Nine HIPAA Compliance Questions to ask Yourself
•
0 likes•381 views
An overview of the common questions and misconceptions about HIPAA Compliance. This gives an overview of our approach to becoming compliant
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Nine HIPAA Compliance Questions to ask Yourself
Similar to Nine HIPAA Compliance Questions to ask Yourself (20)
More from LERNER Consulting
More from LERNER Consulting (20)
Recently uploaded
Recently uploaded (20)
Nine HIPAA Compliance Questions to ask Yourself
- 1. Privileged and Confidential Information Nine HIPAA Compliance Question to Ask Yourself LERNER Consulting 2014
- 2. Privileged and Confidential Information Sleep More Soundly 1 People sleep more soundly when they feel secure. When you are well rested, your potential grows. Today’s enterprises face a laundry list of challenges from ever evolving compliance requirements to new technical environments to cyberterrorism and extortionists. Traditional security measures are at best response driven or worse passive. LERNER’s Compliance Practice helps you become proactive towards the things that interfere with your business. Let us help you unlock your potential Twitter: @RevInnovator
- 3. Privileged and Confidential Information Food for Though Questions 1. How do you provide solutions that address optimal Required and Addressable clauses? 2. Do you have or need full-time Chief Security and Privacy Officer(s)? 3. Have you completed the Omnibus updates? 4. Do you have a document management system that allows you to quickly and easily retrieve the required documents? 5. How often do you review your IT Policies and Procedures? 6. Do you have a training program for both IT Security and HIPAA? 7. Must our organization comply with every clause? 8. What if we don’t (think) we handle any data? Must we be compliant? 9. Is a Business Associate the same as a Covered Entity? 2Twitter: @RevInnovator
- 4. Privileged and Confidential Information HIPAA Compliance Services 3 We begin with a focused risk assessment, rather than addressing the flavor of the day. Our approach is to take an assessment of how a set of risks or compliance needs impacts your enterprise. From there we address develop the controls that effect people, process, technology and systems. LERNER addresses the regulatory requirements and internal handoffs, providing clients with an alignment plan to support business objectives and IT implementation. Internally there must be clear plans that include communication to employees and partners. The implementation of a system helps support HIPAA processes through automated action and process controls. Assess Advise Resolve Ac#vi#es § Iden#fy relevant HIPAA mandates (E.g., CFR Title 45) § Select HIPAA processes and procedures for remedia#on § Gather exis#ng enterprise processes § Perform gap analysis § Iden#fy internal stakeholders § Conduct business alignment workshop(s) § Define/Create process maps § Iden#fy controls required for: § Administra#ve Safeguards § Physical Safeguards § Technical Safeguards § Organiza#onal Requirements § Policies and Procedures § Other required controls § Develop enterprise specific plans § Iden#fy metrics and measurements § Implement processes § Implement system implementa#on/updates § Test implementa#on and controls § Provide and execute communica#ons plan and change management Deliverables § Internal charter § Gap Analysis § Implementa#on roadmap § Integra#on/overlap with other compliance ac#vi#es § Finalized process maps § Define processes, new roles/responsibili#es as required § Develop documenta#on § Implementa#on roadmap § Metrics for success § Systems implementa#on § Change management and communica#ons plan Twitter: @RevInnovator
- 5. Privileged and Confidential Information Case Study: Systems Integrator – HIPAA Compliance How we solved it • LERNER was engaged to help the SI become HIPAA compliant. In a seven step process we addressed key areas of compliance (e.g., Administrative Safeguards, Technical, Organizational, Physical Safeguards) – Did a comprehensive review of management policies and business operations – Wrote and implemented IT Policies and Procedures for end users – Revised network and desktop architectures to support compliance needs. Implemented security polices (encryption, password management, firewall management, network penetration test) – Developed physical security measures (e.g., keycards) – Addressed specific payer needs (e.g., mobile device management) – Served as Chief Security Officer for the client organization – Developed and implement business continuity and disaster recovery plans – Worked with executive management to implement a Risk Management plan with contingencies 4 Problem Statement • Client is a Systems Integrator providing IT services to large healthcare payers • Client has access to both Protected Health and Personally Identifiable Information. Access was granted to production systems and databases • An initial review of security features by a healthcare payer found that Client was lacking overall in HIPAA compliances What the client achieved • Compliance within six weeks • Insurer awarded client one year contract for outsourcing • Compliance for other Insurers • A secure and compliant development center Twitter: @RevInnovator
- 6. Privileged and Confidential Information Lawrence I Lerner – Managing Director 5 Relevant accomplishments and highlights: § Author of four software methodologies for product and package selection. This includes Cognizant’s Portfolio Analysis which has been recognized by the analyst community as a ground breaking for product transformation and development § Lead organizational redesign and process re-engineering for all of IT at Kimberly-Clark § Development of IT Security Policies for multiple organizations including the American Medical Association, Motorola, a New York based Civil Right organization and other top brand companies § Global practice leader for IT Security Practice at Cognizant § Board member for PNI Digital Media, Audit Committee Member Lawrence has over 25 years experience as a Digital Strategist for the world’s top brands. His background includes development of eBusiness initiatives at PricewaterhouseCoopers, development of Cognizant Technology Solution’s Business Technology and Advanced Solutions groups and creation of strategic solutions for UST Global. Lawrence has over fifteen years in IT and business process outsourcing/offshoring and is widely sought after security and compliance expert. Lawrence is well known for bringing game changing programs to companies. He has extensive experience as a both Chief Technology Officer and Business Strategist, taking core business needs and realizing them through technology. His process consulting work has been recognized as “best in class” by Gartner in 2009 http://eon.businesswire.com/news/eon/20100518006108/en - “UST Global Completes Next Generation BPM Solution for Catalina Marketing.” Catalina is the global leader in shopper-driven marketing solutions, providing brand manufacturers, retailers and healthcare providers with shopper-driven marketing solutions to meet growth objectives Previously Lawrence lead Cognizant and PwC IT (Chicago) Security Consulting practices and was responsible for the development of services and client audits. He has been responsible for IT Security and audits since the late 90’s. Lawrence was previously on the board of Directors for PNI Digital Media (TSX–V: PN; Now Staples). PNI is the premier provider of digital solutions, housing over four petabytes of online photos, for the photo industry. He was an active Director, providing governance and new product strategies Twitter: @RevInnovator
- 7. Thank You! Contact Us email: lawrence@lawrenceilerner.com Direct: +1.630.248.0663 Twitter: @RevInnovator