Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Security Final Rule Overview for HIPAA Summit West June 5, 2003Karen Trudel.

Published byEthelbert Garrison Modified over 9 years ago

Similar presentations

Presentation on theme: "HIPAA Security Final Rule Overview for HIPAA Summit West June 5, 2003Karen Trudel."— Presentation transcript:

1 HIPAA Security Final Rule Overview for HIPAA Summit West June 5, 2003Karen Trudel

2 Publication Information  Printed in Federal Register 2/20/03  Compliance Date 4/21/05 (4/21/06 for Small Health Plans)  Document can be located at www.cms.hhs.gov/hipaa/hipaa2

3 Purpose  Ensure integrity, confidentiality and availability of electronic protected health information  Protect against reasonably anticipated threats or hazards, and improper use or disclosure

4 Scope  All electronic protected health information (EPHI) –NOT oral and paper PHI  In motion AND at rest  All covered entities

5 Security Standards General Concepts  Flexible, Scalable –Permits standards to be interpreted and implemented appropriately from the smallest provider to the largest plan  Comprehensive –Cover all aspects of security – behavioral as well as technical  Technology Neutral –Can utilize future technology advances in this fast- changing field

6 Recent WEDI Policy Advisory Group  Assessed need to request changes/guidance  Result: a few clarifications needed; outreach needed  Clarifications: –Relief from burdensome security incident reporting requirement –Clarify status of NIST Guidance documents  Consensus was to preserve flexibility by not requesting official guidance

7 Implementation Process  Reminiscent of Y2K  Phases: –Education –Assessment –Remediation –Testing/Validation

8 Assessment Phase Critical  Standard: Security Management Process –Risk Analysis – What are the various risks? How severe? How likely? –Risk Management – What solutions best reduce risk to an acceptable level  Remember: No such thing as absolute security

9 Where to Start?  Leverage progress made in privacy implementation –Identified PHI –Identified business associates  Build on “mini-security rule” in privacy

10 What Next?  Add on issues related to integrity and availability  Brings into play requirements like disaster recovery

11 Filling the Gaps  Look at entire range of options  Assess –Relative risk –How well various options mitigate the risk –Cost  High tech high cost options aren’t necessarily safer

12 Example: Security Awareness Training  Could be done by various means: –Develop curriculum and send staff to formal classes –Develop web-based training –Take advantage of “teachable moments” New staff orientation Regular department meetings Emailed reminders Articles in company newsletter

13 Remember  Technology is not always the answer…many of the standards are administrative  Important to: –Make supportable decisions –Document those decisions –Revisit decisions periodically to assure they are still valid

14 Enforcement - General  Complaint driven  Penalties –$100 for each violation –Maximum of $25,000 per year for all violations of an identical requirement

15 Enforcement – Issues  Still studying – will be defined in Substantive Rule  NPRM scheduled for publication this winter  Issues include: –What is a “violation” and how are they counted –Are all standards weighed the same?

16 Conclusion  Concentrate on the assessment phase  Consider staging remediation –“low hanging fruit” –Areas of significant risk

Download ppt "HIPAA Security Final Rule Overview for HIPAA Summit West June 5, 2003Karen Trudel."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
1 HIPAA Security Final Rule Overview April 9, 2003Karen Trudel.

1 HIPAA Security Final Rule Overview April 9, 2003Karen Trudel.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Health information security & compliance

Health information security & compliance
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Implementing a HIPAA Security Rule Training Program for System Administrators at East Carolina University Copyright: Carol Davis, 2006EDUCAUSE 2006 Security.

Implementing a HIPAA Security Rule Training Program for System Administrators at East Carolina University Copyright: Carol Davis, 2006EDUCAUSE 2006 Security.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Implementing and Enforcing the HIPAA Privacy Rule.

Implementing and Enforcing the HIPAA Privacy Rule.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.

IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google