SlideShare une entreprise Scribd logo

Keynote Presentation "Building a Culture of Privacy and Security into Your Organization"

Health IT Conference – iHT2
Health IT Conference – iHT2

There are real life consequences for organizations that do not integrate privacy and security throughout the continuum of HIT adoption, including health information breaches that could result in identity theft, financial loss and even altered records that can impact patient safety. Joy Pritts, Chief Privacy Officer at the Office of the National Coordinator for Health IT, whose office is directly engaged with these issues, will lead an interactive keynote discussion on ways to build a culture of privacy and security in healthcare organizations.

FormationTechnologie
1  sur  35
Télécharger pour lire hors ligne
Privacy and Security: Building a Privacy and Security Culture in Health CareOrganizations April 25th, 2012 Joy Pritts, JD, Chief Privacy Officer Office of the National Coordinator Health Information Technology
HHS Reaches $100,000 Settlement with 5 Physician Practice over HIPAA Violations 1
Why Create a Culture of Privacy and Security? • Assists Compliance to Law – New Developments • HIPAA Privacy and Security Rules • Enforcement • Good business • It’s Just the Right Thing To Do – Patient Trust 2
Compliance: Federal Health Information Privacy Laws • HIPAA Privacy and Security Rules – Health Insurance Portability and Accountability Act of 1996, effective 2003 and 2005, respectively • Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 – Final Rule submitted to OMB March 24th, 2012 • Others (e.g., 42 CFR part 2) 3
Who Must Comply with HIPAA Privacy and Security Rules? • Covered entities (CEs) –Health plans –Health care clearinghouses –Most health care providers 4
Business Associates and HITECH • Business Associates include: • EHR Vendors • Data Analytic Firms • HITECH Clarifies Business Associates include: • Health Information Exchanges • Personal Health Record Vendors • HITECH Specifies that Business Associates • Must follow administrative, physical and technical safeguards of the Security Rule • Must Follow use and Disclosure Limits of Privacy Rule • Subject to the same Civil and Criminal Penalties as Covered Entities 5
HIPAA Privacy Rule: Two Sides of One Coin Protect Privacy: Patients’ Rights: A CE may not use or • Right to access disclose PHI except: • Right to an • as the Privacy Rule accounting of permits or requires disclosures of (ie. payment, • Right to correct treatment operations or amend etc) • Right to notice of privacy • as the patient or practices their representative • Right to file a authorizes in writing. complaint 6
HIPAA Security Rule (CFR 164.306) • Protects Patient Health Information that is transmitted by or maintained in any form of electronic media • Framework of Technical, Administrative, Physical Safeguards • Ensures workforce training and compliance Flexible Approach (Addressable):  Size, complexity and capabilities of Covered Entity  Security Capabilities of CE hardware and software  Cost of Security Measures  Probability and criticality of potential risks to ePHI 7
So… Isn’t this old news? Then, why Are So Many Organizations Not In Compliance? 8
Major Causes of Breaches of PHI in 2010 Breaches over 500 records: • Theft and loss were the most common reported causes of large breaches. • Among the 207 breaches that affected 500 or more individuals, 99 incidents involved theft of paper records or theft of electronic media • This accounted for records of 2,979,121 individuals. • Loss of electronic media or paper records affected approximately 1,156,847 individuals - OCR Report to Congress on Breaches of Unsecured Information, 2011 9
Risk Assessments • 25% of healthcare organizations do not conduct security risk assessments – HIMSS 2011 Security Study • 39% of healthcare organizations do not or are not sure if they perform a risk assessment – Ponemon Study, 2011 10
Business Associates and Breaches Due to the high volume of records handled, a breaches from business associates translate into a disproportionate number of patients affected: • Business associates involved in 22% of the breaches • But this 22% accounts for 63% of all patients affected by the breaches 11
Security and Mobile Devices - Ponemon Institute, 2011 12
HITECH: It’s a New Day . . . 13
HITECH and Privacy and Security • Established Chief Privacy Officer for the Office of the National Coordinator • Increased fines for breaches • Created mandatory fines for willful neglect • Created Mandatory Breach Notification Rule • Established basis for Meaningful Use 14
Meaningful Use and Privacy and Security MU Stage 1 requires eligible providers and hospitals to • Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. • No exclusion. 15
Enforcement • OCR has begun systematic audits of 150 organizations • CMS and Meaningful Use audits for Incentive funds are set to begin 16
Enforcement: Large organizations • Blue Cross Blue Shield of Tennessee (BCBST) settled with OCR for $1,500,000 for the theft of 57 hard drives to theft, March 13, 2012 • Hard Drives contained names, social security numbers, diagnosis codes, DoB and Plan ID #s for over 1 million individuals • Caused by failure to implement appropriate physical access controls 17
Small Practice Enforcement Phoenix Cardiac Surgery (5 physician practice) was posting clinical and surgical appointments for its patients on an Internet-based publicly accessible calendar 18
Phoenix Cardiac Surgery • July 2007 to February 2009, Practice posted over 1,000 separate entries of ePHI on a publicly accessible, Internet-based calendar • September 2005 until November 2009, Practice daily transmitted ePHI from an Internet-based email account to workforce members’ personal Internet-based email accounts 19
OCR’s Other Findings • Failure to implement adequate policies and procedures to appropriately safeguard patient information • Failure to document any employee training on its policies and procedures on the Privacy and Security Rules • Failure to identify a security official and conduct a risk analysis • Failure to obtain business associate agreements with Internet-based email and calendar services that included storage of and access to its PHI 20
