The HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion.

Size: px
Start display at page:

Download "The HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion."

Transcription

1 The HITECH Act 5 things you can do Right Now to pave the road to compliance Beginning in 2011, HITECH Act financial incentives will create a $5,800,000 opportunity over four years for mid-size hospital networks, with a potential loss of $3,000 for every day of delay. Contact Axway today to request a complimentary cost-savings calculator and learn more about our infrastructure assessment. Part of the American Recovery and Reinvestment Act of 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act encourages the adoption of electronic health/medical records (EHR/EMR), with the ultimate goal of reducing healthcare costs and improving patient outcomes. To that end, the HITECH Act mandates that healthcare providers take a series of steps to strengthen safeguards for Protected Health Information (PHI), enable secure electronic exchange of PHI, and establish interoperability between systems both internally and with external business associates. In addition to extensive technology mandates such as stronger HIPAA regulations that are now in force the HITECH Act includes a combination of financial incentives and penalties that will take affect beginning in For mid-size providers who want to maximize incentive dollars now and avoid penalties later, the time to assess your data channels and pave the road to compliance is now. Here are 5 things you can do right now to comply with new HIPAA regulations now in force and prepare for HITECH compliance in 2011 and beyond: 1. Secure PHI in motion. To comply with HITECH, you must secure all PHI that includes data traveling via , ad hoc or automated managed file transfer, or internal or external EDI. By centrally defining, managing, and enforcing policies that effectively control the flow of information, you can secure data in motion anywhere in your healthcare ecosystem. 1

2 Delivery-based policies enable you to control who can interact with whom including hospitals, pharmacies, MCOs, and other healthcare and health plan providers based on where they live in your ecosystem. These policies can apply to any kind of interaction among systems, groups, or individuals. Content-based policies analyze the content of files and messages (and their attachments) to automatically identify PHI and ensure that compliance is maintained. When a policy violation is detected, you can automatically take a number of actions, such as: block or quarantine the interaction strip an attachment from an return a message to the sender notify a manager redact information re-route the communication to a secure, encrypted channel for delivery 2. Secure PHI at rest. In addition to ensuring that your data is secured in transit, you also need to secure PHI while it is in the DMZ or at rest on a server, using encryption technology certified to meet NIST or FIPS requirements. Regardless of the underlying transport network, all user connections must be strongly authenticated, and data integrity and guaranteed delivery must be assured whether the user makes infrequent transfers via a Web browser or uses client automation for batch and scheduled transfers. Consider the use of two-factor authentication and digitally signed documents to further ensure that only authorized users access and exchange information. HITECH HIPAA also mandates the proper disposal of all media containing PHI. PHI that is not destroyed must be encrypted and stored in a secure archive. 3. Detect and report all data breaches. Section of Title XIII HITECH/ARRA states: Following a breach of unsecured protected health information covered entities must provide notification of the breach to affected individuals, the Secretary, and, in certain circumstances, to the media. In addition, business associates must notify covered entities that a breach has occurred. To satisfy this mandate, you need end-to-end monitoring and tracking of file movements with granular visibility into your entire IT ecosystem complete with searchable audit logs and reporting capabilities for all applications, systems, and platforms you and your external partners have in place. HHS is currently pushing to provide patients with a record of all exchanged information and to provide copies of health records electronically. While these rules are still evolving, it is clear that end-to-end visibility into the movement of health records is essential, and the ability to distribute copies of records to a variety of external systems, such as PHR (personal health records), is becoming critical to regulatory compliance and meaningful use. 4. Ensure that your business associates are also in compliance. To facilitate secure exchange of PHI beyond your firewall, you need to be able to on-board and successfully manage any and all partners submitting medical records and transactions for eligibility, claims, claim status, enrollments, authorizations, and premium payments, as well as state and federal agencies requiring periodic reports necessary for your business to qualify for incentive payments. 2

