) Impact on Covered Entities and Business Associates Mandatory Breach Notification Heightened Enforcement Scheme New rules for Accounting of Disclosures
5
Privacy and Security Checklist 1. Have you formally designated people or positions as your organization’s privacy and security officers? 2. Do you have documented privacy and information security policies and procedures? 3. Have they been reviewed and updated, where appropriate, in the last six months? 4. Have the privacy and information security policies and procedures been communicated to all personnel, and made available for them to review at any time? 5. Do you provide regular training and ongoing awareness communications for information security and privacy for all your workers? 6. Have you done a formal information security risk assessment in the last 12 months? 7. Do you regularly make backups of business information, and have documented disaster recovery and business continuity plans? 8. Do you require all types of sensitive information, including personal information and health information, to be encrypted when it is sent through public networks and when it is stored on mobile computers and mobile storage devices? 9. Do you require information, in all forms, to be disposed of using secure methods? 10. Do you have a documented breach response and notification plan, and a team to support the plan? 5
6
INTERACTIVE THINK TANK….
7
OPERATIONAL IMPACT IT Infrastructure Service Lines Strategic Objectives Financial Analysis
8
DUE DILIGENCE Board Approval Market Analysis Value –Will they use it for it’s purpose –What mobile applications do we have? BYOD Outsource vs. Internal Support
9
SECURITY What steps has your organization taken to assess security in establishing a mobility platform? –Regulatory –Management –Risk
10
PRIVACY What processes has your organization implemented to enforce privacy practices and how will those transition or integrate into a mobility platform? –Regulatory –Policies –Access
11
INTEROPERABILITY Has your company conducted research to establish what solutions are available to successfully deliver applications and/or data of value to a mobile platform? –Build vs. Buy –Connectivity
12
WORKFLOW CONCERNS Has your company reviewed existing workflow and resources to understand the benefits and value of mobility? –Internal Communications –Confidential / Patient Information –Physicians
13
CHALLENGES Deployment Repairs Support Standardization of Policies Adaptation User Autonomy / Physician Control Reporting Capabilities Innovation
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.