Clearwater HIPAA Security Assessment Software. Demonstration

Transcription

1 Clearwater HIPAA Security Assessment Software Demonstration Bob Chaput or Clearwater Compliance LLC 1

2 About HIPAA-HITECH Compliance 1. We are not attorneys! 2. HIPAA and HITECH is dynamic! 3. Lots of different interpretations! So there! 2

3 Why Should You Care? 1. It s the law Evaluation! 2. Your stakeholders trust you to do this 3. Your reputation depends on it 3

4 The HITECH Act THREE absolute game changers : 1) More Enforcement 2) Bigger fines 3) Wider Net Cast 4

5 Some Recent Legal Actions UCLA Health System Enters into $865K Resolution Agreement & CAP with OCR Cignet Health Fined for Violation of HIPAA Privacy Rule: $4.3M MGH entering into a resolution agreement; includes a $1 million settlement Court Approves VT Attorney General HIPAA Settlement With Health Insurer AvMed Health sued over 'one of the largest medical breaches in history University of Hawaii sued over data breach Health Net keeps paying for its data breach in 2009 $625K and counting WellPoint's notification delay following data breach brings action by Attorney General's office Enforcement is on the upswing 5

6 How to Prepare for HIPAA Audits Compliance Security Where Does Your Organization Stand? 6

7 Who s this guy talking? Bob Chaput, MA, CHP, CHSS, MCSE President Clearwater Compliance LLC 30+ years in Business, Operations and Technology 20+ years in Healthcare Executive Educator Entrepreneur Global Executive: GE, JNJ, HWAY Responsible for largest healthcare datasets in world Numerous Technical Certifications (MCSE, MCSA, etc) Expertise and Focus: Healthcare, Financial Services, Legal Member: HIMSS, HCCA, ACHE, AHIMA, NTC, Chambers, Boards 7

8 Clearwater HIPAA Security Assessment TM Software as a Service Webinar

9 Session Objectives You will learn how the software: Addresses all the legal requirements Presents the exact current wording of the law Recommends corrective action tasks Drives remediation actions to closure Provides an executive dashboard Creates an audit ready compliance manual 9

10 The Presenter Jon Stone, MPA, PMP 25+ years in Healthcare in the provider, payer and healthcare quality improvement fields Innovator Strategic Program Manager Consultant Executive 15+ years of strategic leadership for compliance and Healthcare information technology projects involving the most sensitive ephi for companies such as CIGNA, Healthways and Ingenix. PMP, MPA - Healthcare Policy and Administration Passion: Driving business, compliance and technology solutions for improving healthcare operations and outcomes 10

11 Security Evaluation The HIPAA Security Final Rule 45 C.F.R (a)(8) Standard: Evaluation. Perform a periodic technical and non-technical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, which establishes the extent to which an entity's security policies and procedures meet the requirements of this subpart. 11

12 Assessments are Central to Compliance Establishing good policy and procedures is not enough Comprehensive business processes are not enough Deploying leading technology solutions and systems controls is not enough Regular assessments are crucial in establishing and maintaining effective compliance 12

13 HIPAA-HITECH Security Compliance Roadmap 45 CFR (a)(1)(ii)(B) 45 CFR (a)(8) HIPAA Security Evaluation (HSE) 45 CFR Parts 160, 164 Subpart D Data Breach Notification Plan (DBP) Preliminary Remediation Plan (PRP) 45 CFR (a)(1)(ii)(A) HIPAA Risk Analysis (HRA) HIPAA Remediation Plan (HRP) HIPAA Security Strategy (HSS) 45 CFR (a)(5)(i) HIPAA Security Training (HST) 45 CFR (a)(8) HIPAA BA Contracts (HBC) Monitor Security Implement Operations Security (HSO) Operations Govern Security (HSO) Operations HIPAA Security (HSO) Operations (HSO) 45 CFR (b) HIPAA Compliance Manual (HCM) HIPAA Security Evaluation (HSE) 45 CFR (a) HIPAA Security Policies (HSP) 13

14 3 Dimensions of HIPAA Security Evaluation 1. Is it documented? Policies, Procedures and Documentation 2. Are you doing it? Using, Applying, Practicing and Enforcing 3. Is it Reasonable and Appropriate? Comply with the implementation specification 14

15 The Clearwater HIPAA Security Assessment Will improve any compliance program by: Guiding you through the complete law Communicating the exact wording of the law Recommending corrective action tasks Providing a remediation management tool Giving visibility to executive leadership Creating a compliance manual 15

16 Software as a Service Demo 16

17 Sample System Notice 17

18 The Clearwater HIPAA Security Assessment Results you can count on: Reduce complexity and guesswork Quickly discover the organization s risk exposures Resolve risk exposures and protect ephi Stay compliant through ongoing guidance and support Develop a solid foundation for Risk Analysis for MU Reduce HIPAA Compliance Costs Be Prepared for Office for Civil Rights Audit 18

19 Resources 19

20 Upcoming Webinars Register For HIPAA-HITECH Webinars at: upcoming-live-webinars/ Register for Blue Ribbon Panel Live Events at: e-ribbon-panel-live-events/ 20

21 Why Now? What We re Hearing Our business partners (health plans) are demanding we become compliant large national care management company (BA) We did work on Privacy, but have no idea where to begin with Security 6-Physician Pediatric Practice (CE) We want to proactively market our services by leveraging our HIPAA compliance status -- large regional fulfillment house (BA) With all the recent changes and meaningful use requirements, we need to make sure we meet all The HITECH Act requirements large family medicine group practice (CE) We need to have a way to quickly take stock of where we are and then put in place a dashboard to measure and assure our compliance progress national research consortium (BA) We need to complete HIPAA-HITECH due diligence on a potential acquisition and need a gap analysis done quickly and efficiently seniors care management company (BA) 21

22 What Our Customers Say The WorkShop process made a very complicated process and subject matter simple. The ToolKit itself was excellent and precipitated exactly the right discussion we needed to have. outside Legal Counsel, national research consortium "The HIPAA Security Assessment ToolKit and WorkShop are a comprehensive approach that effectively guided our organization s performance against HIPAA-HITECH Security requirements. -- SVP and Chief Compliance, national hospice organization The WorkShop process expedited assessment of gaps in our HIPAA Security Compliance program, began to address risk mitigation tasks within a matter of days and the ToolKit was a sound investment for the company, and I can't think of a better framework upon which to launch compliance efforts. VP & CIO, national care management organization the process of going through the self-assessment WorkShop was a great shared learning experience and teambuilding exercise. In retrospect, I can't think of a better or more efficient way to get started than to use the HIPAA Security Assessment ToolKit. CIO, national kidney dialysis center firm this HIPAA Security Assessment Toolkit is worth its weight in gold. If we had to spend our time and resources creating this spreadsheet, we would never complete our compliance program on time Director, Quality Assurance & Regulatory Affairs 22

23 Contact Jon Stone Phone: Clearwater Compliance LLC 23