securing your office technology hipaa requirements and
play

Securing Your Office Technology: HIPAA Requirements and Beyond - PowerPoint PPT Presentation

Mar 08, 2024 •327 likes •434 views

Notes: Securing Your Office Technology: HIPAA Requirements and Beyond Jimmy Georgiou President/CEO, SolutionStart & Aspida Notes: Takeaway Learning Objective: Provide background and insight on the administrative, technical, and physical

  1. Notes: Securing Your Office Technology: HIPAA Requirements and Beyond Jimmy Georgiou President/CEO, SolutionStart & Aspida

  2. Notes: Takeaway Learning Objective: Provide background and insight on the administrative, technical, and physical safeguards that define the requirements and expectations of HIPAA. Result: Increase awareness, creation and adoption of HIPAA compliant policies, procedures and physical networks in the dental practice.

  3. Notes: Overview Privacy & Compliance Technology Implementation The Four Major Threats

  4. Definitions Notes:  ePHI ‐ Electronic Protected Health Information Information that identifies an individual and is created, maintained or transmitted electronically  BA ‐ Business Associate Any person or entity that you have granted access to your patient’s ePHI  BAA ‐ Business Associate Agreement An agreement the clearly defines the roles and responsibilities of each party regarding the protection of ePHI  CE ‐ Covered Entity Any Healthcare Provider, Healthcare Plan or Healthcare Clearinghouse  Breach The unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information  Incident The act of violating an explicit or implied security policy, which includes attempts (either failed or successful) to gain unauthorized access to a system or it’s data, unwanted disruption or denial of service, the unauthorized use of a system for the processing or storage of data; and changes to system hardware, firmware, or software characteristics without the owner’s knowledge, instruction, or consent  NIST ‐ National Institute of Standards and Technology The federal technology agency that works with industry to develop and apply technology, measurements, and standards

  5. Notes: Business Vulnerabilities OUTSIDE: • Fax • Email • Phones • Mail IN BETWEEN: • WiFi • Remote Access • Firewall INSIDE: • User Access Controls • Patch Management • Backup • Policies and Procedures

  6. Notes: The Four Major Threats • Your IT Guy • Your Staff • Technology Threats • “True” Compliance

  7. Notes:

  8. References ‐C.F.R ‐Code of Federal Regulations from The Federal Register Administrative Safeguards ‐ i. § 164.308(a)(1)(ii)(D) Information system activity review. Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. ii. §164.308(a)(2) Assigned security responsibility. Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity. iii. § 164.308(a)(5)(i) Security awareness and training ‐ Implement a security awareness and training program for all members of its workforce (including management). iv. § 164.308(a)(5)(ii)(A) Security reminders ‐ Implement periodic security updates. v. § 164.308(a)(5)(ii)(B) Protection from malicious software ‐ Implement procedures for guarding against, detecting, and reporting malicious software. vi. § 164.308(a)(5)(ii)(C) Log‐in Monitoring ‐ Implement procedures for monitoring log‐in attempts and reporting discrepancies. vii. § 164.308(a)(5)(ii)(D ) Password Management ‐ Implement procedures for creating, changing and safeguarding passwords. viii. § 164.308(a)(7)(i) Contingency Plan ‐ Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. ix. § 164.308(a)(7)(ii)(A) Data Backup Plan ‐ Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. x. § 164.308(a)(7)(ii)(B) Disaster Recovery Plan ‐ Establish (and implement as needed) procedures to restore any loss of data. xi. § 164.308(a)(7)(ii)(C) Emergency Mode Operation ‐ Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. xii. § 164.308(a)(7)(ii)(D) Testing and Revision Procedures ‐ Implement procedures for periodic testing and revision of contingency plans. xiii. § 164.308(b)(1) Business Associate contracts and other arrangements ‐ A covered entity, in accordance with §164.308 may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity's behalf only if the covered entity obtains satisfactory assurances, in accordance with §164.314(a) that the business associate will appropriately safeguard the information. xiv. § 164.312(a)(2)(ii) Emergency Access Procedures ‐ Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency. xv. § 164.530(a)(1)(i) Personnel designations. A covered entity must designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity. Physical Safeguards ‐ xvi. § 164.310(d)(1) Device and Media Controls Standard ‐ Implement policies and procedure that govern the receipt and removal of hardware and electronic media that contain ePHI into and out of a facility, and the movement of these items within the facility. xvii. § 164.310(d)(2)(i) Disposal ‐ Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored. xviii. § 164.310(d)(2)(ii) Media Re‐Use ‐ Implement procedure for removal of electronic protected health information from electronic media before the media are made available for re‐use. xix. § 164.310(d)(2)(iii) Accountability ‐ Maintain a record of the movements of hardware and electronic media and any person responsible therefore. xx. § 164.310(d)(2)(iv) Data and Backup Storage ‐ Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment. Technical Safeguards ‐ xxi. § 164.308(d) Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. xxii. § 164.312(a)(2)(i) Unique user identification ‐ Assign a unique names and/or number for identifying and tracking user identity. xxiii. § 164.312(a)(2)(iii) Automatic Logoff ‐ Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. xxiv. § 164.312(a)(2)(iv) Encryption and Decryption ‐ Implement a mechanism to encrypt and decrypt electronic protected health information xxv. § 164.312(b) Standard: Audit controls ‐ Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. xxvi. § 164.312(e)(1) Standard: Transmission Security ‐ Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. xxvii. § 164.312(e)(2)(ii) Encryption ‐ Implement a mechanism to encrypt electronic health information whenever deemed appropriate.

