Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

Size: px
Start display at page:

Download "Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013"

Transcription

1 Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013

2 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S Requirements CMS Audits Other Regulatory Activity Top P&S Challenges HIMSS Activities and Resources

3 Technology Solutions Department Health Business Solutions Technology Solutions John Casillas Senior Advisor Lisa Gallagher Vice President, Technology Solutions VACANT, Sr. Director, Health Business Solutions Joanne Bartley, Manager, Health Business Solutions State Government Affairs Tom Keefe, Sr. Director, State Govt. Affairs Julie Brown Coordinator, Tech. Solutions Privacy and Security Lee Kim Director, P&S Mike Kroll. Manager, Tech. Solutions/ P&S

4 TS Dept. Mission Facilitates HIMSS Mission HIMSS Vision Better health through information technology HIMSS Mission Lead global endeavors optimizing health engagements and care outcomes through information TS Department Mission Facilitate, through stakeholder collaboration and resources, improved understanding and implementation of Information Technology and Infrastructure components

5 Health Business Solutions Medical Banking (MB) and Financial Systems (FS) Revenue Cycle P&S ICD-10/5010 ICD-10 PlayBook ICD-10 National Pilot Program (industry Initiative) HIMSS Annual Conference: Healthcare Business/Financial Use Cases in Interoperability Showcase ICD-10 Symposium HIMSS Media Group Event ICD-10 Forum

6 State Government Affairs State Level Advocacy Connecting HIMSS Chapters to State-Level Advocacy Regional Extension Centers (RECs) Tracking Technology Challenges at State Level

7 HIMSS State Level Advocacy Advocacy is the ability to plead in favor of; support or urge by argument; or recommend publicly. Advocacy is the art of strategically leveraging the best that HIMSS has to offer to successfully influence public policy to improve healthcare for all. Education Offerings (Webinars) State & Regional Event Support Health IT Legislation Tracking HIMSS Annual Conference Chapter Advocacy Roundtable (CAR) Regional Extension Centers (RECs) State Advisory Roundtable Chapter Advocacy Awards State Government Memberships

8 Technology Solutions = Infrastructure and Innovation Technology Identity Management Cloud Computing Broadband Mobile MBANs Etc.

9 Privacy and Security Goal: Remove privacy and security as a barrier to adoption of and implementation of health IT Monitoring and adjusting to the changing laws, regulations, and standards Developing, implementing, and continuously updating privacy and security policies, procedures and practices Enhancing patient understanding of the organization's information privacy and security efforts Institutionalizing responsibility for information privacy and security

10 Privacy and Security Content Topics Privacy Mobile Security Cloud Security Patient Identity Integrity Risk Assessment Medical Device Security Identity Management Social Media

11 Privacy and Security Threats and Vulnerabilities in the IT ecosystem create potential barriers to HIT implementation and use Hackers Financial and Medical Identity Theft Loss/Theft Breach Insecure mobile platforms Innovative Technologies can be Privacy Enhancing Patient Portals Patient Identity managed by the patient Patient Privacy Preference incorporated into data sharing decisions Medical Grade Networks

12 HIPAA Omnibus Rule On Jan. 25, 2013, HHS published the HIPAA Omnibus Rule, a set of final regulations modifying the following HIPAA Rules: Privacy, Security, and Enforcement Rules The Omnibus Rule took effect on March 26, 2013 Compliance Deadline is Sept. 23, 2013 revise BAAs and NPPs.to comply with the Omnibus Rule.

13 Meaningful Use Stage 2 On August 23, 2012, CMS announced a final rule to govern Stage 2 of the Medicare and Medicaid EHR Incentive Programs. The rule specifies the Stage 2 criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to continue to participate in the EHR Incentive Programs. The final rule for meaningful use Stage 2* intends to increase health information exchange between providers and promote patient engagement by giving patients secure online access to their health information.

