• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 hipaa presentation

hipaa presentation







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

     hipaa presentation hipaa presentation Presentation Transcript

    • HIPAA Security Putting the Pieces Together People’s Hospital
      • C onfidentiality-preventing disclosure
      • of private information
      • I ntegrity- ensuring health data has not
      • been altered or misplaced
      • A vailability- ensures information is
      • accessible by authorized
      • users
      Security Rules ensure C.I.A
    • 3 Safeguards of the HIPAA Security Rules
      • Technical
      • Physical
      • Administrative
    • Technical
      • Access- granted based on job level and a “need to know”, password protected access, monitor logins, audit access, and mandate locking of computers. Use auto logoffs, Mandate no sharing of passwords and changing passwords every 3 months
      • Electronic transmission of ePHI must be encrypted and decrypted
    • Technical cont.
      • Terminate access immediately should employee leave
      • Educate staff on strong password use
      • Mandate passwords be changed when compromised
      • Educate staff on the consequence of inappropriate password use
    • Physical
      • Protect hardware from theft and destruction
      • Monitor access of staff and visitors into the hospital
      • Restrict access to areas based on job roles
      • Protect servers from physical damage and store in an access controlled area
      • Prohibit network alterations
      • Ensure disposal of paper data in shred boxes and electronic data must be destroyed prior to shredding
    • Administrative
      • Risk Analysis- perform an assessment of the risk to determine necessary activities
      • Policies and procedures to prevent, detect, contain and correct security violations
      • Risk Management- measures to reduce risk such as using virus protection and firewall’s
    • Administrative cont.
      • Sanctions- Ensure staff are educated on the “0 tolerance” policy regarding infractions
      • Information System Activity Review- run audits and reports regularly
      • Security Awareness-ensure all staff are trained on security
      • Back Up data plans and disaster recovery plans will be implemented
    • Administrative cont.
      • Mr. Joe Smith, the Information Security officer responsible for policies and procedures
      • Security Incident Reporting- identify violations and corrective actions
      • Instruct staff aware if an unauthorized disclosure occurs, they should report it promptly
      • HIPAA is mandated by law
      • All health care providers and their associates must comply
      • All health care providers and their associates must be aware of the laws and consequences of violations
    • Ensure Compliance
    • References
      • Wager, K. A., Lee, F. W., & Glaser, J. (2009). Introduction to Health Care Information. Health care information systems: a practical approach for health care management (2nd ed., p. 5). San Francisco, CA: Jossey-Bass.
      • Summary of the HIPAA Security Rule. (n.d.). United States Department of Health and Human Services . Retrieved June 20, 2011, from http://www.hhs.gov/ocr/privacy/hipaa