Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI Web Hull Privacy, Data Protection, & Compliance Advisor

Similar documents
Topics 4/11/2016. Emerging Challenges in mhealth: Keeping Information Safe & Secure. Here s the challenge It s just the beginning of mhealth

2016 Survey: A Pulse on Mobility in Healthcare

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

Briefing on Report: Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA HL7 Mobile Health Workgroup

Data Backup and Contingency Planning Procedure

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

The Telemedicine Opportunity

Embedding Privacy by Design

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

HIPAA Privacy, Security and Breach Notification

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Mobile Health (mhealth) Applications in a Health Care Environment

Information Governance, the Next Evolution of Privacy and Security

Security and Privacy Governance Program Guidelines

The ABCs of HIPAA Security

The HUMANE roadmaps towards future human-machine networks Oxford, UK 21 March 2017

HIPAA Security. An Ounce of Prevention is Worth a Pound of Cure

HIPAA Security and Privacy Policies & Procedures

Compliance With HIPAA Privacy Rule Before Security & Enforcement Rules are Final: Challenges in Practice

a publication of the health care compliance association MARCH 2018

All Aboard the HIPAA Omnibus An Auditor s Perspective

The Relationship Between HIPAA Compliance and Business Associates

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

Healthcare Privacy and Security:

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

01.0 Policy Responsibilities and Oversight

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018

Cyber Risk and Networked Medical Devices

14th AMC Security & Privacy Conference June 12, 2018

Best Practices in Securing a Multicloud World

Clearwater HIPAA Security Assessment Software. Demonstration

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC

Technology General Controls and HIPAA Security Compliance: Covering the Bandwidth in One Audit

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington

Hospital Council of Western Pennsylvania. June 21, 2012

Is Your Compliance Strategy Putting Your Business at Risk?

and Privacy HIPAA-Compliance Checklist

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

Hot Topics in Privacy

Hot Topics in Privacy

State of US Telemedicine Industry

Kirk J. Nahra Wiley Rein LLP Washington, D.C. (October, 2013)

3/3/2017. Medical device security The transition from patient privacy to patient safety. Scott Erven. Who i am. What we ll be covering today

Medical device security The transition from patient privacy to patient safety

DeMystifying Data Breaches and Information Security Compliance

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HIPAA/HITECH Act Update HCCA South Central Regional Annual Conference December 2, Looking Back at 2011

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

What It Takes to be a CISO in 2017

Avanade s Approach to Client Data Protection

MD-HQ Utilizes Atlantic.Net s Private Cloud Solutions to Realize Tremendous Growth

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Top Privacy Issues for Infosec Professionals

HIMSS 15 Doing Better Business in the Era of Data Security and Privacy

HITRUST Common Security Framework - Are you prepared?

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

Compliance with CloudCheckr

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification

Healthcare Information and Management Systems Society HIMSS. U.S. Healthcare Industry Quarterly HIPAA Compliance Survey Results: Summer 2002

HITRUST CSF: One Framework

WHITE PAPER. HIPAA Breaches Continue to Rise: Avoid Becoming a Casualty

Agenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute

Securing Your Cloud Introduction Presentation

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

HIPAA & Privacy Compliance Update

United4Health session Regulatory Framework Trends & Updates. Nicole Denjoy COCIR Secretary General Wed. 7 May 2014, Berlin (Germany)

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Oracle Buys Automated Applications Controls Leader LogicalApps

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Critical HIPAA Privacy & Security Crossover Areas

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Consumer Protection & System Security Update. Bill Jenkins and Cammie Blais

Technology Workshop HIPAA Security Risk Assessment: What s Next? January 9, 2014

Governance for the Public Sector Cloud

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

A Framework for Managing Crime and Fraud

Connected Medical Devices

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

The simplified guide to. HIPAA compliance

The MovingLife Project

HIPAA 101: What All Doctors NEED To Know

Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance

Into the Breach: Breach Notification Requirements in the Wake of the HIPAA Omnibus Rule

FDA & Medical Device Cybersecurity

Global Standards Information. Standards Simulation Training for the USG ICES Workshop. July 6, 2010

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

NYDFS Cybersecurity Regulations

locuz.com SOC Services

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

HIPAA in 2017: Hot Topics You Can t Ignore. Danika Brinda, PhD, RHIA, CHPS, HCISPP March 16, 2017

Protecting PHI in the Cloud. Session #47, February 20, 2017 Kurt J. Long, Founder & CEO, FairWarning, Inc.

