Meaningful Use Ready or Not. Brenda Christman, RN. What Will We Be Covering? 10/8/2014
|
|
- Rodney Rodgers
- 5 years ago
- Views:
Transcription
1 Meaningful Use Ready or Not CMS Audits are Underway Brenda Christman, RN Career Health Care Consultant 3+ years with Arnett Foster Toothman PLLC Prior Big 4 Consultant Registered Nurse Industry experience as Director of Reimbursement 2 What Will We Be Covering? Requirements of Meaningful Use Audits Documentation to Support Meaningful Use Attestation Process to Conduct Mock Audit 3 1
2 What s All the Fuss About? Recent Meaningful Use (MU) audits and paybacks have brought more attention to the CMS Audits Drew Memorial Hospital was unable to document completion of one 19 objectives for Meaningful Use CMS is requesting repayment of entire amount ~ $900K HMAself reported they had an error in attestation for 11 of their 71 hospitals HMA made an error in applying the requirements for certifying its EHR technology Repaying $31M 4 CMS Audit Procedures The CMS is performing pre-paymentand post-paymentaudits on 5-10% of healthcare providers Selection Randomly CMS risk profile of suspicious or anomalous data Subcontractor for post-payment is Figliozzi Medicare Audits of EPs and eligible hospitals, as well as on hospitals that are dually-eligible for both the Medicare and Medicaid EHR Incentive Programs. If you are selected for an audit will receive a letter from Figliozzi and Company with the CMS and EHR Incentive Program logos on the letterhead. What triggers a CMS Incentive Payment Audit? 3 tier approach Benchmarking/Anomalies of data Unusual response in Numerator or Denominator responses Field Auditor Selection Eligible Hospitals that received the largest incentive payments Providers who indicated use of multiple EHRs with the capability of collecting data for only a few CQMs A representative sample of certified EHRs in order to determine each EHRs capabilities to support collection of data necessary to meet MU measures 5 Audit Process Initial request letter Letter will be sent electronically from a CMS address and will include the audit contractor s contact information The address provided during registration for the EHR Incentive Programs will be used for the initial request letter Submit requested data electronically The initial review process will be conducted at the audit contractor s location, using the information received as a result of the initial request letter. Receive audit determination letter This letter will inform the provider whether they were successful in meeting meaningful use of electronic health records. If found not to be eligible for an EHR incentive payment, the payment will be recouped 6 2
3 Preparing/Maintaining Documentation Maintain documentation that fully supports the meaningful use and clinical quality measure data submitted during attestation Save any electronic or paper documentation that supports your attestation Make sure others know where the support is saved Centralized, Secured Location Effective Naming Convention of files Save the documentation that supports the values you entered in the Attestation Module for clinical quality measures Maintain documentation that supports payment calculations 7 Support Documentation Examples Proof of Certified Technology Contracts for all components Screen shot from ONC site showing CMS Certification ID Number Letter documenting if certification notes additional software required Source documents for threshold objectives Maintain detail support for each % based threshold Documentation of logic used for calculation and which ED volume calculation used Report should denote dates covered (reporting period) Same denominator for all measures will be scrutinized Attesting for 100% will also raise suspicion 8 Support Documentation Examples Yes/No Objectives Proof of Yes/No measures active during entire reporting period Screen shots Confirmation from vendor Use of Audit log Proof of data transaction with public health agency Quality Measures Must be reported directly from Certified HER Security Risk Analysis Maintain a copy per locations Need to document conducted before the end of reporting period Document any action taken based on analysis 9 3
4 Steps of Mock Audit Ready Rally the troops and get a team together to gather all the necessary information: IT, Finance, Compliance, HIM, Clinicians Provide education to team on process CMS website: Tip sheets and FAQ Sample Audit Request Set Go Gather Data as if submitting to Auditor Certified EHR CQMs Yes/No % Threshold Objectives Challenge package allow an outsider to take a look Review lessons learned from other If find issue be prepared with a plan If using an external reviewer consider attorney client privilege 10 Lessons Learned Designate a single point of contact for communications with CMS auditor Only provide the information being requested Utilize a checklist, and answer as if auditor (yes or no) Maintain all relevant data for 6 years Log all documentation supplied to auditor Protect patient information by de-identifying 11 Questions? Brenda P. Christman Member/Arnett Foster ToothmanPLLC Brenda.christman@aftcpas.com
