Standard text messaging (mobile devices) Secure text messaging (mobile devices) Paging Instant messaging (Google Hangouts, Skype, etc.
|
|
- Naomi Phillips
- 5 years ago
- Views:
Transcription
1 1 Adam Nichol Information Security Officer/Systems Analyst Hospital Sisters Health System Holly Schlenvogt, MSH, CPM Privacy and Security Consultant / Owner HRT Consulting, LLC hschlenv@hrt-consulting.com Scott Vaughan, MIS Network Supervisor Sauk Prairie Healthcare Scott.Vaughan@SaukPrairieHealthcare.org 2 Standard text messaging (mobile devices) Secure text messaging (mobile devices) Paging Instant messaging (Google Hangouts, Skype, etc.) 3 1
2 Ease of use: Majority of people own smart phones so everyone has access to texting Great for casual non-emergent communications Standard Short Message Service (SMS) texting does not need a data connection Uses radio frequencies to send messages Can also use an Internet connection to transmit messages This acts like an instant message connection 4 Might not know who is sending the message Messages might get ignored Unsecure: Standard text messages are not encrypted Not easily auditable, especially if personal devices are used for work purposes Real-Time only goes so far Unable to tell if recipient received or even read message 5 Secure Information is encrypted in both transit and at rest Auditable Can be tracked to show when messages are sent, delivered and read Able to see actual messages sent Authorization Ability to control who has access and have the ability to turn that access off (i.e. terminations) Great for Bring-Your-Own-Device (BYOD) devices 6 2
3 Cost Initial cost of setting everything up (e.g. servers, setup time, etc.) Monthly cost Depending on vendor and organization size it could be between $5 to $30 per device or per user Training Depending on the size of your organization training could be a slow process 7 Business buy-in Top down approach Provider buy-in Choose a product/vendor that is a good fit for your organization 8 In todays tech filled world there is no use for them Not secure (in transmission or at rest) Uses radio frequencies to send messages Unreliable Inability to know if your message went through Unable to audit 9 3
4 Mailbox Storage On-premise, cloud, or hybrid If cloud, stored in USA only? Using message content filter Sending all messages through it? Does it encrypt the message if it detects PHI? Using Archiving 10 Backups Is the data encrypted? Audit capabilities Permit generic addresses? How do you audit them? Delegation 11 Different types of IM Corporate More secure Can be hosted on-premise or cloud Auditability Archive Public Less secure Store in the cloud (but where???) No administration 12 4
5 Breach or Not a Breach of Unsecured PHI? That is a great question! 13 with PHI sent to a correct recipient who is authorized to receive the PHI The sender mistakenly did not encrypt it Should this be considered a breach? Should this be considered a breach of unsecured PHI? Are breach of unsecured PHI notifications required? 14 Means the acquisition, access, use, or disclosure of protected health information (PHI) in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI and is presumed to be a breach unless the organization or BA, as applicable, demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment of at least the following factors: 15 5
6 1.The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of reidentification; 2.The unauthorized person who used the protected health information or to the disclosure was made; 3.Whether the protected health information was actually acquired or viewed; and 4.The extent to which the risk to the protected health information has been mitigated 16 What about unencrypted texts? What about unencrypted instant messages? What if the unencrypted s, text, or instant message is not done within an organization owned system? Office for Civil Rights (OCR) reflections 17 First part of the definition of a Business Associate: Person or business/vendor s staff members are not members of the organization s Workforce and: creates, receives, maintains, and/or transmits protected health information (PHI) on behalf of the organization What does this mean? 18 6
7 Have BAAs in place with the following before using it (unless they do not create, receive, maintain, or transmit the s): vendors encryption vendors Validate vendor privacy and security controls 19 Use organizationally purchased IMs Prior to purchasing, find out: Where is PHI stored? How secure are transmissions? Validate vendor privacy and security controls Prior to transmitting PHI, obtain a BAA 20 Cell / smart phones Phone carriers Transmitting PHI in texts Storing of texts Texting platforms Validate vendor privacy and security controls BAA 21 7