Breach Notification Remember State Law

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

CLINICAL TRIALS INDUSTRY REPORT: BEYOND THE HYPE

Secure HIPAA Compliant Cloud Computing

Transcription:

Emerging Challenges in mhealth: Keeping Information Safe & Secure HCCA CI 2016 Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com 1 Topics 1. mhealth Challenges & Landscape 2. Who owns this problem 3. Action Steps 4. How do I keep up to date Web.Hull@icloud.com 2 1

There are more than 165,000 health / wellness apps on the Apple store today Is Apple going to stop innovating? No? o Next generation watches, iphones, o Apple health o Research pack o Care pack Are there other innovators / entrepreneurs out there who think that they can make money like Apple does? Of course! Web.Hull@icloud.com 3 There are lots of innovators and early adopters in your organization, and they Will make apps / wearables / devices Will propose apps / wearables / devices Or just start using them Web.Hull@icloud.com 4 2

The regulatory frame work is playing catch up to innovation As it always does Regulation is fragmented HHS OCR, FTC, ONC, FDA, States, The new Mobile Health Apps Interactive Tool on the FTC website cites three other federal agencies Expect more Guidance, Regulation, & Enforcement Web.Hull@icloud.com 5 There s a good chance any apps / wearables /devices you are using as a Covered Entity make the provider your Business Associate Have you performed a Risk Assessment? Do you have a Business Associate Agreement with them? Are you ready to respond to the HIPAA Audit Questionnaire? Web.Hull@icloud.com 6 3

There is a great pressure to control / reduce costs and someone might think that these are one way to do it Patient scheduling Data monitoring Telemedicine Web.Hull@icloud.com 7 Who Owns The Problem? As a Healthcare Compliance and Privacy Professional, who would you say owns this problem / opportunity in your organization? Web.Hull@icloud.com 8 4

Who Owns The Problem? There is no such thing as an Army of one, so you might have to round up a posse. InfoSec Procurement IT HR Legal Medical Records Compliance Privacy Medical Staff Nursing Others? Web.Hull@icloud.com 9 Action Steps 1. Determine if there is an Apps / Wearables / Device Policy If yes, review and, if appropriate, revise If no, draft one, have it approved, and distribute it. Web.Hull@icloud.com 10 5

Action Steps 2. Determine if there is a process for bringing vendors on board? If yes, then You have a good opportunity to properly vet and remediate any app / wearable / device You might have already done the work for all your existing apps / wearables / devices If no, then start one now! Web.Hull@icloud.com 11 Action Steps 3. As David said get an inventory of all your apps / wearables / devices. 4. Determine the owner of each app / wearable / device on the inventory 5. Determine which ones are covered by HIPAA. You are going to need this list for your HIPAA Audit request for information See Business Associate Listing Sample Template http://www.hhs.gov/hipaa/forprofessionals/complianceenforcement/audit/batemplate/index.html Web.Hull@icloud.com 12 6

Action Steps 6. Sort from highest to lowest risk 7. Starting with the highest risk Review each app / wearable / device for HIPAA compliance Remediate gaps Document work Web.Hull@icloud.com 13 Action Step 8. Develop and implement a process for capturing each and every proposed / new app / wearable / device for proper review prior to contracting. Document review of each and every new app / wearable / device It is important to not let a rogue employee bring on an unreviewed App / Wearable / Device Web.Hull@icloud.com 14 7

How To Keep Up To Date Read, Read, Read Go to conferences mobihealthnews http://mobihealthnews.com/ Web.Hull@icloud.com 15 Thank You & Questions? Web.Hull@icloud.com 16 8

Web Hull Privacy, Data Protection, & Compliance Advisor 17 Burr Ave. Barrington, RI 02806 Telephone & Text: 401.316.3021 email: Web.Hull@icloud.com Linkedin: https://www.linkedin.com/in/webhull Twitter: @WebHull Web.Hull@icloud.com 17 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback