Diagnosing HIPAA Compliance

Diagnosing HIPAA Compliance



Review the key points of HIPAA and

Review the key points of HIPAA and



Total Views
Views on SlideShare
Embed Views



1 Embed 1

https://twitter.com 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Diagnosing HIPAA Compliance Diagnosing HIPAA Compliance Infographic Transcript

  • Patient no: X89563 Diagnosing HIPAA Compliance Key HIPAA Milestones • August 1996: HIPAA enacted • December 2000: Privacy Rule published • February 2003: Security Rule issued • February 2009: HITECH Act passed • March 26, 2013: HIPAA final omnibus rule effective • September 23, 2013: HIPAA audits start HHS Office for Civil Rights DirectorLeon Rodriguez said, “This finalomnibus rule marks the mostsweeping changes to the HIPAAPrivacy and Security Rules sincethey were first implemented.” Who does this affect? Why the need for HIPAA compliance? In the last 3 years records were impacted by 3 parts of HIPAA compliance: Privacy Rule 26% Security Rule 65% Breach Notif. Rule 9% Administrative Safeguards 42% Physical Safeguards 18% Technical Safeguards 40% Audit Violations within HIPAA Security Rule What is the impact of a violation or compromise? Getting started on your HIPAA compliance Evaluate the likelihood and impact of potential risks to ePHI, implement appropriate security measures, document chosen security measures, and maintain appropriate security protections. The Office of the National Coordinator for Health Information Technology has stated “doing a thorough and professional risk analysis that will stand up to a compliance review will require expert knowledge that could be obtained through services of an experienced outside professional.” Need help getting started? SecurityMetrics HIPAA Focus helps you with every step of compliance, from risk identification to audit preparation. For more information or to get started on your HIPAA compliance call 801.995.6801. www.securitymetrics.com/hipaa What is a covered entity? Health plans, health care clearinghouses and health care providers who electronically transmit any health information. • Revise Business Associate Agreements • Implement Business Associate HIPAA compliance program Damagedtrust Fines up to $50,000 per day for each viola tion Loss of revenue c ustomersLoss of publici ty Negativ e Resolution Agreement: A contract signed by HHS and a covered entity in which the covered entity agrees to per- form certain obligations, which may in- clude fine payment. These agreements are reserved to settle infractions from HIPAA investigations and/or breaches. Total of $14,883,345 in Resolution Agreements since 2008 “These changes [om- nibus rule] not only greatly enhance a patient’s privacy rights and protections, but also strengthen enforce the HIPAA privacy and secu- rity protections.” -Leon Rodriguez, HHS The Office of Civil Rights performed test audits to assess the overall HIPAA compliance efforts of covered entities. Who is a business associate? A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. That’s more than the populations of New York City, Los Angeles, Chicago, Houston, Denver, and Seattle combined. Dr.HHS Audit • http://www.hhs.gov/news/press/2013pres/01/20130117b.html • http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html • http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf • http://healthitsecurity.com/2013/03/12/ocr-talks-hipaa-breach-notification-at-himss13/