5 Appendix Additional Guidance from CMS 13 Documentation for Non- Percentage-Based Objectives 14 Documentation for Non- Percentage-Based Objectives 15 5
6 Documentation for Non- Percentage-Based Objectives 16 IT Security and Risk Analysis Scott Stone CIO for Carbis Walker LLP Senior IT Consultant and Auditor for the CW Group 25 years in the IT industry 17 years with Carbis Walker LLP Master Degree in Communications Trained Certified Ethical Hacker Sophos Firewalls Certified Engineer Certified in Microsoft, Cisco, Novell, etc. 18 6
7 What will we be covering? Top 10 HIPAA IT Security Risk Areas Common Areas of Risk Found During IT Audits Ways to Mitigate IT Risk IT Trends In Health Care Reducing PHI On Your Network 19 IT RISK MITIGATION BASICS Laptops are encrypted Redundant Internet Access exists at all locations Good Antivirus is in place with Centralized Management BAAs up to date and being sent out Acceptable Use Policy is up to date and signed Disaster Recovery Policy is up to date 20 Top 10 IT Security / Risk Areas 1. Legacy Operating Systems 2. Patch Management Microsoft and other software 3. Malware / Virus infections 4. Vendor Accounts 5. Virtualization Server sprawl - Backups 6. Password Fatigue 7. Mobile Devices & BYOD (Bring Your Own Disaster) 21 7
8 Still using Windows XP? Support Ended April 8 th Other Legacy Operating Systems End of Life Timelines: Windows 2000 Server July 13, 2010 AS400 Prior to V5R4 (rel2006) Already EOL Novell 6.5 Dec 31, 2014 Windows 2003 Server R2 July 14, 2015 Windows XP Embedded - 1/12/ Patch Management Microsoft Windows &Office = WSUS (Windows Server Update Services) Adobe Acrobat / Reader / Flash Other Software (JAVA) Scripting of Updates Patch Management Systems Silent Updates Software inventory systems - reporting 24 8
9 Antivirus / Antimalware Becoming the same thing in some suites Reactive technology Must be centrally managed to be effective Response to AV infection = reimage machine Virus writing is an enormous business now (Zeus, RansomWare, Botnets) CryptoLocker 25 Value of a Hacked PC krebsonsecurity.com 26 Vendor Accounts Vendors reuse or create poor passwords Often have constant access Lots of Vendors Software, HVAC, Phone, etc. Hiring standards may not be solid Allow Limited IP Range for Access Ask what they have available to improve security Target Breach = Vendor Account 27 9
10 Virtualization / Backups Server Sprawl Hidden / Forgotten Systems HUGE Images / Data Sets Tapes / Portable Hard Drives / Cloud Backups Factors for every type: Encryption Portability Integration with DR policy 28 Password Fatigue Standard Policy was 8$1C -now 12$1C Extended Change Intervals > 90 Days Password Fatigue Solutions Password Managers Lastpass RoboForm Biometrics Two Factor RSA Keys YubiKey FOBs with PINs 29 Mobile Devices & BYOD Wild West of IT Security Issues: everywhere Attachments cached Notification of lost devices Remote wipe including personal information Expectation of privacy by the user Solutions: Newer versions of Exchange AirWatch, Sophos, MobileIron 30 10
11 Patient Portals Meaningful Use pushing implementation Internal IT staff generally not qualified Database (SQL) systems target rich Easy Access Secure External testing is a minimum Solution providers starting to appear Heartbleed type vulnerabilities likely 31 Old PHI On The Network Admission Forms / Face Sheets Incident Response Forms Old Billing Systems / Databases Patient care tracking excel sheets Solutions: Archive and remove from the network Create administrative access VLAN Automatic Cleanup Scripts 32 Encrypting Data at Rest No real guidance from HHS Any stored data servers, databases, etc. CDs, DVDs, backup tapes, hard drives, etc. Encryption solutions: Hardware (Brocade, CISCO, HP, etc.) Software (MS Bitlocker, Sophos, EMC, etc.) Long term key management and control 33 11
12 Review: Top 10 IT Security / Risk Areas 1. Legacy Operating Systems 2. Patch Management Microsoft and other software 3. Malware / Virus infections 4. Vendor Accounts 5. Virtualization Server Sprawl - Backups 6. Password Fatigue 7. Mobile Devices & BYOD (Bring Your Own Disaster) 8. Patient Portals Website access 9. Old PHI on the network 10. Encrypting Data at Rest 34 Questions? Scott Stone Sr. IT Consultant / CIO sstone@carbis.com
Meaningful Use Audit, Is Your Organization Ready!
