Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013
|
|
- Jason Smith
- 6 years ago
- Views:
Transcription
1 Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013
2 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S Requirements CMS Audits Other Regulatory Activity Top P&S Challenges HIMSS Activities and Resources
3 Technology Solutions Department Health Business Solutions Technology Solutions John Casillas Senior Advisor Lisa Gallagher Vice President, Technology Solutions VACANT, Sr. Director, Health Business Solutions Joanne Bartley, Manager, Health Business Solutions State Government Affairs Tom Keefe, Sr. Director, State Govt. Affairs Julie Brown Coordinator, Tech. Solutions Privacy and Security Lee Kim Director, P&S Mike Kroll. Manager, Tech. Solutions/ P&S
4 TS Dept. Mission Facilitates HIMSS Mission HIMSS Vision Better health through information technology HIMSS Mission Lead global endeavors optimizing health engagements and care outcomes through information TS Department Mission Facilitate, through stakeholder collaboration and resources, improved understanding and implementation of Information Technology and Infrastructure components
5 Health Business Solutions Medical Banking (MB) and Financial Systems (FS) Revenue Cycle P&S ICD-10/5010 ICD-10 PlayBook ICD-10 National Pilot Program (industry Initiative) HIMSS Annual Conference: Healthcare Business/Financial Use Cases in Interoperability Showcase ICD-10 Symposium HIMSS Media Group Event ICD-10 Forum
6 State Government Affairs State Level Advocacy Connecting HIMSS Chapters to State-Level Advocacy Regional Extension Centers (RECs) Tracking Technology Challenges at State Level
7 HIMSS State Level Advocacy Advocacy is the ability to plead in favor of; support or urge by argument; or recommend publicly. Advocacy is the art of strategically leveraging the best that HIMSS has to offer to successfully influence public policy to improve healthcare for all. Education Offerings (Webinars) State & Regional Event Support Health IT Legislation Tracking HIMSS Annual Conference Chapter Advocacy Roundtable (CAR) Regional Extension Centers (RECs) State Advisory Roundtable Chapter Advocacy Awards State Government Memberships
8 Technology Solutions = Infrastructure and Innovation Technology Identity Management Cloud Computing Broadband Mobile MBANs Etc.
9 Privacy and Security Goal: Remove privacy and security as a barrier to adoption of and implementation of health IT Monitoring and adjusting to the changing laws, regulations, and standards Developing, implementing, and continuously updating privacy and security policies, procedures and practices Enhancing patient understanding of the organization's information privacy and security efforts Institutionalizing responsibility for information privacy and security
10 Privacy and Security Content Topics Privacy Mobile Security Cloud Security Patient Identity Integrity Risk Assessment Medical Device Security Identity Management Social Media
11 Privacy and Security Threats and Vulnerabilities in the IT ecosystem create potential barriers to HIT implementation and use Hackers Financial and Medical Identity Theft Loss/Theft Breach Insecure mobile platforms Innovative Technologies can be Privacy Enhancing Patient Portals Patient Identity managed by the patient Patient Privacy Preference incorporated into data sharing decisions Medical Grade Networks
12 HIPAA Omnibus Rule On Jan. 25, 2013, HHS published the HIPAA Omnibus Rule, a set of final regulations modifying the following HIPAA Rules: Privacy, Security, and Enforcement Rules The Omnibus Rule took effect on March 26, 2013 Compliance Deadline is Sept. 23, 2013 revise BAAs and NPPs.to comply with the Omnibus Rule.
13 Meaningful Use Stage 2 On August 23, 2012, CMS announced a final rule to govern Stage 2 of the Medicare and Medicaid EHR Incentive Programs. The rule specifies the Stage 2 criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to continue to participate in the EHR Incentive Programs. The final rule for meaningful use Stage 2* intends to increase health information exchange between providers and promote patient engagement by giving patients secure online access to their health information.
14 MU2/D5, P&S Reqt.: Protect Electronic Health Information Objective: Protect electronic health information created or maintained by the certified EHR technology (CEHRT) through the implementation of appropriate technical capabilities. Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a) (1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR (a)(2)(iv) and 45 CFR (d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process for EPs.