Outcome of Investigation • $100,000 Settlement • Corrective Action Plan includes: – Develop written policies and procedures, submitted to and approved by OCR and documented training for employees – “An accurate and thorough” risk assessment of the potential risks and vulnerabilities to PHI – Submission of Risk Management Plan to OCR – Identification of Security Official – Business Associates Agreements – Any violation of policies and procedures will be a Reportable events to OCR CAP available at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/pcsurgery_ 21 agreement.pdf
“We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.” - Leon Rodriguez Director of the Office for Civil Rights April 17th 2012, OCR Press Release 22
The Real Loss – Patient Trust Beyond Compliance and Return on Investment, Ensuring Patient Privacy is Just the Right Thing to Do 23
Good Business: Patient Trust The ROI for Breach Prevention Diminished productivity and financial consequences due to a breach can be severe. Organizations reported: • The potential result is patient churn; the average lifetime value of one lost patient is $113,400 • Economic impact • Loss of time and productivity • Diminishment of brand or reputation • LOSS OF PATIENT GOODWILL - Ponemon, “Second Annual Benchmark Study 24
Developing a Privacy and Security Culture Challenges: • Providers and Staff may have little understanding of new technology and privacy and security issues • Providers and Staff are reticent about asking questions or for assistance • Adopting new software and workflow in the fast- moving healthcare culture is difficult • Vendors may assume that providers and staff understand privacy and not adequately train 25
Strategies • Executive Leadership Communicate Essential Value • Privacy and Security Metrics are included in Employee Performance Plans/Evaluations • Considered as part of physical environment, patient care, and all communications • Staff are made to feel comfortable in asking questions and for help, resources are widely and freely available • Training, is regular and updated and an essential part of the overall strategic plan • Continuous Improvement and audits completed and results communicated to all 26
ONC’s Office of the Chief Privacy Officer Recent and Current Projects • Personal Health Record Roundtable • Mobile Device Roundtable • Small practice Risk Assessment – original and revised • HIE Privacy and Security Program Information Notice • Security Training and Video Games • Research project on security configurations of mobile devices • Mobile device good practices videos and materials • Website redesign: www.healthit.gov • Data Segmentation Project • Community College Curriculum Privacy and Security Review 27
Training Materials – Series of Security Video Games Due for Release Summer of 2012 DRAFT 28
Sharing Responsibility for Ensuring Patient Privacy We all have a role to play in keeping health information private and secure. • Government establishes P/S policies that are affordable and workable • Vendors should create easy-to-use P/S features and communicate importance • Providers and staff should understand their role in protecting patient privacy • Patients understand their rights and basic means of securing their PHI 29
We Are All In This Together Office of the National Coordinator for 4/30/2012 30 Health Information Technology
Conclusion Questions? 31
HIPAA/HITECH Resources • Privacy and Security Section of HealthIT.gov: http://healthit.hhs.gov • Are you a Covered Entity?: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html • OCR HIPAA Privacy Rule Training Materials: http://www.hhs.gov/ocr/privacy/hipaa/understanding/training/index.html • OCR Guidance on Significant Aspects of the HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/privacyguidance.html • OCR Settlement with Phoenix Cardiac Surgery: http://www.hhs.gov/news/press/2012pres/04/20120417a.html • Fast Facts about the HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/cefastfacts.html • The HHS Office of Civil Rights, HIPAA FAQs: http://www.hhs.gov/ocr/privacy/hipaa/faq/index.html • Guidance materials for Small Providers, Small Health Plans, and other Small Businesses: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/smallbusiness.html • OCR’s Sample Business Associate Contract Provisions: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html 32
Other Federal Law Resources • 42 CFR Pt. 2: http://www.samhsa.gov/healthPrivacy/ • Title X Confidentiality: 42 C.F.R. § 59.11: http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=ce18bb9053f3b026e8983fd8ac27170c&rgn=div8&view=text&nod e=42:1.0.1.4.43.1.19.11&idno=42 • GINA deferring to HIPAA: 29 C.F.R. §§ 1635.9(c) and 1635.11(d): http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=ecbc0d928c8f11dbab0c20532d0101c9&rgn=div8&view=text&nod e=29:4.1.4.1.21.0.26.9&idno=29 and http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=ecbc0d928c8f11dbab0c20532d0101c9&rgn=div8&view=text&nod e=29:4.1.4.1.21.0.26.11&idno=29 – GINA: http://www.ornl.gov/sci/techresources/Human_Genome/publicat/GINAMay2008.pdf • HIPAA deferring to FERPA; exceptions to “protected health information” under (2)(i) and (2)(ii) in 45 C.F.R. § 160.103: http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=35aa826589279b8cff00d53c641a609f&rgn=div8&view=text&node =45:1.0.1.3.74.1.27.3&idno=45 – FERPA/HIPAA Guidance: http://www2.ed.gov/policy/gen/guid/fpco/doc/ferpa-hipaa- guidance.pdf 4/30/2012 ONC 33
Other Resources • For state privacy laws, see the National Conference of State Legislators (NCSL): http://www.ncsl.org/?tabid=17173 • For state privacy law information: http://ihcrp.georgetown.edu/privacy/records.html • National Governor’s Association (NAG) Report on state laws and HIE: http://www.nga.org/Files/pdf/1103HIECONSENTLAWSREPORT.PDF • Health Information Security and Privacy Collaboration (HISPC) reports on state laws: http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__hispc/1240 • The Financial Management of Cyber Risk: “An Implementation Framework for CFOs” American National Standards Institute, 2010 • Second Annual Benchmark Study on Patient Privacy and Data Security, 2011 Ponemon Institute • OCR’s Sample Business Associate Contract Provisions: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html Office of the National Coordinator for 4/30/2012 34 Health Information Technology