  9. Speaker Information Jimmy Georgiou is the Founder and CEO of SolutionStart, a leading provider of technology solutions and services with a concentration on the Dental Industry. In conjunction with providing guidance from a technology standpoint, Jimmy began to focus on the impact of HIPAA within the dental industry. After several years of studying and fully understanding the role technology will play in this field, he launched a sister company to SolutionStart, Aspida, to better address these mandates and regulations. Launched in 2013, Aspida has quickly established itself as an industry leader in providing HIPAA compliant security products and services ‐ their first product to market being Aspida Mail, a HIPAA Compliant Encrypted Email. Jimmy is an industry leader in the areas of HIPAA and dental technology and has educated hundreds of dentists and dental professionals through his presentations at dental society meetings and study clubs. www.solutionstart.com www.aspida.us Jimmy Georgiou President/CEO jgeorgiou@solutionstart.com www.facebook.com/solutionstart www.facebook.com/aspida.us

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HIPAA, HITECH and Business Associates November 11, 2010 12:00-1:30pm (CST) Sarah Radermacher, JD

HIPAA, HITECH and Business Associates November 11, 2010 12:00-1:30pm (CST) Sarah Radermacher, JD

Office of the Secretary Office for Civil Rights (OCR) HIPAA COW Webinar: HIPAA, HITECH and Business Associates November 11, 2010 12:00-1:30pm (CST) Sarah Radermacher, JD Office for Civil Rights U.S. Department of Heath and Human Services

374 views • 19 slides
Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA initially went into effect April 14, 2003 HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.

284 views • 25 slides
Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
An Update on HIPAA Policy and Enforcement NCVHS Rachel Seeger, MPA, MA HHS Office for Civil

An Update on HIPAA Policy and Enforcement NCVHS Rachel Seeger, MPA, MA HHS Office for Civil

An Update on HIPAA Policy and Enforcement NCVHS Rachel Seeger, MPA, MA HHS Office for Civil Rights May 15, 2018 U.S. Department of Health and Human Services Office for Civil Rights 1 HIPAA Policy Development U.S. Department of Health and

285 views • 26 slides
HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

575 views • 33 slides
Office Hours HIPAA Training for Employers: From Portability to Privacy Audio Brian Gilmore

Office Hours HIPAA Training for Employers: From Portability to Privacy Audio Brian Gilmore

Office Hours HIPAA Training for Employers: From Portability to Privacy Audio Brian Gilmore Lead Benefits Counsel, VP MARCH 26, 2020 ICYMI: Recent Office Hours Library http://www.theabdteam.com/abd-insights/presentations/ 2019 Year in

756 views • 60 slides
EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau Chief, Information Security and Technology 1 What is HIPAA? 2 HIPAA What: Health Insurance Portability and How: Congress mandated the establishment

444 views • 9 slides
and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA

and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA

Information Privacy and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should be able to: Define privacy practices

827 views • 37 slides
and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA

and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA

Information Privacy and Security Training 2017 for Instructors and Students Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should be able to: Define privacy practices

691 views • 37 slides
Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to obtaining a persons medical records for court proceedings and law enforcement purposes. A) Entities covered by HIPAA The medical records of a patient

405 views • 6 slides
HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA COW Webinar: HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c. HIPAA COW Webinar November 11, 2010 Presentation Overview TOP 3 HIPAA Compliance Risks Unauthorized Use and Disclosure of