15 Changes from MU Stage 1 Objective Measure Stage 1 Stage 2 Protect electronic health information created or maintained by the certified EHR Technology through the implementation of appropriate technical capabilities Conduct or review a security risk analysis per 45 CFR (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a)(1), including addressing the encryption/security of data at rest and implement security updates as necessary and correct identified security deficiencies as part of its risk management process
16 CMS Audits Status: OCR is now evaluating the Pilot Audit Program to further improve it The General Approach of the Evaluation Study: Examination of the pilot audit program s sampling methodology, workpapers, and supporting documentation to answer a series of research questions designed to understand the pilot program and use the information to drive outcomes. Request for audited entity input on the pilot audit program through a non-invasive online survey. Selection of a sample of health care organizations audited in the pilot program for input through further inquiries and/or inspection of documents.
17 Timeline/Schedule OCR will provide information about the evaluation to selected entity officials and staff and can address any questions that entities have about the evaluation and their roles in supporting the evaluation. Between March 2013 and August 2013 the evaluation team will examine the audit working papers and audit reports of selected entities. All of these documents will be provided by OCR to the evaluation team. In July 2013, an online survey will be distributed to the 115 covered entities audited as part of the pilot program. The evaluation team will select approximately 8-10 entities, based on survey results, for further interview in August The evaluation results and recommendations will be provided to OCR in September 2013.
18 Today s most challenging privacy policy issues Health Information Exchange (HIE) - Privacy - Governance Patient-generated data Data Segmentation/Patient Privacy Preferences Patient Matching Identity Management
19 What is on the horizon? FDASIA Effort Accounting of Disclosures Other (guidance, other) Guidance on Minimum Necessary Policy on new privacy topics Articulate policy through FACAs Determine whether regulation is required
20 Accounting of Disclosures A Drilldown This is an example of a challenging area both Technical, and Policy HHS made a change to requirement contained in HITECH Act > all disclosures even outside TPO HHS Interim Final Rule published on January 13, 2010 Individual s Right to: - Accounting of Disclosures - individual's right to an accounting of disclosures - Access Report - includes electronic access by both workforce members and persons outside the covered entity - Change in Scope - data in electronic designated record set (HIPAA) Industry Reaction caused a pause/reconsideration by HHS
21 As we look to the future, we can meet our health and healthcare goals by continuing to evolve the overall IT infrastructure Equip IT professionals to: Address clinical staffs current computing and mobile computing needs Get ahead of the wave be ready to deploy new technologies Provide mobility and telehealth capability Protect data Ensure we address all components of IT Infrastructure simultaneously: Data Exchange Mobile and Broadband Networks Mobile Body Area Networks (MBANs) Identity Management Storage and Cloud Outsourcing Analytics Workflow Medical Grade networks
22 HIMSS Works on National Level Initiatives NSTIC Identity Ecosystem in Cyberspace WEDI Second Report Project ONC Standards Committee Patient Matching and provides data: Security Survey Cloud Computing Survey and much more
23 HIMSS Provides Resources Toolkits 6 Privacy and Security Toolkits White papers Collaborative efforts Education Training
24 Questions?
All Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationSecuring IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates
Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Ruby Raley, Director Healthcare Solutions Axway Agenda Topics: Using risk assessments to improve
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute June 21, 2016 6/21/2016 1 1 Disclaimer
More informationPennsylvania s HIE Journey
Pennsylvania s HIE Journey Alix Goss, Executive Director Pennsylvania ehealth Partnership Authority William Buddy Gillespie Director Healthcare Solutions DSS What is HIE? Health Information Exchange puts
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is
More informationHIPAA-HITECH: Privacy & Security Updates for 2015
South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site
More informationInformation Technology (CCHIT): Report on Activities and Progress
Certification Commission for Healthcare Information Technology Certification Commission for Healthcare Information Technology (CCHIT): Report on Activities and Progress Mark Leavitt, MD, PhD Chair, CCHIT
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationResponse to CMS. WEDI Attachment Forum Questions. August 9th Attachment Standard
Response to CMS WEDI Attachment Forum Questions August 9th 2016 Attachment Standard August 25, 2016 Cooperative Exchange National Association of Clearinghouses 28 Clearinghouse member companies Represent
More informationCertification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption
Certification Commission for Healthcare Information Technology CCHIT A Catalyst for EHR Adoption Alisa Ray, Executive Director, CCHIT Sarah Corley, MD, Chief Medical Officer, NextGen Healthcare Systems;
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate
More informationFederal-State Connections: Opportunities for Coordination and Collaboration
Federal-State Connections: Opportunities for Coordination and Collaboration State Health Information Exchange Program October 23, 2012 Chris Muir Program Manager 1 ONC Overview Vision A health system that
More informationIntroduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst
Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationEnsuring Privacy and Security of Health Information Exchange in Pennsylvania
Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationHospital Council of Western Pennsylvania. June 21, 2012
Updates on OCR s HIPAA Enforcement and Regulations Hospital Council of Western Pennsylvania June 21, 2012 Topics HIPAA Privacy and Security Rule Enforcement HITECH Breach Notification OCR Audit Program
More informationThank you, and enjoy the webinar.
Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that
More informationPrior Authorization and Clinician Burden: Updates from ONC
Prior Authorization and Clinician Burden: Updates from ONC Thomas A. Mason, MD, FACP Chief Medical Officer Office of the National Coordinator for Health Information Technology (ONC) U.S. Department of
More informationMeaningful Use Webcast
MU Security Objectives Direct Messaging Questions MU Security Objective Security s Importance to Meaningful Use The Security Objective Satisfying the Objective Security Mechanisms in the EHR Software MU
More informationTechnology General Controls and HIPAA Security Compliance: Covering the Bandwidth in One Audit
Technology General Controls and HIPAA Security Compliance: Covering the Bandwidth in One Audit Michael Morrow, Jennifer McGillCompany Carolinas Healthcare System 2011 AHIA Annual Conference Track D1 Wednesday,
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationMeaningful Use Audit, Is Your Organization Ready!
Meaningful Use Audit, Is Your Organization Ready! Presenters: Pavan Attur, Director of Applications, St. John s Episcopal Hospital Bill Presley, Vice President Product Development, Acmeware Education Session
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationASC X12 Clearinghouse Caucus
ASC X12 Clearinghouse Caucus January 23, 2018 AGENDA 1. Welcome and Introduction - Joe Bell, Board Chair, Cooperative Exchange and Senior Program Manager, esolutions Inc. 2. ASC X12N Update - Stacey Barber,
More informationDATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE
DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Marissa Gordon-Nguyen Office for Civil Rights (OCR) U.S. Department of Health and Human Services June
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationCMS and ehealth. Robert Tagalicod Director, Office of ehealth Standards and Services (OESS)
CMS and ehealth Robert Tagalicod Director, Office of ehealth Standards and Services (OESS) Robert Anthony Deputy Director, Health IT Initiatives Group, OESS September 16, 2013 www.cms.gov/ehealth 2 ehealth
More informationIT Security in a Meaningful Use Era C&SO HIMSS Meeting
CSOHIMSS 2011 Slide 1 October 21, 2011 October 21, 2011 IT Security in a Meaningful Use Era C&SO HIMSS Meeting Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Task Force
More informationHIPAA Summit Day II Afternoon Plenary Session: HIPAA Security
The HIPAA Summit West IV HIPAA Summit Day II Afternoon Plenary Session: HIPAA Security October 5, 2010 John Parmigiani Summit Co Chair President John C. Parmigiani & Associates, LLC Agenda Important and
More informationThe ABCs of HIPAA Security
The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationThe Next Frontier in Medical Device Security
The Next Frontier in Medical Device Security Session #76, February 21, 2017 Denise Anderson, President, NH-ISAC Dr. Dale Nordenberg, Executive Director, MDISS 1 Speaker Introduction Denise Anderson, MBA
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Wandah Hardy, RN BSN, MPA Equal Opportunity Specialist/Investigator Office for Civil Rights (OCR)
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More informationGEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards
GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov
More informationTechnology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014
Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014 Welcome! Thank you for joining us today. In today s call we ll cover the Security Assessment and next steps. If you want
More informationTRANSFORMING HEALTHCARE. & Facing Challenges Together in 2017
TRANSFORMING HEALTHCARE & Facing Challenges Together in 2017 MISSION Serve as the industry leader convening executives from multi-stakeholder groups to identify best practices to transform healthcare through
More informationIs Your Compliance Strategy Putting Your Business at Risk?
Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business
More informationModified Stage 2 Meaningful Use: Objective #9 Secure Electronic Messaging Massachusetts Medicaid EHR Incentive Payment Program
Modified Stage 2 Meaningful Use: Objective #9 Secure Electronic Messaging Massachusetts Medicaid EHR Incentive Payment Program July 19, 2016 Today s presenter: Thomas Bennett, Client Services Relationship
More informationHITRUST CSF: One Framework
HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationAchieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)
Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association
More informationX12 Clearinghouse Caucus. January 31, :00-6:30 pm Sheraton Seattle Hotel / Metropolitan B
X12 Clearinghouse Caucus January 31, 2017-5:00-6:30 pm Sheraton Seattle Hotel / Metropolitan B Clearinghouse Caucus Sponsors Clearinghouse Caucus - ASC X12 Standing Meeting January 31, 2017-5:00-6:15pm
More informationCase Study. Medical Information Records, LLC. Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance
Case Study Medical Information Records, LLC Medical Information Records, LLC Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance Overview Industry: Healthcare
More informationA HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,
A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP, JD Director, HHS Office for Civil Rights Nicholas Heesters,
More informationDigital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria
Digital Healthcare Yordan Iliev Director R&D Healthcare Regional Cybersecurity Forum, 29-30 November 2016, Grand Hotel Sofia, Bulgaria AGENDA Introduction Security challenges in healthcare IT Change ahead
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationEHR & HIPAA Managing Compliance & Progress. Agenda. Federal EHR Imperatives & Achieving Meaningful Use. EHR & HIPAA: Managing Compliance & Progress
EHR & HIPAA Managing Compliance & Progress Presented by Rodney Walsh, Senior Managing Consultant May 20, 2010 Agenda Federal EHR imperatives Certification & meaningful use Management of EHR upgrades &
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More informationHIT Policy Committee. Recommendations by the Certification and Adoption Workgroup. Paul Egerman Marc Probst, Intermountain Healthcare.
HIT Policy Committee Recommendations by the Certification and Adoption Workgroup Paul Egerman Marc Probst, Intermountain Healthcare July 16, 2009 Agenda The Workgroup The Workgroup s Charge Workgroup Process
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationThe HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion.
The HITECH Act 5 things you can do Right Now to pave the road to compliance Beginning in 2011, HITECH Act financial incentives will create a $5,800,000 opportunity over four years for mid-size hospital
More informationWHO-ITU National ehealth Strategy Toolkit
WHO-ITU National ehealth Strategy Toolkit Context and need for a National Strategy A landscape of isolated islands of small scale applications unable to effectively communicate and to share information
More informationEvaluating the Security of Your IT Network. Vulnerability Scanning & Network Map
Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationSLI Compliance ONC-ATL Testing Program Guide
SLI Compliance A Division of Gaming Laboratories International, LLC 4720 Independence St. Wheat Ridge, CO 80033 303-422-1566 www.slicompliance.com SLI Compliance ONC-ATL Testing Program Guide Document
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationHIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017
HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created
More informationHIPAA Privacy, Security Lessons from 2016 and What's Next in 2017
HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017 Session 9, February 20, 2017 Deven McGraw, Deputy Director, Health Information Privacy HHS Office for Civil Rights 1 Speaker Introduction
More informationHIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES. Audit Report October 29, 2010
HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES Audit Report 10-52 October 29, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More information(60 min) California State Updates
(60 min) California State Updates Presenters: 30 min Speranza Avram, CEO, CalHIPSO: EHR status & uptake in CA 20 min David A. Minch, President & COO, HealthShare Bay Area: HIE status 10 min Questions 1
More informationHPH SCC CYBERSECURITY WORKING GROUP
HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership
More informationHealthcare in the Public Cloud DIY vs. Managed Services
Business White Paper Healthcare in the Public Cloud DIY vs. Managed Services Page 2 of 9 Healthcare in the Public Cloud DIY vs. Managed Services Table of Contents Page 2 Healthcare Cloud Migration Page
More information4A Healthcare Data Security & Privacy
4A Healthcare Data Security & Privacy Symposium 2015 Banner Program Leaders Ben Goodman Developed in collaboration with Lisa Clark Conference Mission Health and medical regulators are promising audits
More informationSECURETexas Health Information Privacy & Security Certification Program
Partners in Texas Health Informa3on Protec3on SECURETexas Health Information Privacy & Security Certification Program 2015 HITRUST, Frisco, TX. All Rights Reserved. Outline Introduction Background Benefits
More informationView the Replay on YouTube
View the Replay on YouTube HIPAA Omnibus Rule: Education & Practical Application for Breach Notification FairWarning Executive Webinar Series February 19, 2013 Agenda Breach Notification changes under
More informationERO Enterprise Strategic Planning Redesign
ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current
More information3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/
Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite
More informationDisaster Recovery and HIPAA Compliance
Disaster Recovery and HIPAA Compliance Marti Arvin, JD, CHC-F, CCEP-F, CHPC, CHRC VP Audit Strategies CynergisTek won the 2017 Best in KLAS Award for Cyber Security Advisory Services CynergisTek was recognized
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed
More informationLessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits
Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits Iliana L. Peters, J.D., LL.M. Senior Advisor for HIPAA Compliance and Enforcement OCR RULEMAKING UPDATE What s s Done?