Recommandé

Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceThomas Bronack
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian PresentationCityAge
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 

Recommandé

Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceThomas Bronack
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Factsresourceone
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongLorianne Sainsbury-Wong
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian PresentationCityAge
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisCharles McNeil
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Reporttbeckwith
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
HIPAA
HIPAAHIPAA
HIPAAAlanoud Alqoufi
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...Health IT Conference – iHT2
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 

Contenu connexe

Tendances

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisCharles McNeil
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Reporttbeckwith
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associatesgppcpa
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Hybrid Cloud
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...Health IT Conference – iHT2
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryTrend Micro
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemSecurityMetrics
 

Tendances (20)

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security Presentation
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Report
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
HIPAA
HIPAAHIPAA
HIPAA
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare deliveryAssuring regulatory compliance, ePHI protection, and secure healthcare delivery
Assuring regulatory compliance, ePHI protection, and secure healthcare delivery
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in Healthcare
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 

En vedette

II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Building a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationBuilding a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationZane Lackey
 
Chief Data Officer: DataOps - Transformation of the Business Data Environment
Chief Data Officer: DataOps - Transformation of the Business Data EnvironmentChief Data Officer: DataOps - Transformation of the Business Data Environment
Chief Data Officer: DataOps - Transformation of the Business Data EnvironmentCraig Milroy
 

En vedette (13)

II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"
 
DataOps with Project Amaterasu
DataOps with Project AmaterasuDataOps with Project Amaterasu
DataOps with Project Amaterasu
 
Building a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationBuilding a Modern Security Engineering Organization
Building a Modern Security Engineering Organization
 
Chief Data Officer: DataOps - Transformation of the Business Data Environment
Chief Data Officer: DataOps - Transformation of the Business Data EnvironmentChief Data Officer: DataOps - Transformation of the Business Data Environment
Chief Data Officer: DataOps - Transformation of the Business Data Environment
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 

