Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

4-Step Program to HIPAA Compliance

advertisement 
4-STEP PROGRAM TO
HIPAA COMPLIANCE
BROTHERS, HAWN & COUGHLIN, LLP
AWARENESS
• Understand the new rules.
• Perform a “HIPAA gap” analysis
•
•
•
Look at in-house policies
Do an acceptable-use policy of
computers in your organization
What are grounds for termination?
• Prioritize actions to achieve
compliance
• Got to’s, needs to’s and nice to’s
AWARENESS
• Implement privacy & security initiatives
• Administrative, technical and physical controls
• Physical safeguard: Is anybody at the front, asking who they are,
why they are there
• Keeping physical log of who’s there, and why
• Administrative controls
• Acceptable use policy of computers
• SANS.org has education and material about HIPPA rules, templates,
sharing group for best practices on privacy and security development
• Technical controls
• Meeting with network administrator, listen to them about why they see
and fee feel is going on
• Social networking sites are often griped about as a time
• Review/update annually
• Look at polices and work with consultant to see if they’re up to
date or if new rules have been established
PREPARATION
• Perform a PHI data risk analysis
• Hire out if you don’t know how to, lawyers, consultants
• Look at state government for example security plans
• Update BA Agreements
• Explore cyber liability insurance
• Transfer the cost of remediating a data breach
• Major insurers have cyber liability coverage
• AIG, Zurich (A-Z)
• Legal defense, breach notification costs, credit monitoring
(things you offer people who have been victims)
• Benefit: they’ll do a HIPPA privacy and security assessment for
you!
• Can give discount if you have a response plan in place
PREPARATION
• Develop/test an incident response plan
• Document which pulls together the actions the
organization will take when breach is caught
• Who is on the response team (IT, HR, PR, account
management)? Who calls the lawyer, and when?
• Goes through scenarios (what happens if someone’s
laptop gets stolen?) to anticipate before a breach
happens
RESOURCES AND WEBSITES
Oregon HIPAA Forum
http://www.oregonhipaaforum.org
Oregon Health Authority
http://public.health.oregon.gov/DISEASESCONDITIONS/COMMUNI
CABLEDISEASE/LOCALHEALTHDEPARTMENTS/Pages/hipaa.aspx
Office for Civil Rights
http://www.hhs.gov/ocr/hipaa
Dept. Health and Human
Services
http://www.hhs.gov/hipaafaq/use/index.html
RESPONSE TO BREACH
• Anatomy of a data breach
• Roles
• Who will take various roles?
•
•
•
•
Communication to patient
Communication to OCR
Communication to technology staff/consultant
Communication to attorneys
• Best practices
Related documents
Best Practices to Minimize Risk
Best Practices to Minimize Risk
Understanding HIPAA Compliance
Understanding HIPAA Compliance
CARDIOLOGY ASSOCIATES OF PRINCETON, PA
CARDIOLOGY ASSOCIATES OF PRINCETON, PA
High Court case Citation Court Procedural History Facts Issue
High Court case Citation Court Procedural History Facts Issue
HIPAA (Health Insurance Portability & Accountability Act)
HIPAA (Health Insurance Portability & Accountability Act)
Information Disclosure as a light-weight regulatory mechanism
Information Disclosure as a light-weight regulatory mechanism
HIPAA Regulations
HIPAA Regulations
HIPAA’S FINAL RULE: Putting Things in Perspective – Comments from OCR
HIPAA’S FINAL RULE: Putting Things in Perspective – Comments from OCR
Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder
Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder
D . J e f f r e...
D . J e f f r e...
HIPAA 101 - What is PHI?
HIPAA 101 - What is PHI?
Changes in the Law, Cost, and Complexity of Responding to Breaches
Changes in the Law, Cost, and Complexity of Responding to Breaches
Download
advertisement