14 MU2/D5, P&S Reqt.: Protect Electronic Health Information Objective: Protect electronic health information created or maintained by the certified EHR technology (CEHRT) through the implementation of appropriate technical capabilities. Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a) (1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR (a)(2)(iv) and 45 CFR (d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process for EPs.

15 Changes from MU Stage 1 Objective Measure Stage 1 Stage 2 Protect electronic health information created or maintained by the certified EHR Technology through the implementation of appropriate technical capabilities Conduct or review a security risk analysis per 45 CFR (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities Conduct or review a security risk analysis in accordance with the requirements under 45 CFR (a)(1), including addressing the encryption/security of data at rest and implement security updates as necessary and correct identified security deficiencies as part of its risk management process

16 CMS Audits Status: OCR is now evaluating the Pilot Audit Program to further improve it The General Approach of the Evaluation Study: Examination of the pilot audit program s sampling methodology, workpapers, and supporting documentation to answer a series of research questions designed to understand the pilot program and use the information to drive outcomes. Request for audited entity input on the pilot audit program through a non-invasive online survey. Selection of a sample of health care organizations audited in the pilot program for input through further inquiries and/or inspection of documents.

17 Timeline/Schedule OCR will provide information about the evaluation to selected entity officials and staff and can address any questions that entities have about the evaluation and their roles in supporting the evaluation. Between March 2013 and August 2013 the evaluation team will examine the audit working papers and audit reports of selected entities. All of these documents will be provided by OCR to the evaluation team. In July 2013, an online survey will be distributed to the 115 covered entities audited as part of the pilot program. The evaluation team will select approximately 8-10 entities, based on survey results, for further interview in August The evaluation results and recommendations will be provided to OCR in September 2013.

18 Today s most challenging privacy policy issues Health Information Exchange (HIE) - Privacy - Governance Patient-generated data Data Segmentation/Patient Privacy Preferences Patient Matching Identity Management

19 What is on the horizon? FDASIA Effort Accounting of Disclosures Other (guidance, other) Guidance on Minimum Necessary Policy on new privacy topics Articulate policy through FACAs Determine whether regulation is required

20 Accounting of Disclosures A Drilldown This is an example of a challenging area both Technical, and Policy HHS made a change to requirement contained in HITECH Act > all disclosures even outside TPO HHS Interim Final Rule published on January 13, 2010 Individual s Right to: - Accounting of Disclosures - individual's right to an accounting of disclosures - Access Report - includes electronic access by both workforce members and persons outside the covered entity - Change in Scope - data in electronic designated record set (HIPAA) Industry Reaction caused a pause/reconsideration by HHS

21 As we look to the future, we can meet our health and healthcare goals by continuing to evolve the overall IT infrastructure Equip IT professionals to: Address clinical staffs current computing and mobile computing needs Get ahead of the wave be ready to deploy new technologies Provide mobility and telehealth capability Protect data Ensure we address all components of IT Infrastructure simultaneously: Data Exchange Mobile and Broadband Networks Mobile Body Area Networks (MBANs) Identity Management Storage and Cloud Outsourcing Analytics Workflow Medical Grade networks

22 HIMSS Works on National Level Initiatives NSTIC Identity Ecosystem in Cyberspace WEDI Second Report Project ONC Standards Committee Patient Matching and provides data: Security Survey Cloud Computing Survey and much more

23 HIMSS Provides Resources Toolkits 6 Privacy and Security Toolkits White papers Collaborative efforts Education Training

24 Questions?

All Aboard the HIPAA Omnibus An Auditor s Perspective

All Aboard the HIPAA Omnibus An Auditor s Perspective All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes

More information

Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates

Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Ruby Raley, Director Healthcare Solutions Axway Agenda Topics: Using risk assessments to improve

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute June 21, 2016 6/21/2016 1 1 Disclaimer

More information

Pennsylvania s HIE Journey

Pennsylvania s HIE Journey Pennsylvania s HIE Journey Alix Goss, Executive Director Pennsylvania ehealth Partnership Authority William Buddy Gillespie Director Healthcare Solutions DSS What is HIE? Health Information Exchange puts

