Your SlideShare is downloading. ×
0
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

eFolder Webinar, 10 HIPAA FAQs from MSPs and VARs

991

Published on

Join HIPAA compliance expert Mike Semel as he answers the most pressing compliance questions from MSPs and VARs. Semel explores common misunderstandings of HIPAA compliance, especially with new …

Join HIPAA compliance expert Mike Semel as he answers the most pressing compliance questions from MSPs and VARs. Semel explores common misunderstandings of HIPAA compliance, especially with new stricter standards implemented in Septemeber 2013. Compliance expertise is a potent differentiator for partners in today's competitive landscape.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
991
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 10 HIPAA FAQs from MSPs and VARs Carlo Tapia Marketing Coordinator, eFolder 678-888-0700 x167 ctapia@efolder.net Mike Semel President, Chief Compliance Officer, Semel Consulting 888-997-3635 x 101 mike@semelconsulting.com
  • 2. Agenda • Introductions • What is HIPAA? • What must MSPs and VARs do to comply? • When was the HIPAA deadline? • What is the cost of HIPAA? • 10 HIPAA FAQs from MSPs and VARs 2 © 2014 eFolder, Inc. All Right Reserved.
  • 3. eFolder Expert: Mike Semel 3 © 2014 eFolder, Inc. All Right Reserved.
  • 4. Semel Consulting • Founded in September, 2012 • 30-year VAR/MSP • 10 years’ experience with HIPAA, conducting assessments and remediation • Former Hospital CIO • Specialization in health care, financial, and education verticals 4 © 2014 eFolder, Inc. All Rights Reserved.
  • 5. What is HIPAA? • Health Insurance Portability and Accountability Act (1996) • Reduces health care fraud and abuse • Mandates industry-wide standards for health care information • Requires the protection and confidential handling of protected health information 5 © 2014 eFolder, Inc. All Right Reserved.
  • 6. The Cost of HIPAA Resolution Agreement with Adult & Pediatric Dermatology, P.C. of Massachusetts - lost flash drive $1.5M Alaska DHSS settles HIPAA security case lost hard drive HHS.gov/ocr/privacy/hipaa/enforcement/examples/index.html 6 © 2014 eFolder, Inc. All Right Reserved. $150K Massachusetts provider settles HIPAA case - lost laptop $1.7M
  • 7. When was the HIPAA Deadline? 7 © 2014 eFolder, Inc. All Rights Reserved.
  • 8. What must MSPs and VARs do to comply? Comply with HIPAA’s Administrative, Technical, and Physical Safeguards 8 © 2014 eFolder, Inc. All Right Reserved.
  • 9. Question 1 What information is protected by HIPAA? • Any combination of a patient’s name (or other identifier) with information about their medical diagnoses or treatment • Can be written, verbal or electronic • On any device or in the Cloud 9 © 2014 eFolder, Inc. All Right Reserved.
  • 10. Question 2 Why do we have to comply with HIPAA as a Business Associate? • Your health care clients and business that support health care clients give you access to electronic Protected Health Information (ePHI), or the systems that store it 10 © 2014 eFolder, Inc. All Right Reserved.
  • 11. Question 3 If a client refuses to sign a Business Associate Agreement with us can we still do business with them? • Yes; you do not have a risk if your client refuses to comply with HIPAA • You have to comply with HIPAA with or without a signed contract 11 © 2014 eFolder, Inc. All Right Reserved.
  • 12. Question 4 Do we have a responsibility to report if our client is doing something intentionally or deliberately out of compliance? • No; HIPAA does not require you to report your client for non-compliance • HIPAA does require your client to ensure that you are compliant, is supposed to give you a chance to remediate compliance issues, and cancel their contract and report you if you don’t comply 12 © 2014 eFolder, Inc. All Right Reserved.
  • 13. Question 5 Do we have to sign Business Associate Agreements with our vendors? • Any vendor that stores ePHI is a Business Associate and must comply with HIPAA • Cloud services, online backup providers, and data centers must sign Business Associate (BA) Agreements • You or your vendor may originate the contract 13 © 2014 eFolder, Inc. All Right Reserved.
  • 14. Question 6 How can we verify our my backup and cloud vendors are really HIPAA compliant? • Any data you send to a non-compliant vendor is a HIPAA data breach • Some vendors think that signing BA Agreements is enough • Validate that the vendor is complying beyond signing agreements • If you aren’t convinced of your vendors’ level of compliance, switch vendors! 14 © 2014 eFolder, Inc. All Right Reserved.
  • 15. Question 7 Do our clients really need Domain networks instead of Workgroup networks? • Yes; HIPAA requires Individual User Identification, Audit Logs, and Information System Activity Review, all of which require a Domain instead of a Workgroup • Audit Logs must be retained for 6 years 15 © 2014 eFolder, Inc. All Right Reserved.
  • 16. Question 8 If a laptop computer is encrypted and then lost, is it reportable? • No; encrypting any device provides a ‘Safe Harbor’ and the loss is not reportable 16 © 2014 eFolder, Inc. All Right Reserved.
  • 17. Question 9 Are cloud vendors and backup providers exempt from HIPAA because the data is encrypted and they don’t have encryption keys? • No; while encryption provides ‘Safe Harbor’ in case of a data breach, it is not an exemption for an organization that maintains encrypted data 17 © 2012 eFolder, Inc. All Right Reserved.
  • 18. Question 10 What do we have to do to become HIPAA-compliant? • Learn HIPAA! • Implement HIPAA-specific policies and procedures • Do a HIPAA Risk Analysis • Train your workforce • Perform and document ongoing HIPAA-compliant services • Select HIPAA-compliant partners, like eFolder 18 © 2014 eFolder, Inc. All Right Reserved.
  • 19. eFolder and HIPAA • eFolder will sign Business Associate Agreements • eFolder has completed a proper HIPAA Risk Analysis conducted by experienced professionals • eFolder has written HIPAA-specific policies and procedures • eFolder has trained its workforce to comply with HIPAA • eFolder has retained HIPAA professionals to maintain compliance over time • eFolder will provide you with a letter attesting to our HIPAA compliance to take to your clients 19 © 2014 eFolder, Inc. All Rights Reserved.
  • 20. eFolder and HIPAA • eFolder Partners, contact your account manager for Business Associate Agreement (BAA) • All registrants will receive a HIPAA Compliance Playbook – Video training course to educate partners – Microsoft PowerPoint to train employees – Example HIPAA compliance checklist – Example Business Associate Agreement (BAA) – More! 20 © 2014 eFolder, Inc. All Right Reserved.
  • 21. HIPAA Compliance Workshop HIPAA Rapid Compliance VARs/MSPs Virtual Workshop • 6-hours of webinar training • Customized policies and checklists & a lot more • 1-on-1 consulting • No travel costs, lost workdays, lawyer lectures • Webinars will be recorded for review or sharing with other employees 21 © 2014 eFolder, Inc. All Right Reserved.
  • 22. HIPAA Compliance Workshop Registration • http://bit.ly/NCRTrC • Workshop limited to 35 participants Cost • $1,299 • $999 for eFolder partners Dates • Monday, March 10, 8 a.m.- 10 a.m. PT • Thursday, March 13 8 a.m. - 10 a.m. PT • Monday, March 17 8 a.m. - 10 a.m. PT 22 © 2014 eFolder, Inc. All Right Reserved.
  • 23. Q&A www.efolder.net +1 800-352-0248 HIPAA Compliance Workshop http://bit.ly/NCRTrC

×