3 This means you need the ability to quickly establish secure electronic relationships for file transfer, data translation, and other types of interactions; and you need to be able to set policies that govern the flow of information and grant community members permission to keep tabs on the events that matter to them. Building communities to encourage adoption of electronic health record exchange requires a broad set of technical capabilities, including campaign tools, proper identification of providers and patients, and automation to speed the time to connect. Assess the process your organization is using to on-board exchange partners to ensure that it is efficient and effective. HIPAA non-compliance penalties can range from $50,000 - $1,500,000 annually. The HITECH Act financial penalties will reduce Medicare reimbursements for noncompliant providers by 33% in 2015, 66 % in 2016, and 100% in Build a Core Competence in Information Exchange To begin receiving HITECH payments in 2011, you must meet the standard of meaningful use of electronic information exchange for 90 consecutive days in To demonstrate meaningful use, you should integrate and automate the exchange of EHR/EMR between separate, independent information systems through: Managed file transfer (MFT) One of the requirements for Stage 1 meaningful use is incorporating lab results into your EMR/EHR. If you and your business associates rely on older lab systems that do not use real-time Health Level Seven, you can ensure secure exchange of large files (such as mammogram x-ray films) with secure MFT. Electronic data interchange (EDI) Implement efficient and secure platforms for building and managing complex EDI transactions, exchanging large files quickly and easily, and performing real-time transactions. Secure, policy-driven When more sophisticated protocols are not readily available, policy-driven solutions that are security aware (that is, they support PKI, certificates, etc.) can be a cost effective alternative for health record exchange an option that may be especially helpful for physicians and community members whose IT infrastructure or budgets are limited. To facilitate this option, the NwHIN Direct Project is developing patterns and standards for the exchange of SMTP and S/MIME messages between physicians, providers and HIEs. Axway can help. The security and interoperability mandates of the HITECH Act require a healthcare ecosystem through which data flows securely in and out of many different kinds of systems. Disclosure and reporting mandates require the ability to track, manage, and report on how, when and where that data moves across the entire ecosystem. Prioritization of health information exchange by the HITECH Act, coupled with its enhancement of HIPAA regulations, has put a spotlight on the 4 pillars of IT Infrastructure: security (authentication), secure with attachments, managed file transfer, and business to business interactions. The Axway platform allows you to quickly establish connections that enable safe and secure movement of data from the people and systems creating health records to the people and systems that need access to them whether the information 3

4 Axway Managed File Transfer Solutions Axway Security Solutions Axway Community Management Axway B2B Solutions EHR Information Exchange Platform HIPAA Security FIPS Inside Connectivity Partner Management Collaborations Non-EMR Images Secure Adapter Framework Labs Videos HL7 PHR Reports Docs EDI PHI Claims PACS CTs Radiology ADT HIM Payors EMR Lab is exchanged by or attachment, file transfer between applications, systems, or individuals, or internal or external EDI. Axway s historic strength in the 4 pillars of IT Infrastructure brings a unique perspective on interoperability and integration to your current and future IT infrastructure. The Axway platform can also proactively track and manage each transmission and present executive dashboards to compliance officers and administrators, and technical dashboards to IT, making management of electronic records faster, cheaper and simpler. Ensure regulatory compliance and prevent data loss. Axway Security solutions protect against accidental data loss and leakage by automatically identifying messages and attachments that may be in violation of HITECH regulations. Axway Security solutions enable you to encrypt messages to ensure the confidentiality of PHI, track and document compliance for regulatory and legal risk mitigation, and eliminate spam, viruses, phishing, hackers, and other threats before they can enter your systems. Axway File Attachment Management combines content-based policy management, encryption, authentication, and tracking capabilities with support for very large file attachments to eliminate the infrastructure, cost, and security concerns that surround sending large confidential files via or unsecured FTP without requiring end users to change the way they work. Axway B2B and MFT solutions enable organizations to secure message exchange for quick and efficient configuration of connections. Axway data-exchange tools reduce the cost to connect by enabling configured connections rather than coded connections, as well as reuse of connections between partners. This capability means that each connection with an existing partner becomes simpler than the last connection, providing economy of scale and reducing the need for scarce IT resources as the community matures. Information exchange is a core capability that can be leveraged within and without clinical and claims workflows. Building out secure information exchange is important to all aspects of care and administration, from protecting employee data, to credit card payments, to reimbursements and referrals. To enable secure and efficient data exchange, Axway provides standards-based B2B and MFT solutions that fully support commonly used healthcare exchange standards such as HIPAA 5010 EDI transaction sets, HL/7, CCD, and more. 4

