Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Published byGabriella Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc."— Presentation transcript:

1

2 HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

3 3  Introduction  Overview of HIPAA Security and its Impact  The Final Rule?  Conclusions

4 4

5 5 John Parmigiani  CTGHS Director of HIPAA Compliance Services  HCS Director of Compliance Programs  HIPAA Security Standards Government Chair/ HIPAA Infrastructure Group  Directed development and implementation of security initiatives for HCFA  Security architecture  Security awareness and training program  Systems security policies and procedures  Directed development and implementation of agency- wide information systems policy and standards and information resources management  AMC Workgroup on HIPAA Security and Privacy;Content Committee of CPRI Security and Privacy Toolkit; Editorial Advisory Board of HIPAA Compliance Alert’s HIPAA Answer Book

6 6

7 7 Security Goals  Confidentiality  Integrity  Availability

8 8 Security Framework  Each affected entity must assess own security needs and risks  Devise, implement, and maintain appropriate security to address business requirements  Based on good business practices HIPAA

9 9 Security Standards  What do they mean for covered entities?  Procedures and systems must be updated to ensure that health care data is protected.  Written security policies and procedures must be created and/or reviewed to ensure compliance.  Employees must receive training on those policies and procedures.  Access to data must be controlled through appropriate mechanisms (for example: passwords, automatic tracking of when patient data has been created, modified, or deleted).  Security procedures/systems must be certified (self- certification is acceptable) to meet the minimum standards.

10 10 Security Compliance Areas:  Training and Awareness  Policy and Procedure Review  System Review  Documentation Review  Contract Review  Infrastructure and Connectivity Review  Access Controls  Authentication  Media Controls

11 11 Security Compliance Areas…:  Workstation  Emergency Mode Access  Audit Trails  Automatic Removal of Accounts  Event Reporting  Incident Reporting  Sanctions

12 12 Security Measures In general, security measures can grouped as:  Administrative  Physical  Technical (Data in transit and data at rest)

13 13 Security Standards  NPRM- 8/12/1998  Administrative Requirements (12)  Physical Requirements (6)  Technical Requirements [data at rest](5)  Technical Requirements [data in transit](1)  Electronic Signature  Implementation Features (70)

14 14 BS 7799/ISO 17799  Security Policy  Security Organization  Asset Classification and Control  Personnel Security  Physical and Environmental Security  Communications and Operations Management  Access Control  Systems Development and Maintenance  Business Continuity Management  Compliance Standard Areas of Business Security

15 15

16 16 HIPAA Security-The Final Rule  Final Rule in clearance- expected to be published summer (Q3) 2002  What to expect  Streamlining- Same core values- more specificity as to mandatory (must do)/discretionary (should do)  Fewer standards  Paper (?) as well as electronic media  Business Associate Contracts/Chain-of-Trust  Synchronization with Privacy  What not to expect  No Electronic Signature but…not dead for health care

17 17 Electronic Signature Standard  Comments to Security NPRM indicated a lack of consensus; industry continues to work on monitored by NCVHS  NCVHS necessary before regulation developed  Transaction standards do not require  Security NPRM specified digital signature (authentication, message integrity, non- repudiation requirements)  NIST rather than DHHS will probably develop  PKI-HealthKey Bridge effort

18 18

19 19 A Balanced Approach $ Risk  Cost of safeguards vs. the value of the information to protect  Security should not impede care  Your organization’s risk aversion  Due diligence

20 20 Reasonableness/Common Sense  Administrative Simplification Provisions are aimed at process improvement and saving money  Healthcare providers and payers should not have to go broke becoming HIPAA- compliant  Expect fine-tuning adjustments over the years

21 21 Due Diligence! Remember:

22 22 john.parmigiani@ctghs.comjohn.parmigiani@ctghs.com / 410-750-2497

Download ppt "HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc."

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Implementing and Enforcing the HIPAA Security Rule John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions,

Implementing and Enforcing the HIPAA Security Rule John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions,
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
NCVHS Panel 6 WEDI Testimony on Health Plan Identifier June 10, 2014 Laurie Darst, Mayo Clinic, Revenue Cycle Regulatory Advisor WEDI Board of Directors.

NCVHS Panel 6 WEDI Testimony on Health Plan Identifier June 10, 2014 Laurie Darst, Mayo Clinic, Revenue Cycle Regulatory Advisor WEDI Board of Directors.
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations.

HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.

IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
Introduction and Overview- The HIPAA Security Rule

Introduction and Overview- The HIPAA Security Rule
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google