SlideShare une entreprise Scribd logo

Becoming HITECH - 9/2009

R
rogersons

Migration from HIPAA to HITECH

TechnologieBusiness
1  sur  26
Becoming HITECH Review of the HITECH Act and its role in a holistic approach to compliance September 30, 2009
Agenda • About Us • Obligations of Healthcare Providers • Review of HIPAA and Red Flags Rule Objectives • Discussion on HITECH – Objectives and Requirements – Placement in ARRA – Funding Opportunities • Rethinking your Patient Privacy, Security, and Protection Strategy Becoming HITECH
About Us Scott A. Rogerson, CISA, CAPM The Hill Group, Inc.
• Management consulting firm • Founded in 1953 • Headquartered in Pittsburgh, PA • Affiliated with several consulting firms across the United States About Us Becoming HITECH
• Strategy • Operations and Process Improvement • Performance and Diagnostic Measurement • Organizational Development • Workforce and Economic Development Strategy Our Services Becoming HITECH
Health Care Providers and Associations Our Clients Include Becoming HITECH
Privacy, Security, Protection Obligations of Healthcare Providers
Security and Protection Obligations • These obligations include ensuring the following: – Completeness – Accuracy – Confidentiality – Protection • Additional areas of data management not addressed are: – Availability – Reliability Healthcare providers are obligated to secure all data accepted from patients for treatment or other health care operations and to ensure that the privacy of that information is upheld. Becoming HITECH
• Purpose: Require the implementation of administrative, technical, and physical safeguards to: – Ensure data integrity and confidentiality – Protect against reasonably anticipated • Threats or hazards to the security or integrity of data • Unauthorized use or disclosure HIPAA Purpose Becoming HITECH
• Privacy policies and procedures • Privacy notice • Privacy official • Workforce training and enforcement • Mitigation process • Complaint process • Implement safeguards – Administrative – Technical – Physical • Retain policies, procedure, notices for six years HIPAA Requirements Becoming HITECH
• Purpose: Preventing an individual with unauthorized data from obtaining unauthorized services • Four Elements of Compliance for the Red Flags Rule: 1. Identify Red Flags for covered accounts and incorporate those red flags into the Program 2. Detect Red Flags that have been incorporated into the Program 3. Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft 4. Update the Program at least annually to reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft • Compliance Date: November 1, 2009 Red Flags Purpose and Requirements Becoming HITECH
Discussion on HITECH
• Health Information Technology for Economic and Clinical Health Act – Title XIII and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 • Objective: “Utilization of an electronic health record for each person in the United States by 2014” – Requirements for Achievement: • Confidence in Systems • Confidence in Organizations • Funding for Implementation • Effective Date: September 23, 2009 but enforcement will be delayed until February 22, 2010 HITECH Overview Becoming HITECH
HITECH: Supplements to HIPAA • Extension of “covered entity” requirements to the “business associate” • State Attorney General Enforcement • Establishes breach notification requirements • Breach – “Unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information” Becoming HITECH
• Perform Risk Assessment to: – Define the “harm threshold” – Determine if breach falls into one of the seven exception criteria • Disclosure to the Individual • Disclosure for Treatment, Payment and Health Care Operations (TPO) • Opportunity to Agree or Object • “Incident to” • Limited Data Set / De-identified Data • Has Authorization • Public Policy (Legal Requirement, Law Enforcement, etc.) HITECH: Identifying a Breach Becoming HITECH
