A 8-SLIDE INTRODUCTION
HIPAA Security Risk Analysis
for Business Associates
7/30/2013www.redspin.com
1
1-800-721-9177
What Changed?
www.redspin.com
2
 HITECH/HIPAA Omnibus Rule Expands Definition
of Business Associates
 Business Associate...
What Changed?
www.redspin.com
3
 HITECH Act and HIPAA Omnibus Rule Expands
Definition of Business Associates
 Now includ...
www.redspin.com
4
 Business Associates Must Comply with Many of
Same HIPAA Security and Privacy Provisions as
Covered Ent...
www.redspin.com
5
 Liability for Certain Compliance Failures (e.g.
PHI Data Breach) Now Extends Directly to
Business Asso...
Why Conduct a HIPAA Security Risk Analysis?
www.redspin.com
6
 To Comply with the HIPAA Security Rule
 HIPAA Security Ru...
What is a HIPAA Security Risk Analysis?
www.redspin.com
7
 Purpose of a Risk Analysis is to Identify:
 Threats to the or...
What is a HIPAA Security Risk Analysis?
www.redspin.com
8
 Scope of a Risk Analysis Can Include:
 HIPAA gap analysis (po...
Upcoming SlideShare
Loading in...5
×

HIPAA Security Risk Analysis for Business Associates

441

Published on

A 8-slide primer on why Business Associates should conduct a HIPAA Security Risk Analysis to meet their new compliance and risk management needs. Includes updates from HITECH Act and HIPAA Omnibus Rule.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
441
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

HIPAA Security Risk Analysis for Business Associates

  1. 1. A 8-SLIDE INTRODUCTION HIPAA Security Risk Analysis for Business Associates 7/30/2013www.redspin.com 1 1-800-721-9177
  2. 2. What Changed? www.redspin.com 2  HITECH/HIPAA Omnibus Rule Expands Definition of Business Associates  Business Associates Must Now Comply with Many of Same HIPAA Security and Privacy Provisions as Covered Entities  Liability for Certain Compliance Failures (e.g. PHI Data Breach) Now Extends Directly to Business Associates 7/30/20131-800-721-9177
  3. 3. What Changed? www.redspin.com 3  HITECH Act and HIPAA Omnibus Rule Expands Definition of Business Associates  Now includes subcontractors of Business Associates  Person or entity that “creates, receives, maintains, or transmits protected health information on behalf of a covered entity  Illustrative examples: data storage companies, health information organizations, e-prescribing gateways, vendors of personal health records 7/30/20131-800-721-9177
  4. 4. www.redspin.com 4  Business Associates Must Comply with Many of Same HIPAA Security and Privacy Provisions as Covered Entities  All provisions of HIPAA Security Rule with regard to ePHI including the requirement to conduct a Security Risk Analysis  Report breaches of PHI to covered entity  Execute and maintain contractual relationships with subcontractors with same restrictions and provisions regarding protection of PHI as business associate What Changed? 7/30/20131-800-721-9177
  5. 5. www.redspin.com 5  Liability for Certain Compliance Failures (e.g. PHI Data Breach) Now Extends Directly to Business Associates  Direct civil (and potentially criminal) liability  Subject to similar breach reporting requirements and identical monetary penalty amounts as covered entities  Penalties can be up to $50,000 per each violation with a maximum of $1.5 million per year for same violation  Compliance date is September 23, 2013 What Changed? 7/30/20131-800-721-9177
  6. 6. Why Conduct a HIPAA Security Risk Analysis? www.redspin.com 6  To Comply with the HIPAA Security Rule  HIPAA Security Rule  164.308(a)(1)(ii)(A) Risk analysis (Required) “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.” 7/30/20131-800-721-9177
  7. 7. What is a HIPAA Security Risk Analysis? www.redspin.com 7  Purpose of a Risk Analysis is to Identify:  Threats to the organization  Vulnerabilities internal and external to the organization  Consequences, impact, and harm to organizations that may occur given the potential for threats exploiting vulnerabilities  Likelihood that harm will occur 7/30/20131-800-721-9177
  8. 8. What is a HIPAA Security Risk Analysis? www.redspin.com 8  Scope of a Risk Analysis Can Include:  HIPAA gap analysis (policies, procedures, controls)  Network infrastructure security testing (vulnerability assessment)  EHR and application risk assessment  Mobile device security (organization-issued and BYOD)  Business associate compliance review  Employee security awareness 7/30/20131-800-721-9177
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×