8 Ask yourself: Where is the PHI stored? On the device? User s phone carrier service Backup service too? Who has a contract with these storage providers? Hint it is not your organization Will the PHI be secure on their devices? How will we get the PHI back or verify it is no longer on their device or stored anywhere after termination? Is a Mobile Device Management (MDM) used? Require agreements be signed? 22 When may PHI be sent? Verify appropriate authorizations are in place When may be sent internally and / or externally? Who may send PHI? Be careful to use the correct address / number Program them Double check before sending 23 What systems / applications must be used when PHI is sent? Purchased by organization Personally downloaded? Whose devices may be used? Company owned BYOD? If yes, have BYOD policies in place MDM requirements How to secure devices Onsite Remote use 24 8
9 Only use organizationally approved systems / applications and devices May not use others unless approved by Security Officer / IT leadership and Privacy Officer The policies Appropriate use of the technologies 25 Resolution Agreements Fines For the organization For users Corrective action plans OCR enforcement Civil penalties Criminal penalties 26 Remember to include electronic communications utilized when conducting your security risk analyses Ask users what applications they are using and want to use to send electronic communications You never know what they may tell you! 27 9
10 28 Adam Nichol Information Security Officer/Systems Analyst Hospital Sisters Health System Holly Schlenvogt, MSH, CPM Privacy and Security Consultant / Owner HRT Consulting, LLC hschlenv@hrt-consulting.com Scott Vaughan, MIS Network Supervisor Sauk Prairie Healthcare Scott.Vaughan@SaukPrairieHealthcare.org 29 10
Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016
Update on HIPAA Administration and Enforcement Marissa Gordon-Nguyen, JD, MPH October 7, 2016 Updates Policy Development Breaches Enforcement Audit 2 POLICY DEVELOPMENT RECENTLY PUBLISHED: RIGHT OF ACCESS,
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed
More informationHIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017
HIPAA in 2017: Hot Topics You Can t Ignore Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017 Breach Notification State Law Privacy Rule Authorizations Polices and Procedures The Truth Is Have created
More informationDATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE
DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE Melodi (Mel) M. Gates mgates@pattonboggs.com (303) 894-6111 October 25, 2013 THE CHANGING PRIVACY CLIMATE z HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY
More informationHIPAA-HITECH: Privacy & Security Updates for 2015
South Atlantic Regional Annual Conference Orlando, FL February 6, 2015 1 HIPAA-HITECH: Privacy & Security Updates for 2015 Darrell W. Contreras, Esq., LHRM Gregory V. Kerr, CHPC, CHC Agenda 2 OCR On-Site
More informationHIPAA Cloud Computing Guidance
HIPAA Cloud Computing Guidance Adam Greene, JD, MPH Partner Rebecca Williams, BSN, JD Partner Nature is a mutable cloud which is always and never the same Ralph Waldo Emerson 2 Agenda A few historical
More informationWHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty
WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty WHITE PAPER HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty By Jill Brooks, MD, CHCO and Katelyn Byrne, BSN, RN Data Breaches
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationSecurity and Privacy Breach Notification
Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationSeven gray areas of HIPAA you can t ignore
White Paper: HIPAA Gray Areas Seven gray areas of HIPAA you can t ignore This guide exists to shed some light on some of the gray areas of HIPAA (the Health Insurance Portability and Accountability Act).
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationBreach Notification Remember State Law
Breach Notification HITECH: First federal law mandating breach notification for health care industry Applies to covered entities, business associates, PHR vendors, and PHR service providers FTC regulates
More informationHIPAA FOR BROKERS. revised 10/17
HIPAA FOR BROKERS revised 10/17 COURSE PURPOSE The purpose of this information is to help ensure that all Optima Health Brokers are prepared to protect the privacy and security of our members health information.