More informationSecure Messaging Stage 3 Meaningful Use
2015 Certification Criterion: Secure Messaging Meaningful Use Stage 3 Objective: Objective 6: Coordination of Care through Patient Engagement Measure 2: If you are attesting to Medicare or Dually Eligible
More informationOperationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results
Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec
More informationLegal and Regulatory Developments for Privacy and Security
Legal and Regulatory Developments for Privacy and Security Rodney Petersen Government Relations Officer and Director of EDUCAUSE Cybersecurity Initiative Overview Context for Federal Policy Policy Directions
More informationWelcome John Harris, Director General
Business Plan 2018 Welcome John Harris, Director General Agenda - speakers Chief Minister, Senator Ian Gorst, Government of Jersey Key highlights of Lord Eatwell, Chairman, JFSC Strategic and major priorities
More informationNERC Staff Organization Chart
NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability
More informationOffice of Internal Audit
Office of Internal Audit March 16, 2017 Dr. Kirk Calhoun, President UT Health Northeast 11937 U. S. Hwy 271 Tyler, TX 75708 Dr. Calhoun: We have completed the Security Control Standards as part of our
More informationIncident Response: Are You Ready?
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More information(c) Apgar & Associates, LLC
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More informationHIPAA Security. An Ounce of Prevention is Worth a Pound of Cure
HIPAA Security An Ounce of Prevention is Worth a Pound of Cure Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Paul R. Hales, Attorney at Law Subject Matter Expert
More informationThe Wireless Industry: Collaborating for an Accessible Ecosystem. m-enabling Summit 2014 Matthew Gerst CTIA The Wireless Association
The Wireless Industry: Collaborating for an Accessible Ecosystem m-enabling Summit 2014 Matthew Gerst CTIA The Wireless Association 1 CTIA- The Wireless Association CTIA is an international nonprofit membership
More informationHIPAA Compliance is not a Cybersecurity Strategy
HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft
More informationOutcomes and Lessons Learned From 5010 Testing Project Collaboration
Outcomes and Lessons Learned From 5010 Testing Project Collaboration Elliot Sloane, PhD, CCE Villanova University Co-Chair, IHE International Bob Bowman CORE Manager CAQH Paul Decrosta Manager, IPP Regulatory
More information10-CM/PCS Barriers and Opportunities
HIPAA Summit West VI ICD-10 10-CM/PCS Barriers and Opportunities Dan Rode, MBA, CHPS, FHFMA Vice President, Advocacy and Policy AHIMA ICD-10 10-CM/PCS What we ll cover: AHIMA What is now known about ICD-10
More informationPAST PRESENTATIONS Healthcare Information Security Discussion, Cleveland ISSA Chapter, Brecksville, OH, May 12, 2016
Past Presentations PAST PRESENTATIONS 2016 Healthcare Information Security Discussion, Cleveland ISSA Chapter, Brecksville, OH, May 12, 2016 Current Healthcare Information Security Trends and Challenges,
More informationNeil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016
Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost
More informationSan Francisco Department of Public Health. IT and Epic Project Update
San Francisco Department of Public Health IT and Epic Project Update Health Commission, April 16, 2019 IT: Infrastructure Accomplishments Sweeping Improvements Across DPH Thousands of devices are Epic
More informationWHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty
WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches
More informationHealthcare Security Success Story
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story
More informationInternal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit
Internal Audit Follow-Up Report Multiple Use Agreements TxDOT Office of Internal Audit Objective Assess the status of corrective actions for high risk Management Action Plans (MAPs) previously communicated
More informationHCISPP HealthCare Information Security and Privacy Practitioner
HCISPP HealthCare Information Security and Privacy Practitioner William Buddy Gillespie, HCISPP Global Academic Instructor (ISC)² Former Healthcare CIO Chair Advocacy Committee, CPAHIMSS budgill@aol.com
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More information