Achieving HIPAA Compliance with help from IT Nainil Chheda www.nainil.com
This is like: <ul><li>Mastering the art of eating a yogurt with a Fork </li></ul>
Do we know what HIPAA is? <ul><li>Hippo is the third largest land animal </li></ul><ul><li>It is: </li></ul><ul><ul><li>Hu...
Quick Facts <ul><li>How many words and lines are in the Health Insurance Portability and Accountability Act? </li></ul><ul...
IT Facilitates <ul><li>Moving with the elements (together) </li></ul><ul><li>Not as a Dictator </li></ul>
Awareness <ul><li>Software and hardware, in and of themselves, cannot be &quot;HIPAA compliant&quot; </li></ul><ul><li>It ...
Is Technology a Challenge? <ul><li>No </li></ul><ul><li>Then what are the most common challenges in being HIPAA Compliant?...
Checklist <ul><li>Education </li></ul><ul><li>Business Policies </li></ul><ul><li>Technology (standards compliance)‏ </li>...
Training & Policy <ul><li>Training </li></ul><ul><li>Mandated by Law </li></ul><ul><li>Employee training </li></ul><ul><li...
Controls <ul><li>sFTP for Database Transfer </li></ul><ul><li>Domain controller </li></ul><ul><li>Remote Desktop (Secure V...
Documentation <ul><li>Escalation Path </li></ul><ul><li>Server Access Logs </li></ul><ul><li>Maintenance  Logs </li></ul><...
Certified Data Destruction <ul><li>Secure bins </li></ul><ul><li>On-site destruction </li></ul><ul><li>DOD 7 layer format ...
Do not get scared after this slide
CMS Investigation Interview <ul><li>Personnel Interviewed </li></ul><ul><ul><li>President </li></ul></ul><ul><ul><li>HIPAA...
Other Documents <ul><li>Network penetration testing policy and procedure </li></ul><ul><li>Entity-wide security plan </li>...
Thank You Nainil Chheda [email_address]   http://www.nainil.com
Upcoming SlideShare
Loading in...5
×

Hipaa Compliance With IT

3,431

Published on

Achieving HIPAA Compliance with help from IT

Published in: Health & Medicine, Technology
1 Comment
4 Likes
Statistics
Notes
  • Hi Nainil,

    It was encouraging to know your creative ideas about how to achieve HIPAA Compliance. i am working as a Compliance officer. We would like to have any further views also in case you could share the PPT it would be great.

    Regards,
    Swapnil Choudhari
    91-9922939950 [India]
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
3,431
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide
  • Introduction to HIPAA and Nainil
  • Transcript of "Hipaa Compliance With IT"

    1. 1. Achieving HIPAA Compliance with help from IT Nainil Chheda www.nainil.com
    2. 2. This is like: <ul><li>Mastering the art of eating a yogurt with a Fork </li></ul>
    3. 3. Do we know what HIPAA is? <ul><li>Hippo is the third largest land animal </li></ul><ul><li>It is: </li></ul><ul><ul><li>Huge </li></ul></ul><ul><ul><li>Has a large jaw </li></ul></ul><ul><ul><li>Has an Invisible Boundary which is not to be crossed </li></ul></ul>
    4. 4. Quick Facts <ul><li>How many words and lines are in the Health Insurance Portability and Accountability Act? </li></ul><ul><li>About 73,840 words, 5704 lines </li></ul>
    5. 5. IT Facilitates <ul><li>Moving with the elements (together) </li></ul><ul><li>Not as a Dictator </li></ul>
    6. 6. Awareness <ul><li>Software and hardware, in and of themselves, cannot be &quot;HIPAA compliant&quot; </li></ul><ul><li>It (Software / Hardware) can only aid a practice become HIPAA compliant </li></ul>eCW along with other added components can help a practice achieve HIPAA compliance
    7. 7. Is Technology a Challenge? <ul><li>No </li></ul><ul><li>Then what are the most common challenges in being HIPAA Compliant? </li></ul><ul><li>1) People </li></ul><ul><li>2) Processes </li></ul><ul><li>3) Policies </li></ul>
    8. 8. Checklist <ul><li>Education </li></ul><ul><li>Business Policies </li></ul><ul><li>Technology (standards compliance)‏ </li></ul><ul><li>Documentation </li></ul><ul><li>Periodic Audit </li></ul>
    9. 9. Training & Policy <ul><li>Training </li></ul><ul><li>Mandated by Law </li></ul><ul><li>Employee training </li></ul><ul><li>Twice a year </li></ul><ul><li>TRUP </li></ul><ul><li>(Technological Resource Utilization Policy) </li></ul><ul><li>Signed by employees </li></ul><ul><li>Signed by business associates </li></ul>
    10. 10. Controls <ul><li>sFTP for Database Transfer </li></ul><ul><li>Domain controller </li></ul><ul><li>Remote Desktop (Secure VNC etc) </li></ul><ul><li>HIPAA disclaimer (in email signature) </li></ul><ul><li>Secure Individual Fax Inbox </li></ul><ul><li>Secure Email (like Network Solutions – MessageGuard) </li></ul>
    11. 11. Documentation <ul><li>Escalation Path </li></ul><ul><li>Server Access Logs </li></ul><ul><li>Maintenance Logs </li></ul><ul><li>Proactive Email/RSS Notification </li></ul>
    12. 12. Certified Data Destruction <ul><li>Secure bins </li></ul><ul><li>On-site destruction </li></ul><ul><li>DOD 7 layer format </li></ul>
    13. 13. Do not get scared after this slide
    14. 14. CMS Investigation Interview <ul><li>Personnel Interviewed </li></ul><ul><ul><li>President </li></ul></ul><ul><ul><li>HIPAA Compliance Officer </li></ul></ul><ul><ul><li>Network Engineer </li></ul></ul><ul><ul><li>HR </li></ul></ul><ul><ul><li>Director of Training </li></ul></ul><ul><li>Source : http://www.cms.hhs.gov/Enforcement/Downloads/InformationRequestforComplianceReviews.pdf </li></ul><ul><li>Document Request </li></ul><ul><ul><li>Policy documents on prevention, detection and correction of security violations </li></ul></ul><ul><ul><li>Physical security </li></ul></ul><ul><ul><li>User Access </li></ul></ul><ul><ul><li>User Termination </li></ul></ul><ul><ul><li>Access to EPHI </li></ul></ul><ul><ul><li>Password management </li></ul></ul>
    15. 15. Other Documents <ul><li>Network penetration testing policy and procedure </li></ul><ul><li>Entity-wide security plan </li></ul><ul><li>Risk analysis </li></ul><ul><li>Organizational chart </li></ul><ul><li>Data backup procedure </li></ul><ul><li>Disaster recovery plan </li></ul><ul><li>Virus protection plan </li></ul><ul><li>Training Courses </li></ul>
    16. 16. Thank You Nainil Chheda [email_address] http://www.nainil.com

    ×