522 views • 28 slides
Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement

Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement

Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement HIPAA Security 2 HIPAA & Research HIPAA & Research 4 HIPAA & Research PHI Disclosure for PHI Use for Research Research

752 views • 59 slides
HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

Presenting a live 90-minute webinar with interactive Q&A HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and Security Compliance TUESDAY, FEBRUARY 5, 2013 1pm Eastern | 12pm Central | 11am

793 views • 53 slides
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the removal of individual

1.19k views • 61 slides
HIPAA/HITECH Omnibus Final Rule Secretarys Advisory Committee on Human Research Protections

HIPAA/HITECH Omnibus Final Rule Secretarys Advisory Committee on Human Research Protections

Office of the Secretary Office for Civil Rights (OCR) HIPAA/HITECH Omnibus Final Rule Secretarys Advisory Committee on Human Research Protections March 2013 Christina Heide, JD Senior Health Information Privacy Policy Specialist HHS

342 views • 15 slides
Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu Everyone has a role in securing their part of cyberspace, including the devices and networks they use. Todays Topics Impact on Universities

936 views • 59 slides
The Ohio Supercomputer Center provides high performance computing services and computational

The Ohio Supercomputer Center provides high performance computing services and computational

The Ohio Supercomputer Center provides high performance computing services and computational science expertise to assist Ohio researchers making discoveries in a vast array of scientific disciplines, and engineers seeking innovations for

705 views • 33 slides
FERPA Family Educational Rights and Privacy Act of 1974 (also known as the Buckley Amendment)

FERPA Family Educational Rights and Privacy Act of 1974 (also known as the Buckley Amendment)

FERPA Family Educational Rights and Privacy Act of 1974 (also known as the Buckley Amendment) Office of Records and Registration Learning Outcomes 1. Understand the basics rights under FERPA 2. Learn about key FERPA terms and their

904 views • 49 slides
MEDICAL RECORDS, LIENS, & INSURANCE PRESENTED BY CANDACE GLEED & SASHA CUNO MEDICAL

MEDICAL RECORDS, LIENS, & INSURANCE PRESENTED BY CANDACE GLEED & SASHA CUNO MEDICAL

MEDICAL RECORDS, LIENS, & INSURANCE PRESENTED BY CANDACE GLEED & SASHA CUNO MEDICAL RECORDS Request Forms HIPPA Authorizations 78B-5-619 Patient Access to Medical RecordsThird Party Access Hitech Act Requests This

479 views • 19 slides
Data Sharing Strategies How to Address Superutilizers within the Confines of Confidentiality

Data Sharing Strategies How to Address Superutilizers within the Confines of Confidentiality

Data Sharing Strategies How to Address Superutilizers within the Confines of Confidentiality Gerald (Jud) E. DeLoss Greensfelder, Hemker & Gale, P.C. December 9, 2016 This presentation and outline are limited to a discussion of general

488 views • 21 slides
HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs, MS, RHIA, CHP, FAHIMA AGENDA OCRs Task List OCRs Guidance OCRs Enforcement Activities Phase 2 Audits Preparation

338 views • 16 slides
Quickwrite Questions: How did you learn the skill of note taking? How did this skill

Quickwrite Questions: How did you learn the skill of note taking? How did this skill

Quickwrite Questions: How did you learn the skill of note taking? How did this skill contribute to your success? Cornell note taking stimulates critical thinking skills. Note taking helps students remember what is said in

700 views • 23 slides
When Medical Intervention is Futile and Who Decides? A global Review of the Concept and Policies

When Medical Intervention is Futile and Who Decides? A global Review of the Concept and Policies

When Medical Intervention is Futile and Who Decides? A global Review of the Concept and Policies of Medical Futility Alireza Bagheri MD, PhD. Research Affiliate: Center for Healthcare Ethics Lakehead University St. Josephs Hospital

704 views • 51 slides
Curves and Sectioning Angles Nicholas Molbert, Julie Fink, and Tia Burden July 6, 2012 Nicholas

Curves and Sectioning Angles Nicholas Molbert, Julie Fink, and Tia Burden July 6, 2012 Nicholas

Introduction Basic Constructions The Hyperbola The Problem of Trisection Curves and Sectioning Angles Nicholas Molbert, Julie Fink, and Tia Burden July 6, 2012 Nicholas Molbert, Julie Fink, and Tia Burden Curves and Sectioning Angles

766 views • 76 slides

More recommend