Your SlideShare is downloading. ×

Healthcare IT: Security Risks & Regulations

290

Published on

How HIPAA & HITECH security regulations affect your business, and best practices for staying compliant!

How HIPAA & HITECH security regulations affect your business, and best practices for staying compliant!

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
290
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. What is HIPAA? HIPAA • The “Health Insurance Portability and Accountability Act (HIPAA) and its regulations protect the privacy of an individual’s health information and govern the way certain health care providers and benefits plans collect, maintain, use and disclose protected health information (PHI)
  • 2. Are You HITECH? HITECH Act • The “Health Information Technology for Economic and Clinical Health Act” (HITECH) strengthens and increases the regulations and penalties of HIPAA.
  • 3. Who is Affected? Nobody is “safe” when it comes to HIPAA and the HITECH Act. -Covered Entities • Providers • Hospitals • Health Plans -Business Associates -Subcontractors Even if your company is not in the healthcare sector, chances are HIPAA & HITECH still affect you!
  • 4. What Is… A Business Associate? • A person who performs functions or activities on behalf of, or certain services for, a CE that involves the use or disclosure of PHI • A person who creates, receives, maintains, or transmits PHI on behalf of a CE • An entity that maintains PHI even if the entity does not actually view the PHI A Covered Entity? • Any person or organization who furnishes, bills, or is paid for healthcare in the normal course of business – Hospitals – Health Plan Providers – Health Insurance Issuers – Etc… A Sub-Contractor? • A person who acts on behalf of a BA • A person that creates, receives, maintains, or transmits PHI on behalf of a BA • A person who is delegated a function, activity, or service by a BA
  • 5. Notable HIPAA & HITECH Security Breaches On July 26, 2013, a jury in Marion County, Indiana, awarded $1.44 million to a Walgreens customer based on allegations that the customer's pharmacist accessed, reviewed and shared the customer's prescription history with others who then used the information to intimidate and harass the customer. Source: http://www.mondaq.com/unitedstates/x/260050/Healthcare/HIPAA+Violation+Results+In+144m+Jury+Verdict+Against+Walgreens+Pharmacist AHMC Healthcare, a six-hospital health system in Alhambra, California…in one of the biggest HIPAA privacy breaches ever reported, the health system notified 729,000 patients that their protected health information has been compromised following the theft of two unencrypted laptops by a transient. Source: http://www.healthcareitnews.com/news/HIPAA-breach-brings-bad-news-for-729,000 The Oregon Health & Science University has notified 3,044 patients that their protected health information has been compromised after several residents and physicians-in-training inappropriately used Google cloud services to maintain a spreadsheet of patient data. Source: http://www.healthcareitnews.com/news/fourth-big-hipaa-breach-ohsu
  • 6. How Can I Stay Compliant? Common Violation: - Unauthorized access by a member of the care team or administration Example of How to Avoid: - Lock down security to all medical records - Set up a password-protected central system for accessing these information - Change Password periodically - Set up administrative safeguards to protect access and prevent non-authorized personnel from viewing or receiving PHI Common Violation: -Improperly using the internet Example of How to Avoid: - Make your staff aware that posting of any PHI on social-media sites is a violation of privacy - Avoid posting surgery schedules online - Never send unencrypted e-mails that contain PHI *Source: http://medicalofficetoday.com/Content_free/Common-HIPAA-Violations.aspx *Source: http://medicalofficetoday.com/Content_free/Common-HIPAA-Violations.aspx
  • 7. How Can I Stay Compliant? Common Violation: -Failure to secure and/or shred paper documents Example of How to Avoid: - Keep all paper-records in a locked room, cabinet, or an off-site location - Shred all discarded sensitive documents thoroughly - Avoid putting stickers on the outside of a patient’s chart to indicate diagnosis Common Violation: -Being overheard discussing PHI Example of How to Avoid: - Train staff not to leave PHI in phone messages - Use private rooms for PHI-based discussions or phone calls - Lock your computer screen whenever leaving your desk *Source: http://medicalofficetoday.com/Content_free/Common-HIPAA-Violations.aspx *Source: http://medicalofficetoday.com/Content_free/Common-HIPAA-Violations.aspx
  • 8. HIPAA & HITECH: Fines & Penalties HIPAA Violation Minimum Penalty Maximum Penalty Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA $100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) $50,000 per violation, with an annual maximum of $1.5 million HIPAA violation due to reasonable cause and not due to willful neglect $1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million HIPAA violation due to willful neglect but violation is corrected within the required time period $10,000 per violation, with an annual maximum of $250,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million HIPAA violation is due to willful neglect and is not corrected $50,000 per violation, with an annual maximum of $1.5 million $50,000 per violation, with an annual maximum of $1.5 million *American Medical Association
  • 9. CHIPS Technology Group LLC 5 Aerial Way, Suite 400 Syosset, NY 11791 Tel 516-377-6585 www.chipstechnologygroup.com

×