• HITECH requires that notification be communicated within 60 from the day the breach is: – Known by someone in the organization (other than the person committing the breach) – By exercising reasonable diligence would have been known – Must provide notification without “unreasonable delay” • Business Associate (BA) Notification Requirement – Notify affected covered entity/entities of breach – The covered entity is then required to notify individuals (unless contract states otherwise) • If BA is agent of covered entity – Must notify individuals within 60 days of BA discovery • If BA is independent contractor – Must notify individuals within 60 days of being notified HITECH: Breach Requirements Becoming HITECH
HITECH: Required Notification • The required notification activities depend upon: – Number of individuals impacted – Location in which the individuals reside • The breach notification must include the following in “plain language”: – Brief description of what happened – Types of information involved – Steps affected individuals should take to protect themselves – Definition of the steps the covered entity is taking to mitigate harm to individuals – Contact procedures for individuals with additional questions Becoming HITECH
HITECH: Notification Req. I d e n t if y B r e a c h N o t if y I n d iv id u a l N o t if y P u b lic S t a r t E n d 60Days Once potential breach has been identified, perform risk assessment to determine if “harm threshold” indicates breach occurred. Notify the individuals affected by the breach using a written notice, including appropriate information. If individual(s) cannot be reached, follow substitute notice procedure. Determine if need exists to notify major media outlets, HHS Secretary, and/or credit reporting agencies of breach. Refer to Decision Tree for Additional Detail Becoming HITECH
• Title IV – Medicare and Medicaid Health Information Technology; Miscellaneous Medicare Provisions of the ARRA includes the following provisions: – Additional funding for eligible professionals adopting EHR prior to 2014 – Penalties for professionals not adopting by 2014 • “Meaningful Use” Requirement for Adoption – Connected in a manner that provides for electronic exchange of health information – Provider is able to generate and submit measurements of EHR use in their practice • A “significant hardship” exemption exists HITECH: Incentives for EHR Becoming HITECH
HITECH: The “Carrot” and the “Stick” MU Year 2011 2012 2013 2014 2015 2016 2017 2018 2019 Total 2011 $18,000 $12,000 $8,000 $4,000 $2,000 $44,000 2012 $18,000 $12,000 $8,000 $4,000 $2,000 $44,000 2013 $15,000 $12,000 $8,000 $4,000 $39,000 2014 $12,000 $8,000 $4,000 $24,000 2015 None - 1% - 2% - 3% - 4% - 5% - ?? Becoming HITECH
Rethinking your Patient Privacy, Security, and Protection Strategy
Risk Assessment Process • HIPAA, Red Flags, and HITECH require the performance of a risk assessment to determine the necessary safeguards • When performing this assessment, the following should be considered for each risk area: – Likelihood – Impact – Effectiveness • Prevention • Detection • Mitigation Becoming HITECH
Risk Assessment Areas • Areas to Consider: – Current Policies / Procedures • Design Effectiveness • Operating Effectiveness – Application Risks • Role-based Access • Application Controls – Data Assessment (Create, Transmit, Store, Dispose) • Creation • Storage (primary and secondary) • Transmission • Disposal – Organization – External Risks • Environmental Risks (Flood, Power Failure) • Liability – Business Associate/Vendor Agreements Becoming HITECH
Remediation Efforts • No policy, procedure, or application should be implemented solely for regulatory purposes • People and Process are still the critical components to a efficient, effective, and compliant organization – The individuals who own the information may be your most effective (and least costly) detective control • Physical / Technical safeguards should be integrated into the processes utilizing the technology to increase efficiency, reliability, and utilization of the information • Compliance practices should be customized to the organization Becoming HITECH
Discussion and Q&A
Thank You If you have any additional questions, please feel free to contact me: Scott A. Rogerson, CISA, CAPM 412-722-1111 srogerson@hillgroupinc.com The Hill Group, Inc. 2 East Main Street Carnegie, PA 15106-2456 USA www.hillgroupinc.com Becoming HITECH