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is

More information

HIPAA-HITECH: Privacy & Security Updates for 2015

HIPAA-HITECH: Privacy & Security Updates for 2015 South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site

More information

Information Technology (CCHIT): Report on Activities and Progress

Information Technology (CCHIT): Report on Activities and Progress Certification Commission for Healthcare Information Technology Certification Commission for Healthcare Information Technology (CCHIT): Report on Activities and Progress Mark Leavitt, MD, PhD Chair, CCHIT

More information

HIPAA Privacy, Security and Breach Notification

HIPAA Privacy, Security and Breach Notification HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance

More information

Response to CMS. WEDI Attachment Forum Questions. August 9th Attachment Standard

Response to CMS. WEDI Attachment Forum Questions. August 9th Attachment Standard Response to CMS WEDI Attachment Forum Questions August 9th 2016 Attachment Standard August 25, 2016 Cooperative Exchange National Association of Clearinghouses 28 Clearinghouse member companies Represent

More information

Certification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption

Certification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption Certification Commission for Healthcare Information Technology CCHIT A Catalyst for EHR Adoption Alisa Ray, Executive Director, CCHIT Sarah Corley, MD, Chief Medical Officer, NextGen Healthcare Systems;

More information

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2019 NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate

More information

Federal-State Connections: Opportunities for Coordination and Collaboration

Federal-State Connections: Opportunities for Coordination and Collaboration Federal-State Connections: Opportunities for Coordination and Collaboration State Health Information Exchange Program October 23, 2012 Chris Muir Program Manager 1 ONC Overview Vision A health system that

More information

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits

More information

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San

More information

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2019 NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate

More information

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania

More information

NERC Staff Organization Chart Budget 2018

NERC Staff Organization Chart Budget 2018 NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate

More information

Hospital Council of Western Pennsylvania. June 21, 2012

Hospital Council of Western Pennsylvania. June 21, 2012 Updates on OCR s HIPAA Enforcement and Regulations Hospital Council of Western Pennsylvania June 21, 2012 Topics HIPAA Privacy and Security Rule Enforcement HITECH Breach Notification OCR Audit Program

More information

Thank you, and enjoy the webinar.

Thank you, and enjoy the webinar. Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that

More information

Prior Authorization and Clinician Burden: Updates from ONC

Prior Authorization and Clinician Burden: Updates from ONC Prior Authorization and Clinician Burden: Updates from ONC Thomas A. Mason, MD, FACP Chief Medical Officer Office of the National Coordinator for Health Information Technology (ONC) U.S. Department of

More information

Meaningful Use Webcast

Meaningful Use Webcast MU Security Objectives Direct Messaging Questions MU Security Objective Security s Importance to Meaningful Use The Security Objective Satisfying the Objective Security Mechanisms in the EHR Software MU

More information

Technology General Controls and HIPAA Security Compliance: Covering the Bandwidth in One Audit

Technology General Controls and HIPAA Security Compliance: Covering the Bandwidth in One Audit Technology General Controls and HIPAA Security Compliance: Covering the Bandwidth in One Audit Michael Morrow, Jennifer McGillCompany Carolinas Healthcare System 2011 AHIA Annual Conference Track D1 Wednesday,

More information

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017 HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting

More information

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements

More information

Meaningful Use Audit, Is Your Organization Ready!