More informationInto the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule
Into the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule The Twenty-Second National HIPAA Summit Healthcare Privacy and Security After HITECH and Health Reform Rebecca Williams,
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More informationLessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits
Lessons Learned from Recent HIPAA Enforcement Actions, Breaches, and Pilot Audits Iliana L. Peters, J.D., LL.M. Senior Advisor for HIPAA Compliance and Enforcement OCR RULEMAKING UPDATE What s s Done?
More informationHIPAA Compliance Officer Training By HITECH Compliance Associates. Building a Culture of Compliance
HIPAA Compliance Officer Training By HITECH Compliance Associates Building a Culture of Compliance Your Instructor Is Michael McCoy Nationally Recognized HIPAA Expert » Nothing contained herein should
More informationHIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER
HIPAA Security and Research VALERIE GOLDEN, HIPAA SECURITY OFFICER Researchers Must Ensure... Electronic Protected Health Information (ephi) in their possession or under their control is secured from unauthorized
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationHIPAA & Privacy Compliance Update
HIPAA & Privacy Compliance Update Vermont Medical Society FREE Wednesday Webinar Series March 15, 2017 Anne Cramer and Shireen Hart Primmer Piper Eggleston & Cramer PC acramer@primmer.com shart@primmer.com
More informationIncident Response: Are You Ready?
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More information(c) Apgar & Associates, LLC
Incident Response: Are You Ready? Chris Apgar, CISSP Apgar & Associates, LLC 2014 Security Incident vs. Breach Overview Security Incident Planning and Your Team Final Breach Notification Rule a refresher
More informationCore Elements of HIPAA The Privacy Rule establishes individuals privacy rights and addresses the use and disclosure of protected health information ( PHI ) by covered entities and business associates The
More informationHIPAA Compliance & Privacy What You Need to Know Now
HIPAA Email Compliance & Privacy What You Need to Know Now Introduction The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places a number of requirements on the healthcare industry
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationHIPAA AND SECURITY. For Healthcare Organizations
HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08
More informationCyber Security Issues
RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare
More information3/24/2014. Agenda & Objectives. HIPAA Security Rule. Compliance Institute. Background and Regulatory Overlay. OCR Statistics/
Compliance Institute Session 501: Implementing a System-Wide Access Monitoring Program Brian D. Annulis Meade, Roach & Annulis, LLP Aegis Compliance & Ethics Center, LLP 4147 N. Ravenswood Avenue Suite
More informationThe HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance
The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San
More informationHIPAA Tips and Advice for Your. Medical Practice
HIPAA Tips and Advice for Your Ericka L. Adler Medical Practice Rachel V. Rose WHY Header HIPAA PATIENT and Medical PORTALS? Practices HIPAA Basics Who is a covered entity? What is PHI? When can you disclose
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationDavid C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017
David C. Marshall, Esq. PACAH 2017 Spring Conference April 27, 2017 Privacy and security of patient information held by health care providers remains a concern of the federal government. More resources
More informationAuditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley
Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips
More informationPrivacy & Information Security Protocol: Breach Notification & Mitigation
The VUMC Privacy Office coordinates compliance with the required notification steps and prepares the necessary notification and reporting documents. The business unit from which the breach occurred covers
More informationfor the Dental Industry
for the Dental Industry If you re practicing dentistry, you ll also need to be an expert on email encryption and patient privacy. Dental practices are among the fastest growing adopters of cloud email
More informationBoerner Consulting, LLC Reinhart Boerner Van Deuren s.c.