Recommandé

Meaningful Use - 8/2010
Meaningful Use - 8/2010Meaningful Use - 8/2010
Meaningful Use - 8/2010rogersons
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceThomas Bronack
 
21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare ITCitiusTech
 
Reporting Patient Safety Events Challenge Webinar
Reporting Patient Safety Events Challenge WebinarReporting Patient Safety Events Challenge Webinar
Reporting Patient Safety Events Challenge Webinarhealth2dev
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and SecurityParsons Behle & Latimer
 
Updated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationUpdated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationThomas Bronack
 
Meaningful use basics
Meaningful use basicsMeaningful use basics
Meaningful use basicsJose Ivan Delgado, Ph.D.
 
Home Health Federal Health IT Policy, Larry Wolf
Home Health Federal Health IT Policy, Larry WolfHome Health Federal Health IT Policy, Larry Wolf
Home Health Federal Health IT Policy, Larry WolfKindred Healthcare
 

Recommandé

Meaningful Use - 8/2010
Meaningful Use - 8/2010Meaningful Use - 8/2010
Meaningful Use - 8/2010rogersons
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceThomas Bronack
 
21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare IT21st Century Act and its Impact on Healthcare IT
21st Century Act and its Impact on Healthcare ITCitiusTech
 
Reporting Patient Safety Events Challenge Webinar
Reporting Patient Safety Events Challenge WebinarReporting Patient Safety Events Challenge Webinar
Reporting Patient Safety Events Challenge Webinarhealth2dev
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and SecurityParsons Behle & Latimer
 
Updated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationUpdated Healthcare Industry Compliance Presentation
Updated Healthcare Industry Compliance PresentationThomas Bronack
 
Meaningful use basics
Meaningful use basicsMeaningful use basics
Meaningful use basicsJose Ivan Delgado, Ph.D.
 
Home Health Federal Health IT Policy, Larry Wolf
Home Health Federal Health IT Policy, Larry WolfHome Health Federal Health IT Policy, Larry Wolf
Home Health Federal Health IT Policy, Larry WolfKindred Healthcare
 
HIMSS15_TeleHealth Strategy_118Final
HIMSS15_TeleHealth Strategy_118FinalHIMSS15_TeleHealth Strategy_118Final
HIMSS15_TeleHealth Strategy_118FinalJeff Jones
 
Meaningful Use: The Fine Print
Meaningful Use: The Fine PrintMeaningful Use: The Fine Print
Meaningful Use: The Fine PrintQualifacts
 
Implementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostImplementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostJeff Brevik, PMP
 
HM480 Ab103318 ch11
HM480 Ab103318 ch11HM480 Ab103318 ch11
HM480 Ab103318 ch11BealCollegeOnline
 
Healthcare Information Management
Healthcare Information ManagementHealthcare Information Management
Healthcare Information ManagementBijay Bhandari
 
Meaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and OrganizationsMeaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and OrganizationsJose Ivan Delgado, Ph.D.
 
HM480 Ab103318 ch20
HM480 Ab103318 ch20HM480 Ab103318 ch20
HM480 Ab103318 ch20BealCollegeOnline
 
HM480 Ab103318 ch10
HM480 Ab103318 ch10HM480 Ab103318 ch10
HM480 Ab103318 ch10BealCollegeOnline
 
The Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful UseThe Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful UseWalz Group, LLC.
 
Program Overview and Prepare to Review Reported Data
Program Overview and Prepare to Review Reported DataProgram Overview and Prepare to Review Reported Data
Program Overview and Prepare to Review Reported DataMarket iT
 
Presentation Zeroes in on Successful CIN
Presentation Zeroes in on Successful CIN Presentation Zeroes in on Successful CIN
Presentation Zeroes in on Successful CIN PYA, P.C.
 
The Circuit EHR Presentation
The Circuit EHR PresentationThe Circuit EHR Presentation
The Circuit EHR PresentationThe Circuit
 
hitech act
hitech acthitech act
hitech actpadler01
 
The Future of Healthcare in Consumerism World
The Future of Healthcare in Consumerism WorldThe Future of Healthcare in Consumerism World
The Future of Healthcare in Consumerism WorldCitiusTech
 
Kindred and Gentiva Reach Definitive Agreement
Kindred and Gentiva Reach Definitive AgreementKindred and Gentiva Reach Definitive Agreement
Kindred and Gentiva Reach Definitive AgreementKindred Healthcare
 
The Medical Advantage MU v2 Quick Pitch
The Medical Advantage MU v2 Quick PitchThe Medical Advantage MU v2 Quick Pitch
The Medical Advantage MU v2 Quick PitchJan S. Belmont-French
 
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013MassEHealth
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
NCVHS Privacy and Security Update
NCVHS Privacy and Security Update NCVHS Privacy and Security Update
NCVHS Privacy and Security Update Brian Ahier
 