Similaire à Keynote Presentation "Building a Culture of Privacy and Security into Your Organization"

HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkeshealthcareisi
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
Purpose and goals of risk management - UPDATED
Purpose and goals of risk management - UPDATEDPurpose and goals of risk management - UPDATED
Purpose and goals of risk management - UPDATEDLisa Shannon, RN, BSN, JD.
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialityJake Facer
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act Kartheek Kein
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Xiaoming Zeng
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
The Fundamentals ofHIT
The Fundamentals ofHITThe Fundamentals ofHIT
The Fundamentals ofHITslvhit
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 

Similaire à Keynote Presentation "Building a Culture of Privacy and Security into Your Organization" (20)

HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Sustainability of HIEs under CyberSecurity
Sustainability of HIEs under CyberSecuritySustainability of HIEs under CyberSecurity
Sustainability of HIEs under CyberSecurity
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and Security
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Purpose and goals of risk management - UPDATED
Purpose and goals of risk management - UPDATEDPurpose and goals of risk management - UPDATED
Purpose and goals of risk management - UPDATED
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
The Fundamentals ofHIT
The Fundamentals ofHITThe Fundamentals ofHIT
The Fundamentals ofHIT
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 

Plus de Health IT Conference – iHT2

Plus de Health IT Conference – iHT2 (20)

2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
 
2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit2016 iHT2 Miami Health IT Summit
2016 iHT2 Miami Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit2016 iHT2 San Diego Health IT Summit
2016 iHT2 San Diego Health IT Summit
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum2015 Houston CHIME Lead Forum
2015 Houston CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit 2015 iHT2 Health IT Beverly Hills Summit
2015 iHT2 Health IT Beverly Hills Summit
 
iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015iHT2 Health IT Beverly Hills Summit - 2015
iHT2 Health IT Beverly Hills Summit - 2015
 

Dernier

Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxElton John Embodo
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxJanEmmanBrigoli
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 

Dernier (20)

Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptx
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 

Keynote Presentation "Building a Culture of Privacy and Security into Your Organization"

  • 1. Privacy and Security: Building a Privacy and Security Culture in Health CareOrganizations April 25th, 2012 Joy Pritts, JD, Chief Privacy Officer Office of the National Coordinator Health Information Technology
  • 2. HHS Reaches $100,000 Settlement with 5 Physician Practice over HIPAA Violations 1
  • 3. Why Create a Culture of Privacy and Security? • Assists Compliance to Law – New Developments • HIPAA Privacy and Security Rules • Enforcement • Good business • It’s Just the Right Thing To Do – Patient Trust 2
  • 4. Compliance: Federal Health Information Privacy Laws • HIPAA Privacy and Security Rules – Health Insurance Portability and Accountability Act of 1996, effective 2003 and 2005, respectively • Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 – Final Rule submitted to OMB March 24th, 2012 • Others (e.g., 42 CFR part 2) 3
  • 5. Who Must Comply with HIPAA Privacy and Security Rules? • Covered entities (CEs) –Health plans –Health care clearinghouses –Most health care providers 4
  • 6. Business Associates and HITECH • Business Associates include: • EHR Vendors • Data Analytic Firms • HITECH Clarifies Business Associates include: • Health Information Exchanges • Personal Health Record Vendors • HITECH Specifies that Business Associates • Must follow administrative, physical and technical safeguards of the Security Rule • Must Follow use and Disclosure Limits of Privacy Rule • Subject to the same Civil and Criminal Penalties as Covered Entities 5
  • 7. HIPAA Privacy Rule: Two Sides of One Coin Protect Privacy: Patients’ Rights: A CE may not use or • Right to access disclose PHI except: • Right to an • as the Privacy Rule accounting of permits or requires disclosures of (ie. payment, • Right to correct treatment operations or amend etc) • Right to notice of privacy • as the patient or practices their representative • Right to file a authorizes in writing. complaint 6
  • 8. HIPAA Security Rule (CFR 164.306) • Protects Patient Health Information that is transmitted by or maintained in any form of electronic media • Framework of Technical, Administrative, Physical Safeguards • Ensures workforce training and compliance Flexible Approach (Addressable):  Size, complexity and capabilities of Covered Entity  Security Capabilities of CE hardware and software  Cost of Security Measures  Probability and criticality of potential risks to ePHI 7
  • 9. So… Isn’t this old news? Then, why Are So Many Organizations Not In Compliance? 8
  • 10. Major Causes of Breaches of PHI in 2010 Breaches over 500 records: • Theft and loss were the most common reported causes of large breaches. • Among the 207 breaches that affected 500 or more individuals, 99 incidents involved theft of paper records or theft of electronic media • This accounted for records of 2,979,121 individuals. • Loss of electronic media or paper records affected approximately 1,156,847 individuals - OCR Report to Congress on Breaches of Unsecured Information, 2011 9
  • 11. Risk Assessments • 25% of healthcare organizations do not conduct security risk assessments – HIMSS 2011 Security Study • 39% of healthcare organizations do not or are not sure if they perform a risk assessment – Ponemon Study, 2011 10
  • 12. Business Associates and Breaches Due to the high volume of records handled, a breaches from business associates translate into a disproportionate number of patients affected: • Business associates involved in 22% of the breaches • But this 22% accounts for 63% of all patients affected by the breaches 11
  • 13. Security and Mobile Devices - Ponemon Institute, 2011 12
  • 14. HITECH: It’s a New Day . . . 13
  • 15. HITECH and Privacy and Security • Established Chief Privacy Officer for the Office of the National Coordinator • Increased fines for breaches • Created mandatory fines for willful neglect • Created Mandatory Breach Notification Rule • Established basis for Meaningful Use 14
  • 16. Meaningful Use and Privacy and Security MU Stage 1 requires eligible providers and hospitals to • Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. • No exclusion. 15
  • 17. Enforcement • OCR has begun systematic audits of 150 organizations • CMS and Meaningful Use audits for Incentive funds are set to begin 16
  • 18. Enforcement: Large organizations • Blue Cross Blue Shield of Tennessee (BCBST) settled with OCR for $1,500,000 for the theft of 57 hard drives to theft, March 13, 2012 • Hard Drives contained names, social security numbers, diagnosis codes, DoB and Plan ID #s for over 1 million individuals • Caused by failure to implement appropriate physical access controls 17
  • 19. Small Practice Enforcement Phoenix Cardiac Surgery (5 physician practice) was posting clinical and surgical appointments for its patients on an Internet-based publicly accessible calendar 18
  • 20. Phoenix Cardiac Surgery • July 2007 to February 2009, Practice posted over 1,000 separate entries of ePHI on a publicly accessible, Internet-based calendar • September 2005 until November 2009, Practice daily transmitted ePHI from an Internet-based email account to workforce members’ personal Internet-based email accounts 19
  • 21. OCR’s Other Findings • Failure to implement adequate policies and procedures to appropriately safeguard patient information • Failure to document any employee training on its policies and procedures on the Privacy and Security Rules • Failure to identify a security official and conduct a risk analysis • Failure to obtain business associate agreements with Internet-based email and calendar services that included storage of and access to its PHI 20
  • 22. Outcome of Investigation • $100,000 Settlement • Corrective Action Plan includes: – Develop written policies and procedures, submitted to and approved by OCR and documented training for employees – “An accurate and thorough” risk assessment of the potential risks and vulnerabilities to PHI – Submission of Risk Management Plan to OCR – Identification of Security Official – Business Associates Agreements – Any violation of policies and procedures will be a Reportable events to OCR CAP available at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/pcsurgery_ 21 agreement.pdf