5 Secure, monitor, and track managed file transfer (MFT). Axway MFT solutions offer a broad spectrum of security measures to protect against data loss and improve governance. Complete audit trails simplify and lower the cost of HITECH compliance, and end-to-end monitoring and tracking of file movements deliver granular visibility into your entire ecosystem. Modernize EDI and create a secure online business interaction community. Axway B2B solutions provide a simple way to handle EDI within secure online communities, regardless of community size or IT platforms. Axway B2B solutions enable you to simplify trading partner management by streamlining how you onboard and interact with your business partners, suppliers, and customers, improve governance, security, and traceability with complete audit trails, and ensure Health Level Seven compliance for all B2B data exchanges. Axway can help you pave the way to HITECH compliance with a complimentary costsaving calculator, or infrastructure assessment. Stages of meaningful use Stage 1 (beginning in 2011): Focuses on...electronically capturing health information in a coded format. Stage 2 (beginning in 2013): Focuses on...the use of health IT for continuous quality improvement at the point of care and the exchange of information in the most structured format possible. Stage 3 (beginning in 2015): Focuses on...promoting improvements in quality, safety and efficiency, focusing on decision support for national high priority conditions, patient access to self management tools, access to comprehensive patient data and improving population health. To learn more, call your regional office listed below, us at axwaysolutions@axway.com, or visit us at For More Information, visit Copyright Axway All rights reserved. 5 WP_HITECH_EN_101211

HIPAA AND SECURITY. For Healthcare Organizations

HIPAA AND  SECURITY. For Healthcare Organizations HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08

More information

HIPAA / HITECH Overview of Capabilities and Protected Health Information

HIPAA / HITECH Overview of Capabilities and Protected Health Information HIPAA / HITECH Overview of Capabilities and Protected Health Information August 2017 Rev 1.8.9 2017 DragonFly Athletics, LLC 2017, DragonFly Athletics, LLC. or its affiliates. All rights reserved. Notices

More information

HIPAA Compliance & Privacy What You Need to Know Now

HIPAA  Compliance & Privacy What You Need to Know Now HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry

More information

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,

More information

Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates

Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Securing IT Infrastructure Improve information exchange and comply with HIPAA, HITECH, and ACA mandates Ruby Raley, Director Healthcare Solutions Axway Agenda Topics: Using risk assessments to improve

More information

Putting It All Together:

Putting It All Together: Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

How Managed File Transfer Addresses HIPAA Requirements for ephi

How Managed File Transfer Addresses HIPAA Requirements for ephi How Managed File Transfer Addresses HIPAA Requirements for ephi INTRODUCTION These new requirements have effectively made traditional File Transfer Protocol (FTP) file sharing ill-advised, if not obsolete.

More information

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information

More information

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer INTRODUCTION Meeting HIPAA and HITECH security and compliance requirements is a formidable challenge.

More information

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule.

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule. Medical Privacy Version 2018.03.26 Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a Covered Entity

More information

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations

More information

The Windstream Enterprise Advantage for Healthcare

The Windstream Enterprise Advantage for Healthcare The Windstream Enterprise Advantage for Healthcare Creating personalized healthcare experiences with secure and reliable cloud-optimized IT communications so you can focus on providing a connected, interoperable

More information

HIPAA Federal Security Rule H I P A A

HIPAA Federal Security Rule H I P A A H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created

More information

HIPAA Privacy, Security and Breach Notification

HIPAA Privacy, Security and Breach Notification HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance

More information

HIPAA FOR BROKERS. revised 10/17

HIPAA FOR BROKERS. revised 10/17 HIPAA FOR BROKERS revised 10/17 COURSE PURPOSE The purpose of this information is to help ensure that all Optima Health Brokers are prepared to protect the privacy and security of our members health information.