HIPAA
HIPAAHIPAA
HIPAAAlanoud Alqoufi
 
Raising Red Flags - 07/2009
Raising Red Flags - 07/2009Raising Red Flags - 07/2009
Raising Red Flags - 07/2009rogersons
 
Photoshoot
PhotoshootPhotoshoot
Photoshootalice_faz
 

Contenu connexe

Tendances

HIMSS15_TeleHealth Strategy_118Final
HIMSS15_TeleHealth Strategy_118FinalHIMSS15_TeleHealth Strategy_118Final
HIMSS15_TeleHealth Strategy_118FinalJeff Jones
 
Meaningful Use: The Fine Print
Meaningful Use: The Fine PrintMeaningful Use: The Fine Print
Meaningful Use: The Fine PrintQualifacts
 
Implementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostImplementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostJeff Brevik, PMP
 
Healthcare Information Management
Healthcare Information ManagementHealthcare Information Management
Healthcare Information ManagementBijay Bhandari
 
Meaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and OrganizationsMeaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and OrganizationsJose Ivan Delgado, Ph.D.
 
The Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful UseThe Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful UseWalz Group, LLC.
 
Program Overview and Prepare to Review Reported Data
Program Overview and Prepare to Review Reported DataProgram Overview and Prepare to Review Reported Data
Program Overview and Prepare to Review Reported DataMarket iT
 
Presentation Zeroes in on Successful CIN
Presentation Zeroes in on Successful CIN Presentation Zeroes in on Successful CIN
Presentation Zeroes in on Successful CIN PYA, P.C.
 
The Circuit EHR Presentation
The Circuit EHR PresentationThe Circuit EHR Presentation
The Circuit EHR PresentationThe Circuit
 
hitech act
hitech acthitech act
hitech actpadler01
 
The Future of Healthcare in Consumerism World
The Future of Healthcare in Consumerism WorldThe Future of Healthcare in Consumerism World
The Future of Healthcare in Consumerism WorldCitiusTech
 
Kindred and Gentiva Reach Definitive Agreement
Kindred and Gentiva Reach Definitive AgreementKindred and Gentiva Reach Definitive Agreement
Kindred and Gentiva Reach Definitive AgreementKindred Healthcare
 
The Medical Advantage MU v2 Quick Pitch
The Medical Advantage MU v2 Quick PitchThe Medical Advantage MU v2 Quick Pitch
The Medical Advantage MU v2 Quick PitchJan S. Belmont-French
 
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013MassEHealth
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
NCVHS Privacy and Security Update
NCVHS Privacy and Security Update NCVHS Privacy and Security Update
NCVHS Privacy and Security Update Brian Ahier
 

Tendances (20)

HIMSS15_TeleHealth Strategy_118Final
HIMSS15_TeleHealth Strategy_118FinalHIMSS15_TeleHealth Strategy_118Final
HIMSS15_TeleHealth Strategy_118Final
 
Meaningful Use: The Fine Print
Meaningful Use: The Fine PrintMeaningful Use: The Fine Print
Meaningful Use: The Fine Print
 
Implementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog PostImplementing EHR in Behavioral Health Blog Post
Implementing EHR in Behavioral Health Blog Post
 
HM480 Ab103318 ch11
HM480 Ab103318 ch11HM480 Ab103318 ch11
HM480 Ab103318 ch11
 
Healthcare Information Management
Healthcare Information ManagementHealthcare Information Management
Healthcare Information Management
 
Meaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and OrganizationsMeaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and Organizations
 
HM480 Ab103318 ch20
HM480 Ab103318 ch20HM480 Ab103318 ch20
HM480 Ab103318 ch20
 
HM480 Ab103318 ch10
HM480 Ab103318 ch10HM480 Ab103318 ch10
HM480 Ab103318 ch10
 
The Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful UseThe Medical Advantage, Inc. - EMR & Meaningful Use
The Medical Advantage, Inc. - EMR & Meaningful Use
 