  • 23. “We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.” - Leon Rodriguez Director of the Office for Civil Rights April 17th 2012, OCR Press Release 22
  • 24. The Real Loss – Patient Trust Beyond Compliance and Return on Investment, Ensuring Patient Privacy is Just the Right Thing to Do 23
  • 25. Good Business: Patient Trust The ROI for Breach Prevention Diminished productivity and financial consequences due to a breach can be severe. Organizations reported: • The potential result is patient churn; the average lifetime value of one lost patient is $113,400 • Economic impact • Loss of time and productivity • Diminishment of brand or reputation • LOSS OF PATIENT GOODWILL - Ponemon, “Second Annual Benchmark Study 24
  • 26. Developing a Privacy and Security Culture Challenges: • Providers and Staff may have little understanding of new technology and privacy and security issues • Providers and Staff are reticent about asking questions or for assistance • Adopting new software and workflow in the fast- moving healthcare culture is difficult • Vendors may assume that providers and staff understand privacy and not adequately train 25
  • 27. Strategies • Executive Leadership Communicate Essential Value • Privacy and Security Metrics are included in Employee Performance Plans/Evaluations • Considered as part of physical environment, patient care, and all communications • Staff are made to feel comfortable in asking questions and for help, resources are widely and freely available • Training, is regular and updated and an essential part of the overall strategic plan • Continuous Improvement and audits completed and results communicated to all 26
  • 28. ONC’s Office of the Chief Privacy Officer Recent and Current Projects • Personal Health Record Roundtable • Mobile Device Roundtable • Small practice Risk Assessment – original and revised • HIE Privacy and Security Program Information Notice • Security Training and Video Games • Research project on security configurations of mobile devices • Mobile device good practices videos and materials • Website redesign: www.healthit.gov • Data Segmentation Project • Community College Curriculum Privacy and Security Review 27
  • 29. Training Materials – Series of Security Video Games Due for Release Summer of 2012 DRAFT 28
  • 30. Sharing Responsibility for Ensuring Patient Privacy We all have a role to play in keeping health information private and secure. • Government establishes P/S policies that are affordable and workable • Vendors should create easy-to-use P/S features and communicate importance • Providers and staff should understand their role in protecting patient privacy • Patients understand their rights and basic means of securing their PHI 29
  • 31. We Are All In This Together Office of the National Coordinator for 4/30/2012 30 Health Information Technology
  • 32. Conclusion Questions? 31
  • 33. HIPAA/HITECH Resources • Privacy and Security Section of HealthIT.gov: http://healthit.hhs.gov • Are you a Covered Entity?: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html • OCR HIPAA Privacy Rule Training Materials: http://www.hhs.gov/ocr/privacy/hipaa/understanding/training/index.html • OCR Guidance on Significant Aspects of the HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/privacyguidance.html • OCR Settlement with Phoenix Cardiac Surgery: http://www.hhs.gov/news/press/2012pres/04/20120417a.html • Fast Facts about the HIPAA Privacy Rule: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/cefastfacts.html • The HHS Office of Civil Rights, HIPAA FAQs: http://www.hhs.gov/ocr/privacy/hipaa/faq/index.html • Guidance materials for Small Providers, Small Health Plans, and other Small Businesses: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/smallbusiness.html • OCR’s Sample Business Associate Contract Provisions: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html 32
  • 34. Other Federal Law Resources • 42 CFR Pt. 2: http://www.samhsa.gov/healthPrivacy/ • Title X Confidentiality: 42 C.F.R. § 59.11: http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=ce18bb9053f3b026e8983fd8ac27170c&rgn=div8&view=text&nod e=42:1.0.1.4.43.1.19.11&idno=42 • GINA deferring to HIPAA: 29 C.F.R. §§ 1635.9(c) and 1635.11(d): http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=ecbc0d928c8f11dbab0c20532d0101c9&rgn=div8&view=text&nod e=29:4.1.4.1.21.0.26.9&idno=29 and http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=ecbc0d928c8f11dbab0c20532d0101c9&rgn=div8&view=text&nod e=29:4.1.4.1.21.0.26.11&idno=29 – GINA: http://www.ornl.gov/sci/techresources/Human_Genome/publicat/GINAMay2008.pdf • HIPAA deferring to FERPA; exceptions to “protected health information” under (2)(i) and (2)(ii) in 45 C.F.R. § 160.103: http://ecfr.gpoaccess.gov/cgi/t/text/text- idx?c=ecfr&sid=35aa826589279b8cff00d53c641a609f&rgn=div8&view=text&node =45:1.0.1.3.74.1.27.3&idno=45 – FERPA/HIPAA Guidance: http://www2.ed.gov/policy/gen/guid/fpco/doc/ferpa-hipaa- guidance.pdf 4/30/2012 ONC 33
  • 35. Other Resources • For state privacy laws, see the National Conference of State Legislators (NCSL): http://www.ncsl.org/?tabid=17173 • For state privacy law information: http://ihcrp.georgetown.edu/privacy/records.html • National Governor’s Association (NAG) Report on state laws and HIE: http://www.nga.org/Files/pdf/1103HIECONSENTLAWSREPORT.PDF • Health Information Security and Privacy Collaboration (HISPC) reports on state laws: http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__hispc/1240 • The Financial Management of Cyber Risk: “An Implementation Framework for CFOs” American National Standards Institute, 2010 • Second Annual Benchmark Study on Patient Privacy and Data Security, 2011 Ponemon Institute • OCR’s Sample Business Associate Contract Provisions: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html Office of the National Coordinator for 4/30/2012 34 Health Information Technology