Catherine M. Boerner, Boerner Consulting LLC Heather Fields, 1 Discuss any aggregate results of the desk audits Explore the Sample(s) Requested and Inquire of Management requests for the full on-site audits
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationTen ways Imprivata Cortext adds HIPAA compliance to text messaging
Ten ways Imprivata Cortext adds HIPAA compliance to text messaging Healthcare is not immune to the consumerization of IT that s happening in other industries. Physicians, laboratory technicians, nurses
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationA HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,
A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP, JD Director, HHS Office for Civil Rights Nicholas Heesters,
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationUPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA
UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting
More informationEnforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance
Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Iliana Peters, JD, LLM, HHS Office for Civil Rights Kevin
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: Can serve as annual HIPAA training for physician practice
More informationHIPAA Privacy and Security Training Program
Note The following HIPAA training is intended for Vendors, Business Associates, Students, Pre Approved Shadowers, and Visitors. The following training module does not provide credit for annual training
More informationand Privacy HIPAA-Compliance Checklist
Email and Privacy HIPAA-Compliance Checklist TBHI Checklist Copyright 2017 Telebehavioral Health Institute All rights reserved. Telebehavioral Health Institute www.telehealth.org No part of this publication
More informationNeil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016
Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost
More informationNMHC HIPAA Security Training Version
NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 1 HHS Wall of Shame 20% Involved Business Associates Based on HHS Breach Portal: Breaches Affecting 500 or More Individuals, Type of Breach
More informationHIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationHIPAA and HIPAA Compliance with PHI/PII in Research
HIPAA and HIPAA Compliance with PHI/PII in Research HIPAA Compliance Federal Regulations-Enforced by Office of Civil Rights State Regulations-Texas Administrative Codes Institutional Policies-UTHSA HOPs/IRB
More informationHealthcare Privacy and Security:
Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association
More informationA Panel Discussion. Nancy Davis
A Panel Discussion 1 Nancy Davis Director of Compliance & Safety, Door County Medical Center Cathy Hansen Director, Health Information Services & Privacy Officer, St. Croix Regional Medical Center Rhonda
More informationHow Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.
How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq. Word Count: 2,268 Physician practices have lived with the reality of HIPAA for over twenty years. In that time, it has likely
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationSocial Media and Texting: A Growing Concern
Social Media, Care Providers Texting: How Do You Protect PHI? HCCA Compliance Institute Monday, April 18, 2016 Presented By: Donna Thiel, VP & CCO, Fortis Management Group, LLC Craig Day, Esq., Lane Powell
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationIntegrating HIPAA into Your Managed Care Compliance Program
Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,
More informationHIPAA Federal Security Rule H I P A A
H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Wandah Hardy, RN BSN, MPA Equal Opportunity Specialist/Investigator Office for Civil Rights (OCR)
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationWASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information
WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7 Appropriate Methods of Communicating Protected Health Information Statement of Policy Washington University and its member organizations (collectively, Washington
More informationHIPAA COMPLIANCE AND DATA PROTECTION Page 1
HIPAA COMPLIANCE AND DATA PROTECTION info@resultstechnology.com 877.435.8877 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and RESULTS Cloud
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Marissa Gordon-Nguyen Office for Civil Rights (OCR) U.S. Department of Health and Human Services June
More informationSURVIVING THE CYBERPOCALYPSE. Craig Felty Vice President, Patient Care Services Hancock Regional Hospital
SURVIVING THE CYBERPOCALYPSE Craig Felty Vice President, Patient Care Services Hancock Regional Hospital Independent health system, $150M annual revenue, 1,200 employees, 150 active medical staff members,
More informationTexting and ing Patients, Providers and Others: HIPAA, CMS, and Suggestions
Texting and Emailing Patients, Providers and Others: HIPAA, CMS, and Suggestions Bo Ferger Rhinogram, Inc. Kim C. Stanger Holland & Hart LLP (2-18) Preliminaries This presentation is similar to any other