Meaningful Use Audit, Is Your Organization Ready! Presenters: Pavan Attur, Director of Applications, St. John s Episcopal Hospital Bill Presley, Vice President Product Development, Acmeware Education Session
More information2014 Meaningful Use Attestation and CMS Audit Preparedness
2014 Meaningful Use Attestation and CMS Audit Preparedness By Bill Presley wpresley@acmeware.com Friday, September 19, 2014 Summary Attendees will take away from this presentation: How to prepare for a
More informationTechnology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014
Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014 Welcome! Thank you for joining us today. In today s call we ll cover the Security Assessment and next steps. If you want
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationHIPAA Compliance Officer Training By HITECH Compliance Associates. Building a Culture of Compliance
HIPAA Compliance Officer Training By HITECH Compliance Associates Building a Culture of Compliance Your Instructor Is Michael McCoy Nationally Recognized HIPAA Expert » Nothing contained herein should
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationIllinois Medicaid EHR Incentive Program for EPs
The Chicago HIT Regional Extension Center Bringing Chicago together through health IT Illinois Medicaid EHR Incentive Program for EPs A Guide to Attesting for the 2017 Program Year in the emipp System
More informationAvoid 2016 MU Rejection: Documents for Upload. Sam Ross, Program Lead Illinois EHR Incentive Help Desk
Avoid 2016 MU Rejection: Documents for Upload Sam Ross, Program Lead Illinois EHR Incentive Help Desk Agenda Why is this required? Documents to collect Document samples Sam Ross, Help Desk Lead Access
More information2014 Meaningful Use Final Rule
Update 2014 Meaningful Use Final Rule How to Proceed in the Medicare and Medicaid Pathways By Greenway Health The Centers for Medicare & Medicaid Services (CMS) has issued the final rule detailing 2014
More informationSecure Messaging Stage 3 Meaningful Use
2015 Certification Criterion: Secure Messaging Meaningful Use Stage 3 Objective: Objective 6: Coordination of Care through Patient Engagement Measure 2: If you are attesting to Medicare or Dually Eligible
More informationPatient Portal Patient Access
Meaningful Use Modified Stage 2 Related Objective: Patient Electronic Access (VDT): Provide patients the ability to view online, download and transmit their health information within 4 business days of
More informationHIPAA Audit Don t just bet the odds Good luck is a residue of preparation. Jack Youngblood
HIPAA Audit Don t just bet the odds Good luck is a residue of preparation. Jack Youngblood Braun Tacon Process Architect / Auditor Owner: www.majorincidenthandling.com Winning Lotto.1 in 175 Million Attacked
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationMeaningful Use Webcast
MU Security Objectives Direct Messaging Questions MU Security Objective Security s Importance to Meaningful Use The Security Objective Satisfying the Objective Security Mechanisms in the EHR Software MU
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is
More informationHIPAA 2017 Compliancy Group, LLC
1 Meet Your Expert Charles Weiselberg Compliancy Group, LLC Director of Customer Service Chuck@compliancygroup.com ENDORSED PARTNER 2 Compliancy Group We simplify compliance so you can confidently focus
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationProvider Incentive Payment Program (PIPP) User Manual
Iowa Medicaid Enterprise Health Information Technology and EHR Incentive Payment Program Provider Incentive Payment Program (PIPP) User Manual Version 2.0 Presented by: MAXIMUS Government Health Consulting
More informationPlenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every
More informationRansomware. How to protect yourself?
Ransomware How to protect yourself? ED DUGUID, CISSP, VCP CONSULTANT, WEST CHESTER CONSULTANTS Ransomware Ransomware is a type of malware that restricts access to the infected computer system in some way,
More informationOverview of Presentation
A HIPAA Security Incident and Investigation. It Can Happen to You. Sandra a L. Sessoms, RN, CPHQ, CHC Interim Vice President, System Compliance West Penn Allegheny Health System Robert R. Michalski, CHC
More informationThank you, and enjoy the webinar.
Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute June 21, 2016 6/21/2016 1 1 Disclaimer
More informationMAPIR User Guide for Eligible Hospitals. Medical Assistance Provider Incentive Repository (MAPIR): User Guide for Eligible Hospitals
Medical Assistance Provider Incentive Repository (MAPIR): User Guide for Eligible Hospitals Version: 1.0 Original Version Date: 02/23/2018 Last Revision Date: 02/23/2018 Table of Contents Table of Contents
More informationUPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA
UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationGoing Paperless & Remote File Sharing
Going Paperless & Remote File Sharing Mary Twitty Family Services Director Earnest L. Hunt-Director of Sub-recipient Monitoring Tammy Smith Program Director Introduction Define the subject matter Move
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationMobile Technology meets HIPAA Compliance. Tuesday, May 2, 2017 MT HIMSS Conference
Mobile Technology meets HIPAA Compliance Tuesday, May 2, 2017 MT HIMSS Conference Susan Clarke, HCISPP (ISC) 2 certified Healthcare Information Security and Privacy Practitioner. 15+ years of Healthcare
More informationCase Study. Medical Information Records, LLC. Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance
Case Study Medical Information Records, LLC Medical Information Records, LLC Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance Overview Industry: Healthcare
More informationMedical Assistance Provider Incentive Repository. User Guide. For Eligible Professionals
Medical Assistance Provider Incentive Repository User Guide For Eligible Professionals February 25, 2013 Table of Contents Introduction...1 Before You Begin...2 Complete your R&A registration.... 2 Identify
More informationBring Your Own Device (BYOD) Best Practices & Technologies
Experience the Eide Bailly Difference Bring Your Own Device (BYOD) Best Practices & Technologies Ross McKnight Sr. Network Engineer 406.867.4160 rmcknight@eidebailly.com Agenda Best Practices for BYOD
More information8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID
Billing & Reimbursement Revenue Cycle Management 8 COMMON HIPAA COMPLIANCE ERRORS TO AVOID Billing and Reimbursement for Physician Offices, Ambulatory Surgery Centers and Hospitals Billings & Reimbursements
More informationMeaningful Use or Meltdown: Is Your Electronic Health Record System Secure?
SESSION ID: PDAC-R03 Meaningful Use or Meltdown: Is Your Electronic Health Record System Secure? Gib Sorebo Chief Cybersecurity Strategist Leidos @gibsorebo High Cost of Healthcare Data Breaches Source:
More informationForging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health
Forging a Stronger Approach for the Cybersecurity Challenge Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health 1 Speaker Introduction Tom Stafford, Vice President & CIO Education: Bachelors
More informationUpdate on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016
Update on HIPAA Administration and Enforcement Marissa Gordon-Nguyen, JD, MPH October 7, 2016 Updates Policy Development Breaches Enforcement Audit 2 POLICY DEVELOPMENT RECENTLY PUBLISHED: RIGHT OF ACCESS,
More informationHIPAA Privacy, Security Lessons from 2016 and What's Next in 2017
HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017 Session 9, February 20, 2017 Deven McGraw, Deputy Director, Health Information Privacy HHS Office for Civil Rights 1 Speaker Introduction
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationHIPAA 101: What All Doctors NEED To Know
HIPAA 101: What All Doctors NEED To Know 1 HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy
More informationUpdate from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013
Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S
More informationA HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,
A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP, JD Director, HHS Office for Civil Rights Nicholas Heesters,
More informationMedicare EHR Incentive Program
Registration & Attestation User Guide For Eligible Hospitals and Critical Access Hospitals Medicare EHR Incentive Program Registration Information & Disclaimer Attestation Information & Disclaimer 1 P
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationSample Security Risk Analysis ASP Meaningful Use Core Set Measure 15
Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15 Risk Analysis with EHR Questions Example Answers/Help: Status What new electronic health information has been introduced into my practice
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationBackup, Disaster Recovery: Defining & Managing Your Risk. Dave Kinsey - 5/9/17
Backup, Disaster Recovery: Defining & Managing Your Risk Dave Kinsey - 5/9/17 Smart Business... also, generally a Compliance Requirement Shareholders generally do and absolutely should care that backup
More informationEHR & HIPAA Managing Compliance & Progress. Agenda. Federal EHR Imperatives & Achieving Meaningful Use. EHR & HIPAA: Managing Compliance & Progress
EHR & HIPAA Managing Compliance & Progress Presented by Rodney Walsh, Senior Managing Consultant May 20, 2010 Agenda Federal EHR imperatives Certification & meaningful use Management of EHR upgrades &
More informationMargret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, FHIMSS. Margret\A Consulting, LLC
Technical Security Challenges in Earning Meaningful Use Incentives for EHR Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, FHIMSS Margret\A Consulting, LLC Agenda What is required for M.U. Measures
More informationEvaluating the Security of Your IT Network. Vulnerability Scanning & Network Map
Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More informationIT Risk: Are You Prepared?
IT Risk: Are You Prepared? Presented by Jennifer Griveas and Michael Gray Who We Are Jennifer Griveas, Esq., is the Chief Human Resources Officer and General Counsel for the Eliza Jennings Senior Care
More informationMedicaid Electronic Health Record (EHR) Incentive Program
State Level Registration for Eligible Hospitals (EH) Medicaid Electronic Health Record (EHR) Incentive Program December, 2017 Table of Contents Federal Level Registration... 3 State Level Registration...