Meaningful Use Audit, Is Your Organization Ready! Meaningful Use Audit, Is Your Organization Ready! Presenters: Pavan Attur, Director of Applications, St. John s Episcopal Hospital Bill Presley, Vice President Product Development, Acmeware Education Session

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

Data Backup and Contingency Planning Procedure

Data Backup and Contingency Planning Procedure HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage

More information

ASC X12 Clearinghouse Caucus

ASC X12 Clearinghouse Caucus ASC X12 Clearinghouse Caucus January 23, 2018 AGENDA 1. Welcome and Introduction - Joe Bell, Board Chair, Cooperative Exchange and Senior Program Manager, esolutions Inc. 2. ASC X12N Update - Stacey Barber,

More information

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY

More information

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Marissa Gordon-Nguyen Office for Civil Rights (OCR) U.S. Department of Health and Human Services June

More information

HIPAA & Privacy Compliance Update

HIPAA & Privacy Compliance Update HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com

More information

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative

More information

CMS and ehealth. Robert Tagalicod Director, Office of ehealth Standards and Services (OESS)

CMS and ehealth. Robert Tagalicod Director, Office of ehealth Standards and Services (OESS) CMS and ehealth Robert Tagalicod Director, Office of ehealth Standards and Services (OESS) Robert Anthony Deputy Director, Health IT Initiatives Group, OESS September 16, 2013 www.cms.gov/ehealth 2 ehealth

More information

IT Security in a Meaningful Use Era C&SO HIMSS Meeting

IT Security in a Meaningful Use Era C&SO HIMSS Meeting CSOHIMSS 2011 Slide 1 October 21, 2011 October 21, 2011 IT Security in a Meaningful Use Era C&SO HIMSS Meeting Presented by: Mac McMillan CEO CynergisTek, Inc. Chair, HIMSS Privacy & Security Task Force

More information

HIPAA Summit Day II Afternoon Plenary Session: HIPAA Security

HIPAA Summit Day II Afternoon Plenary Session: HIPAA Security The HIPAA Summit West IV HIPAA Summit Day II Afternoon Plenary Session: HIPAA Security October 5, 2010 John Parmigiani Summit Co Chair President John C. Parmigiani & Associates, LLC Agenda Important and

More information

The ABCs of HIPAA Security

The ABCs of HIPAA Security The ABCs of HIPAA Security Daniel F. Shay, Esq 24 th Annual Health Law Institute Pennsylvania Bar Institute March 13, 2018 c. 2018 Alice G. Gosfield and Associates PC 1 Daniel F. Shay, Esq. Alice G. Gosfield

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

The Next Frontier in Medical Device Security

The Next Frontier in Medical Device Security The Next Frontier in Medical Device Security Session #76, February 21, 2017 Denise Anderson, President, NH-ISAC Dr. Dale Nordenberg, Executive Director, MDISS 1 Speaker Introduction Denise Anderson, MBA

More information

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules

Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Wandah Hardy, RN BSN, MPA Equal Opportunity Specialist/Investigator Office for Civil Rights (OCR)

More information

Information Governance, the Next Evolution of Privacy and Security

Information Governance, the Next Evolution of Privacy and Security Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic

More information

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov

More information

Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014

Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014 Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014 Welcome! Thank you for joining us today. In today s call we ll cover the Security Assessment and next steps. If you want

More information

TRANSFORMING HEALTHCARE. & Facing Challenges Together in 2017

TRANSFORMING HEALTHCARE. & Facing Challenges Together in 2017 TRANSFORMING HEALTHCARE & Facing Challenges Together in 2017 MISSION Serve as the industry leader convening executives from multi-stakeholder groups to identify best practices to transform healthcare through

More information

Is Your Compliance Strategy Putting Your Business at Risk?

Is Your Compliance Strategy Putting Your Business at Risk? Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business

More information

Modified Stage 2 Meaningful Use: Objective #9 Secure Electronic Messaging Massachusetts Medicaid EHR Incentive Payment Program

Modified Stage 2 Meaningful Use: Objective #9 Secure Electronic Messaging Massachusetts Medicaid EHR Incentive Payment Program Modified Stage 2 Meaningful Use: Objective #9 Secure Electronic Messaging Massachusetts Medicaid EHR Incentive Payment Program July 19, 2016 Today s presenter: Thomas Bennett, Client Services Relationship