More informationProtecting Health Information
Agenda Protecting Health Information BRONSON HEALTHCARE GROUP INFORMATION TECHNOLOGY SECURITY ENGINEERING MICHAEL SMITH Personal device usage with sensitive data Mobile devices and BYOD Secure messaging
More informationPLEASE NOTE. - Text the phrase MICHAELBERWA428 to the number /23/2016 1
PLEASE NOTE This is an interactive panel, and we will be conducting voting throughout. To make voting easy, please register NOW, before the panel starts. To register: - Text the phrase MICHAELBERWA428
More informationCloud Communications for Healthcare
Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationSecurity Rule for IT Staffs. J. T. Ash University of Hawaii System HIPAA Compliance Officer
Security Rule for IT Staffs J. T. Ash University of Hawaii System HIPAA Compliance Officer jtash@hawaii.edu hipaa@hawaii.edu Disclaimer HIPAA is a TEAM SPORT and everyone has a role in protecting protected
More informationWhat is a Breach? 8/28/2017
Michael E. Reheuser US Department of Defense 1 What is a Breach? The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to
More informationHIPAA Texting/ ing/BYOD
Live Webinar on HIPAA Texting/Emailing/BYOD Brian L Tuttle, CPHIT, CHA, CHP, CBRA, CISSP, CCNA, Net + MentorHealth 2016 Wednesday, April 20 th, 2016 1.00 pm EDT The Health Insurance Portability Act of
More informationUniversity Policies and Procedures ELECTRONIC MAIL POLICY
University Policies and Procedures 10-03.00 ELECTRONIC MAIL POLICY I. Policy Statement: All students, faculty and staff members are issued a Towson University (the University ) e-mail address and must
More informationHIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED
HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within
More informationBring Your Own Device Policy
Title: Status: Effective : Last Revised: Policy Point of Contact: Synopsis: Bring Your Own Device Policy Final 2017-Jan-01 2016-Nov-16 Chief Information Officer, Information and Instructional Technology
More informationPROTECTING PHI WITH BOX HEALTH DATA FOLDERS POLICIES AND GUIDELINES
PROTECTING PHI WITH BOX HEALTH DATA FOLDERS POLICIES AND GUIDELINES March 15, 2018 Table of Contents Introduction 2 Key points to remember:... 2 Applying for a BHDF... 2 Box Security Settings 3 Folder
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 7 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationefolder White Paper: HIPAA Compliance
efolder White Paper: HIPAA Compliance November 2015 Copyright 2015, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within
More informationHIPAA 101: What All Doctors NEED To Know
HIPAA 101: What All Doctors NEED To Know 1 HIPAA Basics HIPAA: Health Insurance and Portability Accountability Act of 1996 Purpose: to protect confidential information through improved security and privacy
More informationBanner Health Information Security and Privacy Training Team. Morgan Raimo Paul Lockwood
Banner Health Information Security and Privacy Training Team Morgan Raimo Paul Lockwood PHI Storage InfoGraphics PHI Data Storage and Sharing Cybersecurity and Privacy Training and Awareness Table of Contents
More informationWhat is HIPPA/PCI? Understanding HIPAA. Understanding PCI DSS
What is HIPPA/PCI? In this digital era, where every bit of information pertaining to individuals has gone digital and is stored in digital form somewhere or the other, there is a need protect the individuals
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationFamily Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD
Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD The UAMS HIPAA Office Heather Schmiegelow, UAMS HIPAA Privacy Officer Stephen Cochran, UAMS Security Officer Sara Thompson, HIPAA
More informationAmerican Academy of Audiology Responses to Questions from HIPAA Webinar
American Academy of Audiology Responses to Questions from HIPAA Webinar IMPORTANT: DISCLAIMER REGARDING THE USE OF THIS INFORMATION: THESE RESPONSES ARE NOT INTENDED AS, AND DO NOT CONSTITUTE, LEGAL OR
More informationBuilding YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services
Building YOUR Privacy Program: One Size Does Not Fit All Justine Gottshall Partner, InfoLawGroup, LLP Chief Privacy Officer, Signal Jgottshall@infolawgroup.com Adam Nelson Executive Consultant Global Data
More informationHIPAA / HITECH Overview of Capabilities and Protected Health Information
HIPAA / HITECH Overview of Capabilities and Protected Health Information August 2017 Rev 1.8.9 2017 DragonFly Athletics, LLC 2017, DragonFly Athletics, LLC. or its affiliates. All rights reserved. Notices
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationTHE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155
THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION Session #155 David Forrestall, CISSP CISA SecurIT360 SPEAKERS Carl Scaffidi, CISSP, ISSAP, CEH, CISM Director of Information Security Baker Donelson AGENDA
More informationGM Information Security Controls
: Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationSample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
More information