More information

[DATA SYSTEM]: Privacy and Security October 2013

[DATA SYSTEM]: Privacy and Security October 2013 Data Storage, Privacy, and Security [DATA SYSTEM]: Privacy and Security October 2013 Following is a description of the technical and physical safeguards [data system operator] uses to protect the privacy

More information

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision

More information

(60 min) California State Updates

(60 min) California State Updates (60 min) California State Updates Presenters: 30 min Speranza Avram, CEO, CalHIPSO: EHR status & uptake in CA 20 min David A. Minch, President & COO, HealthShare Bay Area: HIE status 10 min Questions 1

More information

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security

More information

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act Are your authentication, access, and audit paradigms up to date? Table of Contents Synopsis...1

More information

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

HIPAA COMPLIANCE AND DATA PROTECTION Page 1 HIPAA COMPLIANCE AND DATA PROTECTION info@resultstechnology.com 877.435.8877 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and RESULTS Cloud

More information

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements

More information

ADTRAN: Real Solutions. Healthcare

ADTRAN: Real Solutions. Healthcare ADTRAN: Real Solutions Healthcare Transforming Healthcare Networks Productivity Meeting the Challenge to Change: Understanding the U.S. HITECH ACT As part of the recently defined United States American

More information

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved. HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated

More information

HIPAA Compliance and Auditing in the Public Cloud

HIPAA Compliance and Auditing in the Public Cloud HIPAA Compliance and Auditing in the Public Cloud This paper outlines what HIPAA compliance includes in the cloud era. It aims to help enterprise IT leaders interested in becoming more familiar with the

More information

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches

More information

EHR & HIPAA Managing Compliance & Progress. Agenda. Federal EHR Imperatives & Achieving Meaningful Use. EHR & HIPAA: Managing Compliance & Progress

EHR & HIPAA Managing Compliance & Progress. Agenda. Federal EHR Imperatives & Achieving Meaningful Use. EHR & HIPAA: Managing Compliance & Progress EHR & HIPAA Managing Compliance & Progress Presented by Rodney Walsh, Senior Managing Consultant May 20, 2010 Agenda Federal EHR imperatives Certification & meaningful use Management of EHR upgrades &

More information

Tracking and Reporting

Tracking and Reporting Secure File Transfer Tracking and Reporting w w w. b i s c o m. c o m 321 Billerica Road, Chelmsford, MA phone: 978-250-1800 email: sales@biscom.com EXECUTIVE SUMMARY The Internet has made it easier than

More information

Response to CMS. WEDI Attachment Forum Questions. August 9th Attachment Standard

Response to CMS. WEDI Attachment Forum Questions. August 9th Attachment Standard Response to CMS WEDI Attachment Forum Questions August 9th 2016 Attachment Standard August 25, 2016 Cooperative Exchange National Association of Clearinghouses 28 Clearinghouse member companies Represent

More information

All Aboard the HIPAA Omnibus An Auditor s Perspective

All Aboard the HIPAA Omnibus An Auditor s Perspective All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes

More information

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

Vocera Secure Texting 2.1 FAQ

Vocera Secure Texting 2.1 FAQ General Description Q. What is Vocera Secure Texting? A. Vocera Secure Texting (VST) combines convenience with privacy by providing a secure, easy to use, HIPAA-compliant alternative to SMS as well as

More information

Compliance in 5 Steps

Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017

HIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017 HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting

More information

Implementing an Audit Program for HIPAA Compliance

Implementing an Audit Program for HIPAA Compliance Implementing an Audit Program for HIPAA Compliance Mike Lynch Fifth National HIPAA Summit November 1, 2002 Seven Guiding Principles of HIPAA Rules Quality and Availability of Care Nothing in the proposed

More information

by Robert Hudock and Patricia Wagner April 2009 Introduction

by Robert Hudock and Patricia Wagner April 2009 Introduction HITECH Updates: Proposed Health Breach Notification Rule Promulgated by the FTC; HHS Releases Guidance on How to Render PHI Unusable, Unreadable, or Indecipherable by Robert Hudock and Patricia Wagner

More information

The simplified guide to. HIPAA compliance

The simplified guide to. HIPAA compliance The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act

More information

Federal Breach Notification Decision Tree and Tools

Federal Breach Notification Decision Tree and Tools Federal Breach Notification and Tools Disclaimer This document is copyright 2009 by the Long Term Care Consortium (LTCC). These materials may be reproduced and used only by long-term health care providers

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute October 1, 2014 10/1/2014 1 1 Who is

More information

HIPAA-HITECH: Privacy & Security Updates for 2015

HIPAA-HITECH: Privacy & Security Updates for 2015 South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site

More information

Security Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer

Security Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer Security Rule for IT Staffs J. T. Ash University of Hawaii System HIPAA Compliance Officer jtash@hawaii.edu hipaa@hawaii.edu Disclaimer HIPAA is a TEAM SPORT and everyone has a role in protecting protected

More information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,

More information

Data Backup and Contingency Planning Procedure

Data Backup and Contingency Planning Procedure HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage

More information

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) Table of Contents Introduction 03 Who is affected by PCI DSS? 05 Why should my organization comply 06 with PCI DSS? Email security requirements 08

More information

The below Summary of Rule Changes and the Additional Guidance 2016 Reporting Period is informational for all clients.

The below Summary of Rule Changes and the Additional Guidance 2016 Reporting Period is informational for all clients. Meaningful Use Notice: Health Information Exchange February 10, 2016 Dear Centricity Practice Solution and Centricity EMR Customers: This is a Meaningful Use notice regarding the Health Information Exchange

More information

Introduction CHAPTER 1

Introduction CHAPTER 1 CHAPTER 1 Introduction Data security breaches are an everyday occurrence. The news media constantly publicize data breaches, especially those involving retailers in which hackers steal the payment card

More information

Healthcare Privacy and Security:

Healthcare Privacy and Security: Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association

More information

HIPAA Compliance is not a Cybersecurity Strategy

HIPAA Compliance is not a Cybersecurity Strategy HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers

AN IPSWITCH WHITEPAPER. 7 Steps to Compliance with GDPR. How the General Data Protection Regulation Applies to External File Transfers AN IPSWITCH WHITEPAPER 7 Steps to Compliance with GDPR How the General Data Protection Regulation Applies to External File Transfers Introduction Stolen personal data drives a thriving black market for

More information

CMS and ehealth. Robert Tagalicod Director, Office of ehealth Standards and Services (OESS)

CMS and ehealth. Robert Tagalicod Director, Office of ehealth Standards and Services (OESS) CMS and ehealth Robert Tagalicod Director, Office of ehealth Standards and Services (OESS) Robert Anthony Deputy Director, Health IT Initiatives Group, OESS September 16, 2013 www.cms.gov/ehealth 2 ehealth

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Certification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption

Certification Commission for Healthcare Information Technology. CCHIT A Catalyst for EHR Adoption Certification Commission for Healthcare Information Technology CCHIT A Catalyst for EHR Adoption Alisa Ray, Executive Director, CCHIT Sarah Corley, MD, Chief Medical Officer, NextGen Healthcare Systems;

More information

Seven gray areas of HIPAA you can t ignore

Seven gray areas of HIPAA you can t ignore White Paper: HIPAA Gray Areas Seven gray areas of HIPAA you can t ignore This guide exists to shed some light on some of the gray areas of HIPAA (the Health Insurance Portability and Accountability Act).