Program Overview and Prepare to Review Reported Data
Program Overview and Prepare to Review Reported DataProgram Overview and Prepare to Review Reported Data
Program Overview and Prepare to Review Reported Data
 
Presentation Zeroes in on Successful CIN
Presentation Zeroes in on Successful CIN Presentation Zeroes in on Successful CIN
Presentation Zeroes in on Successful CIN
 
The Circuit EHR Presentation
The Circuit EHR PresentationThe Circuit EHR Presentation
The Circuit EHR Presentation
 
hitech act
hitech acthitech act
hitech act
 
The Future of Healthcare in Consumerism World
The Future of Healthcare in Consumerism WorldThe Future of Healthcare in Consumerism World
The Future of Healthcare in Consumerism World
 
Kindred and Gentiva Reach Definitive Agreement
Kindred and Gentiva Reach Definitive AgreementKindred and Gentiva Reach Definitive Agreement
Kindred and Gentiva Reach Definitive Agreement
 
The Medical Advantage MU v2 Quick Pitch
The Medical Advantage MU v2 Quick PitchThe Medical Advantage MU v2 Quick Pitch
The Medical Advantage MU v2 Quick Pitch
 
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013
MeHI Regional Health IT Meetings - Tewksbury, MA - Sept, 2013
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability Act
 
NCVHS Privacy and Security Update
NCVHS Privacy and Security Update NCVHS Privacy and Security Update
NCVHS Privacy and Security Update
 
HIPAA
HIPAAHIPAA
HIPAA
 

En vedette

Raising Red Flags - 07/2009
Raising Red Flags - 07/2009Raising Red Flags - 07/2009
Raising Red Flags - 07/2009rogersons
 
DIRECT TIR ASSISTANCE - INFORMATION
DIRECT TIR ASSISTANCE - INFORMATIONDIRECT TIR ASSISTANCE - INFORMATION
DIRECT TIR ASSISTANCE - INFORMATIONReis Borges
 
Resume_Arindom-March-3rd
Resume_Arindom-March-3rdResume_Arindom-March-3rd
Resume_Arindom-March-3rdArindom Biswas
 
Its 330am and kobe is training
Its 330am and kobe is trainingIts 330am and kobe is training
Its 330am and kobe is trainingTed Stearns
 
Evaluation q5 slideshare
Evaluation q5 slideshareEvaluation q5 slideshare
Evaluation q5 slidesharealice_faz
 
Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...
Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...
Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...rogersons
 
Emerging Industry Workforce Strategy report 01226010
Emerging Industry Workforce Strategy report 01226010Emerging Industry Workforce Strategy report 01226010
Emerging Industry Workforce Strategy report 01226010rogersons
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 

En vedette (12)

Raising Red Flags - 07/2009
Raising Red Flags - 07/2009Raising Red Flags - 07/2009
Raising Red Flags - 07/2009
 
Photoshoot
PhotoshootPhotoshoot
Photoshoot
 
DIRECT TIR ASSISTANCE - INFORMATION
DIRECT TIR ASSISTANCE - INFORMATIONDIRECT TIR ASSISTANCE - INFORMATION
DIRECT TIR ASSISTANCE - INFORMATION
 
Reference Perez
Reference PerezReference Perez
Reference Perez
 
Resume_Arindom-March-3rd
Resume_Arindom-March-3rdResume_Arindom-March-3rd
Resume_Arindom-March-3rd
 
Its 330am and kobe is training
Its 330am and kobe is trainingIts 330am and kobe is training
Its 330am and kobe is training
 
Evaluation q5 slideshare
Evaluation q5 slideshareEvaluation q5 slideshare
Evaluation q5 slideshare
 
1939 – 1945
1939 – 19451939 – 1945
1939 – 1945
 
Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...
Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...
Navgating in a New Moon: Utilizing an Objective Decision-making Framework in...
 
