Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

Similar presentations


Presentation on theme: "1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan."— Presentation transcript:

1 1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

2 June 6, 2002Presenter - Chris Apgar, CISSP2 Presentation Overview HIPAA & Data Security Challenges & Deadlines Opportunities & Tactics Resources Contact Information

3 June 6, 2002Presenter - Chris Apgar, CISSP3 Data Security 4Risk Assessment 4Policy & procedure development 4Training & awareness 4Contingency Plan 4Information access control (“need to know”) 4Audit & certification 4Documentation 4Record access (release management & file access) 4Personnel security & authentication 4Chain of Trust/Business Associate Agreement 4Security & privacy management 4Security incident response 4Physical security Impact Overview

4 June 6, 2002Presenter - Chris Apgar, CISSP4 Data Security Rule likely not final no earlier than 3Q 2002 Privacy Rule requires data security but regulatory definition not finalized In some cases court decisions have established draft rule as de facto standard

5 June 6, 2002Presenter - Chris Apgar, CISSP5 Final privacy rule without security rule creates confusion and hampers compliance Coordination between plans, providers, business associates and regulators complicated Lack of industry scalable standards Lack of internal documentation & process Limited resources & time (Privacy Rule does require security) Challenges & Deadlines

6 June 6, 2002Presenter - Chris Apgar, CISSP6 Need to require security assurances from business associates but lack final standard “Just another IS project/regulatory requirement” No final rule increases the challenge of dedicating the resources Vendor reliance's – how do they spell security? Legal hindrances, contract changes & new litigation – courts & attorneys won’t go away Challenges & Deadlines

7 June 6, 2002Presenter - Chris Apgar, CISSP7 Medicaid & Medicare: What standards will be applied? No published enforcement guidelines Political turf battles (federal/state/local) – the war to define security mandates Security certification not standard in healthcare & accreditation bodies want to get into the act Challenges & Deadlines

8 June 6, 2002Presenter - Chris Apgar, CISSP8 Privacy official & data security officer – grant authority and establish strong communication channels Complete risk assessment & gap analysis – point out costs of litigation and security failure Clearly and reasonably define what is needed when Senior management support required Apply appropriate project management methodology Opportunities & Tactics

9 June 6, 2002Presenter - Chris Apgar, CISSP9 The better the documentation, the better the protection only if followed & current Standardize, simplify and enforce – cultural change required! Minimize exceptions to defined processes and boilerplate forms Opportunities & Tactics

10 June 6, 2002Presenter - Chris Apgar, CISSP10 Education & training required Good security more process & culture than technology Review technical solutions & fit to organizational need Document protected health information storage, transmission, etc. process – how strong are your walls? Opportunities & Tactics

11 June 6, 2002Presenter - Chris Apgar, CISSP11 Develop contingency plan - what happens if the attorneys arrive or something goes wrong? Strengthen internal & external partnerships – participate in developing standards Keep current Remain flexible Opportunities & Tactics

12 June 6, 2002Presenter - Chris Apgar, CISSP12 Join industry/government HIPAA task force (local WEDI SNIP) Partner with state Medicaid agency If business associate, collaborate with other “business associates” Surf the web and network with colleagues & competitors Above all maintain a sense of humor! Opportunities & Tactics

13 June 6, 2002Presenter - Chris Apgar, CISSP13 Resources HHS HIPAA Web Site: http://aspe.hhs.gov/admnsimp http://aspe.hhs.gov/admnsimp National Institute of Health (regulatory information): http://list.nih.govhttp://list.nih.gov HealthExec Online (HIPAA): http://www.healthexec.net/index.html http://www.healthexec.net/index.html SANS Institute: http://www.sans.orghttp://www.sans.org

14 June 6, 2002Presenter - Chris Apgar, CISSP14 Resources Workgroup for Electronic Data Interchange: http://www.wedi.org http://www.wedi.org CPRI-Host Resource Center: http://www.cpri- host.orghttp://www.cpri- host.org HIPAA Assessment: http://www.nchica.org/activities/EarlyView/nch icahipaa_earlyview_tool.htm http://www.nchica.org/activities/EarlyView/nch icahipaa_earlyview_tool.htm Thomas Legislative Guide: http://thomas.loc.gov http://thomas.loc.gov

15 June 6, 2002Presenter - Chris Apgar, CISSP15 Resources American Association of Health Plans: http://www.aahp.org http://www.aahp.org American Medical Association: http://www.ama-assn.org http://www.ama-assn.org American Hospital Association: http://aha.orghttp://aha.org American Health information Management Association: http://www.ahima.orghttp://www.ahima.org American Health Quality Association: http://www.ahqa.org http://www.ahqa.org

16 June 6, 2002Presenter - Chris Apgar, CISSP16 Question & Answer Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan (503) 574-7927 (voice) (503) 574-8655 (fax) apgarc@providence.org


Download ppt "1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan."

Similar presentations


Ads by Google