More information

HIPAA/HITECH Privacy & Security Checklist Assessment HIPAA PRIVACY RULE

HIPAA/HITECH Privacy & Security Checklist Assessment HIPAA PRIVACY RULE 164.502 Develop "minimum necessary" policies for: HIPAA PRIVACY RULE 164.514 - Uses 15 Exempts disclosure for the purpose of treatment from the minimum necessary standard. Page references for - Routine

More information

California State Updates. Presenter: David A. Minch, President & COO, HealthShare Bay Area

California State Updates. Presenter: David A. Minch, President & COO, HealthShare Bay Area California State Updates Presenter: David A. Minch, President & COO, HealthShare Bay Area 1 Trust is the Foundation for Health Data Exchange Patients must trust the Providers to hold their data securely,

More information

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY

More information

Secure HIPAA Compliant Cloud Computing

Secure HIPAA Compliant Cloud Computing Business White Paper Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment ClearDATA Customer Success Story

More information

Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014

Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014 Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014 Welcome! Thank you for joining us today. In today s call we ll cover the Security Assessment and next steps. If you want

More information

Living with HIPAA: Compendium of Next steps from Rural Hospitals to Large Health Systems to Physician Practices

Living with HIPAA: Compendium of Next steps from Rural Hospitals to Large Health Systems to Physician Practices Living with HIPAA: Compendium of Next steps from Rural Hospitals to Large Health Systems to Physician Practices Presented by HIPAA Pros 5th Annual HIPAA Summit Baltimore, Maryland October 31. 2002 Living

More information

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements

More information

Case Study. Medical Information Records, LLC. Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance

Case Study. Medical Information Records, LLC. Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance Case Study Medical Information Records, LLC Medical Information Records, LLC Medical Software Company Relies on Azure to Improve Scalability, Cut Costs & Ensure Compliance Overview Industry: Healthcare

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

SECURETexas Health Information Privacy & Security Certification Program

SECURETexas Health Information Privacy & Security Certification Program Partners in Texas Health Informa3on Protec3on SECURETexas Health Information Privacy & Security Certification Program 2015 HITRUST, Frisco, TX. All Rights Reserved. Outline Introduction Background Benefits

More information

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association

More information

CLINICAL DIRECT MESSAGING FREQUENTLY ASKED QUESTIONS

CLINICAL DIRECT MESSAGING FREQUENTLY ASKED QUESTIONS Surescripts has the experience to handle all of your direct messaging needs. Serving the nation with the single most trusted and capable health information network since 2001, we seamlessly connect the

More information

Securing Office 365 with SecureCloud

Securing Office 365 with SecureCloud Securing Office 365 with SecureCloud 1 Introduction Microsoft Office 365 has become incredibly popular because of the mobility and collaboration it enables. With Office 365, companies always have the latest

More information

2015 HFMA What Healthcare Can Learn from the Banking Industry

2015 HFMA What Healthcare Can Learn from the Banking Industry 2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical

More information

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013 Update from HIMSS National Privacy & Security Lisa Gallagher, VP Technology Solutions November 14, 2013 Agenda Update on HIMSS new Technology Solutions Department HIPAA Omnibus Rules Meaningful Use 2 P&S

More information

HIPAA Compliance Checklist

HIPAA Compliance Checklist HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.

More information

for the Dental Industry

for the Dental Industry for the Dental Industry If you re practicing dentistry, you ll also need to be an expert on email encryption and patient privacy. Dental practices are among the fastest growing adopters of cloud email

More information

Compliance with CloudCheckr

Compliance with CloudCheckr DATASHEET Compliance with CloudCheckr Introduction Security in the cloud is about more than just monitoring and alerts. To be truly secure in this ephemeral landscape, organizations must take an active

More information

Mapping to the National Broadband Plan

Mapping to the National Broadband Plan The National Telecommunications and Information Administration Mapping to the National Broadband Plan 37 th Annual PURC Conference Smart Technology vs. Smart Policy February 3, 2010 1 About NTIA The National