Emerging Industry Workforce Strategy report 01226010
Emerging Industry Workforce Strategy report 01226010Emerging Industry Workforce Strategy report 01226010
Emerging Industry Workforce Strategy report 01226010
 
επίσκεψη στα καπη
επίσκεψη στα καπηεπίσκεψη στα καπη
επίσκεψη στα καπη
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Similaire à Becoming HITECH - 9/2009

HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointDeena Fetrow
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...Skoda Minotti
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sIatric Systems
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Xiaoming Zeng
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 

Similaire à Becoming HITECH - 9/2009 (20)

HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
HNI U: HIPAA Essentials
HNI U: HIPAA EssentialsHNI U: HIPAA Essentials
HNI U: HIPAA Essentials
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 

Dernier

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Dernier (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Becoming HITECH - 9/2009

  • 1. Becoming HITECH Review of the HITECH Act and its role in a holistic approach to compliance September 30, 2009
  • 2. Agenda • About Us • Obligations of Healthcare Providers • Review of HIPAA and Red Flags Rule Objectives • Discussion on HITECH – Objectives and Requirements – Placement in ARRA – Funding Opportunities • Rethinking your Patient Privacy, Security, and Protection Strategy Becoming HITECH
  • 3. About Us Scott A. Rogerson, CISA, CAPM The Hill Group, Inc.
  • 4. • Management consulting firm • Founded in 1953 • Headquartered in Pittsburgh, PA • Affiliated with several consulting firms across the United States About Us Becoming HITECH
  • 5. • Strategy • Operations and Process Improvement • Performance and Diagnostic Measurement • Organizational Development • Workforce and Economic Development Strategy Our Services Becoming HITECH
  • 6. Health Care Providers and Associations Our Clients Include Becoming HITECH
  • 8. Security and Protection Obligations • These obligations include ensuring the following: – Completeness – Accuracy – Confidentiality – Protection • Additional areas of data management not addressed are: – Availability – Reliability Healthcare providers are obligated to secure all data accepted from patients for treatment or other health care operations and to ensure that the privacy of that information is upheld. Becoming HITECH
  • 9. • Purpose: Require the implementation of administrative, technical, and physical safeguards to: – Ensure data integrity and confidentiality – Protect against reasonably anticipated • Threats or hazards to the security or integrity of data • Unauthorized use or disclosure HIPAA Purpose Becoming HITECH
  • 10. • Privacy policies and procedures • Privacy notice • Privacy official • Workforce training and enforcement • Mitigation process • Complaint process • Implement safeguards – Administrative – Technical – Physical • Retain policies, procedure, notices for six years HIPAA Requirements Becoming HITECH
  • 11. • Purpose: Preventing an individual with unauthorized data from obtaining unauthorized services • Four Elements of Compliance for the Red Flags Rule: 1. Identify Red Flags for covered accounts and incorporate those red flags into the Program 2. Detect Red Flags that have been incorporated into the Program 3. Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft 4. Update the Program at least annually to reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft • Compliance Date: November 1, 2009 Red Flags Purpose and Requirements Becoming HITECH
  • 13. • Health Information Technology for Economic and Clinical Health Act – Title XIII and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 • Objective: “Utilization of an electronic health record for each person in the United States by 2014” – Requirements for Achievement: • Confidence in Systems • Confidence in Organizations • Funding for Implementation • Effective Date: September 23, 2009 but enforcement will be delayed until February 22, 2010 HITECH Overview Becoming HITECH
  • 14. HITECH: Supplements to HIPAA • Extension of “covered entity” requirements to the “business associate” • State Attorney General Enforcement • Establishes breach notification requirements • Breach – “Unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information” Becoming HITECH
  • 15. • Perform Risk Assessment to: – Define the “harm threshold” – Determine if breach falls into one of the seven exception criteria • Disclosure to the Individual • Disclosure for Treatment, Payment and Health Care Operations (TPO) • Opportunity to Agree or Object • “Incident to” • Limited Data Set / De-identified Data • Has Authorization • Public Policy (Legal Requirement, Law Enforcement, etc.) HITECH: Identifying a Breach Becoming HITECH