More information

HITRUST CSF: One Framework

HITRUST CSF: One Framework HITRUST CSF: One Framework Leveraging the HITRUST CSF to Support ISO, HIPAA, & NIST Implementation and Compliance, and SSAE 16 SOC Reporting Dr. Bryan Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP Senior

More information

NERC Staff Organization Chart Budget 2017

NERC Staff Organization Chart Budget 2017 NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel

More information

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely

More information

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association

More information

X12 Clearinghouse Caucus. January 31, :00-6:30 pm Sheraton Seattle Hotel / Metropolitan B

X12 Clearinghouse Caucus. January 31, :00-6:30 pm Sheraton Seattle Hotel / Metropolitan B X12 Clearinghouse Caucus January 31, 2017-5:00-6:30 pm Sheraton Seattle Hotel / Metropolitan B Clearinghouse Caucus Sponsors Clearinghouse Caucus - ASC X12 Standing Meeting January 31, 2017-5:00-6:15pm

More information

Case Study. Medical Information Records, LLC. Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance

Case Study. Medical Information Records, LLC. Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance Case Study Medical Information Records, LLC Medical Information Records, LLC Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance Overview Industry: Healthcare

More information

A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,

A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP, A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP, JD Director, HHS Office for Civil Rights Nicholas Heesters,

More information

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria Digital Healthcare Yordan Iliev Director R&D Healthcare Regional Cybersecurity Forum, 29-30 November 2016, Grand Hotel Sofia, Bulgaria AGENDA Introduction Security challenges in healthcare IT Change ahead

More information

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement

More information

EHR & HIPAA Managing Compliance & Progress. Agenda. Federal EHR Imperatives & Achieving Meaningful Use. EHR & HIPAA: Managing Compliance & Progress

EHR & HIPAA Managing Compliance & Progress. Agenda. Federal EHR Imperatives & Achieving Meaningful Use. EHR & HIPAA: Managing Compliance & Progress EHR & HIPAA Managing Compliance & Progress Presented by Rodney Walsh, Senior Managing Consultant May 20, 2010 Agenda Federal EHR imperatives Certification & meaningful use Management of EHR upgrades &

More information

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,

More information

HIT Policy Committee. Recommendations by the Certification and Adoption Workgroup. Paul Egerman Marc Probst, Intermountain Healthcare.

HIT Policy Committee. Recommendations by the Certification and Adoption Workgroup. Paul Egerman Marc Probst, Intermountain Healthcare. HIT Policy Committee Recommendations by the Certification and Adoption Workgroup Paul Egerman Marc Probst, Intermountain Healthcare July 16, 2009 Agenda The Workgroup The Workgroup s Charge Workgroup Process

More information

NERC Staff Organization Chart Budget 2017

NERC Staff Organization Chart Budget 2017 NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel

More information

The HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion.

The HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion. The HITECH Act 5 things you can do Right Now to pave the road to compliance Beginning in 2011, HITECH Act financial incentives will create a $5,800,000 opportunity over four years for mid-size hospital

More information

WHO-ITU National ehealth Strategy Toolkit

WHO-ITU National ehealth Strategy Toolkit WHO-ITU National ehealth Strategy Toolkit Context and need for a National Strategy A landscape of isolated islands of small scale applications unable to effectively communicate and to share information

More information

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time

More information

Cyber Partnership Blueprint: An Outline

Cyber Partnership Blueprint: An Outline Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.