More information

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania

Ensuring Privacy and Security of Health Information Exchange in Pennsylvania Ensuring Privacy and Security of Health Information Exchange in Pennsylvania The Pennsylvania ehealth Initiative in collaboration with the Pennsylvania ehealth Partnership Authority Introduction The Pennsylvania

More information

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely

More information

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the

More information

Privacy and Security in the Age of Meaningful Use

Privacy and Security in the Age of Meaningful Use Privacy and Security in the Age of Meaningful Use David S. Finn Health IT Officer Lewis Etheridge Principal Systems Engineer, Symantec Healthcare Privacy & Security in the Age of Meaningful Use SYMANTEC

More information

Compliance A primer. Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation.

Compliance A primer. Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation. Compliance A primer Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation. The growth in the sharing of sensitive data combined with

More information

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map Click to edit Master title style Evaluating the Security of Your IT Network Vulnerability Scanning & Network Map Kyle Stafford / M-CEITA 5/12/2017 1 1 Disclaimer This presentation was current at the time

More information

User Manual/Guide for Direct Using encompass 3.0. Prepared By: Arête Healthcare Services, LLC

User Manual/Guide for Direct Using encompass 3.0. Prepared By: Arête Healthcare Services, LLC User Manual/Guide for Direct Using encompass 3.0 Prepared By: Arête Healthcare Services, LLC Document Version: V1.0 10/02/2015 Contents Direct Overview... 3 What is Direct?... 3 Who uses Direct?... 3 Why

More information

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Policy and Procedure: SDM Guidance for HIPAA Business Associates Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:

More information

Guide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com

Guide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com : HIPPA Compliance GoToMyPC Corporate HIPAA Compliance Privacy, productivity and remote access 2 The healthcare industry has benefited greatly from the ability to use remote access to view patient data

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

Healthcare in the Public Cloud DIY vs. Managed Services

Healthcare in the Public Cloud DIY vs. Managed Services Business White Paper Healthcare in the Public Cloud DIY vs. Managed Services Page 2 of 9 Healthcare in the Public Cloud DIY vs. Managed Services Table of Contents Page 2 Healthcare Cloud Migration Page

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS MSP SOLUTIONS BY BARRACUDA HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and Intronis Cloud Backup and

More information

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity and Hospitals: A Board Perspective Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,

More information

HIPAA Regulatory Compliance

HIPAA Regulatory Compliance Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health

More information

Oracle Buys Automated Applications Controls Leader LogicalApps

Oracle Buys Automated Applications Controls Leader LogicalApps Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

DeliverySlip for Dental Practices

DeliverySlip for Dental Practices DeliverySlip for Dental Practices Introduction This white paper will detail why email encryption has become a must have tool for dental practices. In addition to HIPAA and Omnibus Rule compliance, it also

More information

HIPAA Cloud Computing Guidance

HIPAA Cloud Computing Guidance HIPAA Cloud Computing Guidance Adam Greene, JD, MPH Partner Rebecca Williams, BSN, JD Partner Nature is a mutable cloud which is always and never the same Ralph Waldo Emerson 2 Agenda A few historical

More information

Statement of HIPAA Readiness February 2003

Statement of HIPAA Readiness February 2003 Statement of HIPAA Readiness February 2003 Copyright 2003 WebMD Envoy Corporation. All Rights Reserved. Rev. 02/03 Table of Contents 1 Meeting the HIPAA Challenge...1 Overview...1 WebMD Envoy HIPAA Readiness...2

More information

GLBA. The Gramm-Leach-Bliley Act

GLBA. The Gramm-Leach-Bliley Act GLBA The Gramm-Leach-Bliley Act Table of content Introduction 03 Who is affected by GLBA? 06 Why should my organization comply with GLBA? 07 What does GLBA require for email compliance? 08 How can my organization

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes: Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute June 21, 2016 6/21/2016 1 1 Disclaimer

More information