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Marissa Gordon-Nguyen Office for Civil Rights (OCR) U.S. Department of Health and Human Services June
More informationCybersecurity, the Challenges Healthcare Faces AUGUST 17, 2018 BUILDING LEADERS TRANSFORMING HOSPITALS IMPROVING CARE HTS3 2018
Cybersecurity, the Challenges Healthcare Faces AUGUST 17, 2018 BUILDING LEADERS TRANSFORMING HOSPITALS IMPROVING CARE 45 YEARS OF DELIVERING RESULTS 2 2 2 HealthTechS3 is a 45 year old, award-winning healthcare
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More informationSecuring IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates
Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Ruby Raley, Director Healthcare Solutions Axway Agenda Topics: Using risk assessments to improve
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Wandah Hardy, RN BSN, MPA Equal Opportunity Specialist/Investigator Office for Civil Rights (OCR)
More informationHorizon Health Care, Inc.
Customer Success Story Horizon Health Care, Inc. Comprehensive Security Risk Analysis Helps FQHC Achieve Meaningful Use and Safeguard PHI. Page 2 of 6 Horizon Health Care, Inc. Comprehensive Security Risk
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationSLI Compliance ONC-ATL Testing Program Guide
SLI Compliance A Division of Gaming Laboratories International, LLC 4720 Independence St. Wheat Ridge, CO 80033 303-422-1566 www.slicompliance.com SLI Compliance ONC-ATL Testing Program Guide Document
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationRansomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim. Michael Overly and Chanley Howell.
Ransomware, Viruses, and Hackers in Health Care: Five Steps to Avoid Being the Next Victim Michael Overly and Chanley Howell February 29, 2016 Attorney Advertising Prior results do not guarantee a similar
More informationWyoming. Eligible Professional Meaningful Use Modified Stage 2 User Manual for Program Year November 2018 Version 1
Wyoming Eligible Professional Meaningful Use Modified Stage 2 User Manual for Program Year 2018 November 2018 Version 1 Table of Contents 1 Background... 1 2 Introduction... 2 3 Provider Registration and
More informationElectronic Communication of Personal Health Information
Electronic Communication of Personal Health Information A presentation to the Porcupine Health Unit (Timmins, Ontario) May 11 th, 2017 Nicole Minutti, Health Policy Analyst Agenda 1. Protecting Privacy
More information3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/
Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationCLINICAL DIRECT MESSAGING FREQUENTLY ASKED QUESTIONS
Surescripts has the experience to handle all of your direct messaging needs. Serving the nation with the single most trusted and capable health information network since 2001, we seamlessly connect the
More informationIncident Response: Are You Ready?
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More information(c) Apgar & Associates, LLC
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationThe Role of IT in HIPAA Security & Compliance
The Role of IT in HIPAA Security & Compliance Mario Cruz OFMQ Chief Information Officer For audio, you must use your phone: Step 1: Call (866) 906-0123. Step 2: Enter code 2071585#. Mario Cruz Mario Cruz
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationHIPAA-HITECH: Privacy & Security Updates for 2015
South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site
More information10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment
Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing
More informationCITY OF MONTEBELLO SYSTEMS MANAGER
CITY OF MONTEBELLO 109A DEFINITION Under general administrative direction of the City Administrator, provides advanced professional support to departments with very complex computer systems, programs and
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationMAQ DASHBOARD USERS GUIDE
USERS GUIDE V10 - July 2014 eclinicalworks, 2014. All rights reserved CONTENTS ABOUT THIS GUIDE 4 Product Documentation 4 Webinars 4 eclinicalworks Newsletter 4 Getting Support 5 Conventions 5 MAQ DASHBOARD
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationPrivacy and Security in the Age of Meaningful Use
Privacy and Security in the Age of Meaningful Use David S. Finn Health IT Officer Lewis Etheridge Principal Systems Engineer, Symantec Healthcare Privacy & Security in the Age of Meaningful Use SYMANTEC
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationThe below Summary of Rule Changes and the Additional Guidance 2016 Reporting Period is informational for all clients.
Meaningful Use Notice: Health Information Exchange February 10, 2016 Dear Centricity Practice Solution and Centricity EMR Customers: This is a Meaningful Use notice regarding the Health Information Exchange
More informationPhysician Office Name Ambulatory EHR Security Risk Analysis
Process is in place to verify access granted is appropriate (ie: Role Based access indicates that the biller has access to billing screens and the nurse has access to the patient medical information).
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationDon t Be the Next Headline! PHI and Cyber Security in Outsourced Services.
Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information
More informationHIPAA COMPLIANCE AND DATA PROTECTION Page 1
HIPAA COMPLIANCE AND DATA PROTECTION info@resultstechnology.com 877.435.8877 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and RESULTS Cloud
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationHIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017
HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created
More information