More information

SLI Compliance ONC-ATL Testing Program Guide

SLI Compliance ONC-ATL Testing Program Guide SLI Compliance A Division of Gaming Laboratories International, LLC 4720 Independence St. Wheat Ridge, CO 80033 303-422-1566 www.slicompliance.com SLI Compliance ONC-ATL Testing Program Guide Document

More information

2015 HFMA What Healthcare Can Learn from the Banking Industry

2015 HFMA What Healthcare Can Learn from the Banking Industry 2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical

More information

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created

More information

HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017

HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017 HIPAA Privacy, Security Lessons from 2016 and What's Next in 2017 Session 9, February 20, 2017 Deven McGraw, Deputy Director, Health Information Privacy HHS Office for Civil Rights 1 Speaker Introduction

More information

HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES. Audit Report October 29, 2010

HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES. Audit Report October 29, 2010 HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, LOS ANGELES Audit Report 10-52 October 29, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret

More information

Putting It All Together:

Putting It All Together: Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,

More information

(60 min) California State Updates

(60 min) California State Updates (60 min) California State Updates Presenters: 30 min Speranza Avram, CEO, CalHIPSO: EHR status & uptake in CA 20 min David A. Minch, President & COO, HealthShare Bay Area: HIE status 10 min Questions 1

More information

HPH SCC CYBERSECURITY WORKING GROUP

HPH SCC CYBERSECURITY WORKING GROUP HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership

More information

Healthcare in the Public Cloud DIY vs. Managed Services

Healthcare in the Public Cloud DIY vs. Managed Services Business White Paper Healthcare in the Public Cloud DIY vs. Managed Services Page 2 of 9 Healthcare in the Public Cloud DIY vs. Managed Services Table of Contents Page 2 Healthcare Cloud Migration Page

More information

4A Healthcare Data Security & Privacy

4A Healthcare Data Security & Privacy 4A Healthcare Data Security & Privacy Symposium 2015 Banner Program Leaders Ben Goodman Developed in collaboration with Lisa Clark Conference Mission Health and medical regulators are promising audits

More information

SECURETexas Health Information Privacy & Security Certification Program

SECURETexas Health Information Privacy & Security Certification Program Partners in Texas Health Informa3on Protec3on SECURETexas Health Information Privacy & Security Certification Program 2015 HITRUST, Frisco, TX. All Rights Reserved. Outline Introduction Background Benefits

More information

View the Replay on YouTube

View the Replay on YouTube View the Replay on YouTube HIPAA Omnibus Rule: Education & Practical Application for Breach Notification FairWarning Executive Webinar Series February 19, 2013 Agenda Breach Notification changes under

More information

ERO Enterprise Strategic Planning Redesign

ERO Enterprise Strategic Planning Redesign ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current

More information

3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/

3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/ Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite

More information

Disaster Recovery and HIPAA Compliance

Disaster Recovery and HIPAA Compliance Disaster Recovery and HIPAA Compliance Marti Arvin, JD, CHC-F, CCEP-F, CHPC, CHRC VP Audit Strategies CynergisTek won the 2017 Best in KLAS Award for Cyber Security Advisory Services CynergisTek was recognized

More information

The HIPAA Omnibus Rule

The HIPAA Omnibus Rule The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed

More information

Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits

Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits Iliana L. Peters, J.D., LL.M. Senior Advisor for HIPAA Compliance and Enforcement OCR RULEMAKING UPDATE What s s Done?

More information

Secure Messaging Stage 3 Meaningful Use

Secure Messaging Stage 3 Meaningful Use 2015 Certification Criterion: Secure Messaging Meaningful Use Stage 3 Objective: Objective 6: Coordination of Care through Patient Engagement Measure 2: If you are attesting to Medicare or Dually Eligible

More information

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec

More information

Legal and Regulatory Developments for Privacy and Security

Legal and Regulatory Developments for Privacy and Security Legal and Regulatory Developments for Privacy and Security Rodney Petersen Government Relations Officer and Director of EDUCAUSE Cybersecurity Initiative Overview Context for Federal Policy Policy Directions

More information

Welcome John Harris, Director General

Welcome John Harris, Director General Business Plan 2018 Welcome John Harris, Director General Agenda - speakers Chief Minister, Senator Ian Gorst, Government of Jersey Key highlights of Lord Eatwell, Chairman, JFSC Strategic and major priorities

More information

NERC Staff Organization Chart

NERC Staff Organization Chart NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability

More information

Office of Internal Audit

Office of Internal Audit Office of Internal Audit March 16, 2017 Dr. Kirk Calhoun, President UT Health Northeast 11937 U. S. Hwy 271 Tyler, TX 75708 Dr. Calhoun: We have completed the Security Control Standards as part of our

More information

Incident Response: Are You Ready?

