Hipaa Compliance With IT

  • 3,329 views
Uploaded on

Achieving HIPAA Compliance with help from IT

Achieving HIPAA Compliance with help from IT

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Hi Nainil,

    It was encouraging to know your creative ideas about how to achieve HIPAA Compliance. i am working as a Compliance officer. We would like to have any further views also in case you could share the PPT it would be great.

    Regards,
    Swapnil Choudhari
    91-9922939950 [India]
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
3,329
On Slideshare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
0
Comments
1
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Introduction to HIPAA and Nainil

Transcript

  • 1. Achieving HIPAA Compliance with help from IT Nainil Chheda www.nainil.com
  • 2. This is like:
    • Mastering the art of eating a yogurt with a Fork
  • 3. Do we know what HIPAA is?
    • Hippo is the third largest land animal
    • It is:
      • Huge
      • Has a large jaw
      • Has an Invisible Boundary which is not to be crossed
  • 4. Quick Facts
    • How many words and lines are in the Health Insurance Portability and Accountability Act?
    • About 73,840 words, 5704 lines
  • 5. IT Facilitates
    • Moving with the elements (together)
    • Not as a Dictator
  • 6. Awareness
    • Software and hardware, in and of themselves, cannot be "HIPAA compliant"
    • It (Software / Hardware) can only aid a practice become HIPAA compliant
    eCW along with other added components can help a practice achieve HIPAA compliance
  • 7. Is Technology a Challenge?
    • No
    • Then what are the most common challenges in being HIPAA Compliant?
    • 1) People
    • 2) Processes
    • 3) Policies
  • 8. Checklist
    • Education
    • Business Policies
    • Technology (standards compliance)‏
    • Documentation
    • Periodic Audit
  • 9. Training & Policy
    • Training
    • Mandated by Law
    • Employee training
    • Twice a year
    • TRUP
    • (Technological Resource Utilization Policy)
    • Signed by employees
    • Signed by business associates
  • 10. Controls
    • sFTP for Database Transfer
    • Domain controller
    • Remote Desktop (Secure VNC etc)
    • HIPAA disclaimer (in email signature)
    • Secure Individual Fax Inbox
    • Secure Email (like Network Solutions – MessageGuard)
  • 11. Documentation
    • Escalation Path
    • Server Access Logs
    • Maintenance Logs
    • Proactive Email/RSS Notification
  • 12. Certified Data Destruction
    • Secure bins
    • On-site destruction
    • DOD 7 layer format
  • 13. Do not get scared after this slide
  • 14. CMS Investigation Interview
    • Personnel Interviewed
      • President
      • HIPAA Compliance Officer
      • Network Engineer
      • HR
      • Director of Training
    • Source : http://www.cms.hhs.gov/Enforcement/Downloads/InformationRequestforComplianceReviews.pdf
    • Document Request
      • Policy documents on prevention, detection and correction of security violations
      • Physical security
      • User Access
      • User Termination
      • Access to EPHI
      • Password management
  • 15. Other Documents
    • Network penetration testing policy and procedure
    • Entity-wide security plan
    • Risk analysis
    • Organizational chart
    • Data backup procedure
    • Disaster recovery plan
    • Virus protection plan
    • Training Courses
  • 16. Thank You Nainil Chheda [email_address] http://www.nainil.com