  • 16. • HITECH requires that notification be communicated within 60 from the day the breach is: – Known by someone in the organization (other than the person committing the breach) – By exercising reasonable diligence would have been known – Must provide notification without “unreasonable delay” • Business Associate (BA) Notification Requirement – Notify affected covered entity/entities of breach – The covered entity is then required to notify individuals (unless contract states otherwise) • If BA is agent of covered entity – Must notify individuals within 60 days of BA discovery • If BA is independent contractor – Must notify individuals within 60 days of being notified HITECH: Breach Requirements Becoming HITECH
  • 17. HITECH: Required Notification • The required notification activities depend upon: – Number of individuals impacted – Location in which the individuals reside • The breach notification must include the following in “plain language”: – Brief description of what happened – Types of information involved – Steps affected individuals should take to protect themselves – Definition of the steps the covered entity is taking to mitigate harm to individuals – Contact procedures for individuals with additional questions Becoming HITECH
  • 18. HITECH: Notification Req. I d e n t if y B r e a c h N o t if y I n d iv id u a l N o t if y P u b lic S t a r t E n d 60Days Once potential breach has been identified, perform risk assessment to determine if “harm threshold” indicates breach occurred. Notify the individuals affected by the breach using a written notice, including appropriate information. If individual(s) cannot be reached, follow substitute notice procedure. Determine if need exists to notify major media outlets, HHS Secretary, and/or credit reporting agencies of breach. Refer to Decision Tree for Additional Detail Becoming HITECH
  • 19. • Title IV – Medicare and Medicaid Health Information Technology; Miscellaneous Medicare Provisions of the ARRA includes the following provisions: – Additional funding for eligible professionals adopting EHR prior to 2014 – Penalties for professionals not adopting by 2014 • “Meaningful Use” Requirement for Adoption – Connected in a manner that provides for electronic exchange of health information – Provider is able to generate and submit measurements of EHR use in their practice • A “significant hardship” exemption exists HITECH: Incentives for EHR Becoming HITECH
  • 20. HITECH: The “Carrot” and the “Stick” MU Year 2011 2012 2013 2014 2015 2016 2017 2018 2019 Total 2011 $18,000 $12,000 $8,000 $4,000 $2,000 $44,000 2012 $18,000 $12,000 $8,000 $4,000 $2,000 $44,000 2013 $15,000 $12,000 $8,000 $4,000 $39,000 2014 $12,000 $8,000 $4,000 $24,000 2015 None - 1% - 2% - 3% - 4% - 5% - ?? Becoming HITECH
  • 21. Rethinking your Patient Privacy, Security, and Protection Strategy
  • 22. Risk Assessment Process • HIPAA, Red Flags, and HITECH require the performance of a risk assessment to determine the necessary safeguards • When performing this assessment, the following should be considered for each risk area: – Likelihood – Impact – Effectiveness • Prevention • Detection • Mitigation Becoming HITECH
  • 23. Risk Assessment Areas • Areas to Consider: – Current Policies / Procedures • Design Effectiveness • Operating Effectiveness – Application Risks • Role-based Access • Application Controls – Data Assessment (Create, Transmit, Store, Dispose) • Creation • Storage (primary and secondary) • Transmission • Disposal – Organization – External Risks • Environmental Risks (Flood, Power Failure) • Liability – Business Associate/Vendor Agreements Becoming HITECH
  • 24. Remediation Efforts • No policy, procedure, or application should be implemented solely for regulatory purposes • People and Process are still the critical components to a efficient, effective, and compliant organization – The individuals who own the information may be your most effective (and least costly) detective control • Physical / Technical safeguards should be integrated into the processes utilizing the technology to increase efficiency, reliability, and utilization of the information • Compliance practices should be customized to the organization Becoming HITECH
  • 26. Thank You If you have any additional questions, please feel free to contact me: Scott A. Rogerson, CISA, CAPM 412-722-1111 srogerson@hillgroupinc.com The Hill Group, Inc. 2 East Main Street Carnegie, PA 15106-2456 USA www.hillgroupinc.com Becoming HITECH

Notes de l'éditeur

  1. <number>
  2. <number>
  3. <number>
  4. <number>
  5. <number>
  6. <number>
  7. <number>
  8. <number>
  9. <number>
  10. <number>
  11. <number>
  12. <number>