Incident Response: Are You Ready? Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher

More information

(c) Apgar & Associates, LLC

(c) Apgar & Associates, LLC Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher

More information

HIPAA Security. An Ounce of Prevention is Worth a Pound of Cure

HIPAA Security. An Ounce of Prevention is Worth a Pound of Cure HIPAA Security An Ounce of Prevention is Worth a Pound of Cure Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Paul R. Hales, Attorney at Law Subject Matter Expert

More information

The Wireless Industry: Collaborating for an Accessible Ecosystem. m-enabling Summit 2014 Matthew Gerst CTIA The Wireless Association

The Wireless Industry: Collaborating for an Accessible Ecosystem. m-enabling Summit 2014 Matthew Gerst CTIA The Wireless Association The Wireless Industry: Collaborating for an Accessible Ecosystem m-enabling Summit 2014 Matthew Gerst CTIA The Wireless Association 1 CTIA- The Wireless Association CTIA is an international nonprofit membership

More information

HIPAA Compliance is not a Cybersecurity Strategy

HIPAA Compliance is not a Cybersecurity Strategy HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft

More information

Outcomes and Lessons Learned From 5010 Testing Project Collaboration

Outcomes and Lessons Learned From 5010 Testing Project Collaboration Outcomes and Lessons Learned From 5010 Testing Project Collaboration Elliot Sloane, PhD, CCE Villanova University Co-Chair, IHE International Bob Bowman CORE Manager CAQH Paul Decrosta Manager, IPP Regulatory

More information

10-CM/PCS Barriers and Opportunities

10-CM/PCS Barriers and Opportunities HIPAA Summit West VI ICD-10 10-CM/PCS Barriers and Opportunities Dan Rode, MBA, CHPS, FHFMA Vice President, Advocacy and Policy AHIMA ICD-10 10-CM/PCS What we ll cover: AHIMA What is now known about ICD-10

More information

PAST PRESENTATIONS Healthcare Information Security Discussion, Cleveland ISSA Chapter, Brecksville, OH, May 12, 2016

PAST PRESENTATIONS Healthcare Information Security Discussion, Cleveland ISSA Chapter, Brecksville, OH, May 12, 2016 Past Presentations PAST PRESENTATIONS 2016 Healthcare Information Security Discussion, Cleveland ISSA Chapter, Brecksville, OH, May 12, 2016 Current Healthcare Information Security Trends and Challenges,

More information

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016

Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost

More information

San Francisco Department of Public Health. IT and Epic Project Update

San Francisco Department of Public Health. IT and Epic Project Update San Francisco Department of Public Health IT and Epic Project Update Health Commission, April 16, 2019 IT: Infrastructure Accomplishments Sweeping Improvements Across DPH Thousands of devices are Epic

More information

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches

More information

Healthcare Security Success Story

Healthcare Security Success Story Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story

More information

Internal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit

Internal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit Internal Audit Follow-Up Report Multiple Use Agreements TxDOT Office of Internal Audit Objective Assess the status of corrective actions for high risk Management Action Plans (MAPs) previously communicated

More information

HCISPP HealthCare Information Security and Privacy Practitioner

HCISPP HealthCare Information Security and Privacy Practitioner HCISPP HealthCare Information Security and Privacy Practitioner William Buddy Gillespie, HCISPP Global Academic Instructor (ISC)² Former Healthcare CIO Chair Advocacy Committee, CPAHIMSS budgill@aol.com

More information

The Relationship Between HIPAA Compliance and Business Associates

The Relationship Between HIPAA Compliance and Business Associates The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach

More information