Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
HIPAA Security Putting  the Pieces Together People’s  Hospital
<ul><li>C onfidentiality-preventing disclosure  </li></ul><ul><li>of private  information </li></ul><ul><li>I ntegrity- en...
3 Safeguards of the HIPAA Security Rules <ul><li>Technical </li></ul><ul><li>Physical </li></ul><ul><li>Administrative </l...
Technical <ul><li>Access- granted based on job level and a “need to know”, password protected access, monitor logins, audi...
Technical cont. <ul><li>Terminate access immediately should employee leave </li></ul><ul><li>Educate staff on strong passw...
Physical <ul><li>Protect hardware from theft and destruction </li></ul><ul><li>Monitor access of staff and visitors into t...
Administrative <ul><li>Risk Analysis- perform  an assessment of the risk to determine  necessary activities </li></ul><ul>...
Administrative cont. <ul><li>Sanctions- Ensure staff are educated on the “0 tolerance”  policy regarding infractions </li>...
Administrative cont. <ul><li>Mr. Joe Smith, the  Information Security officer responsible for policies and procedures </li...
<ul><li>HIPAA is mandated by law </li></ul><ul><li>All health care providers and  their associates must comply </li></ul><...
Ensure Compliance
References <ul><li>Wager, K. A., Lee, F. W., & Glaser, J. (2009). Introduction to Health Care Information.  Health care in...
Upcoming SlideShare
Loading in …5
×

hipaa presentation

942 views

Published on

HIPAA

Published in: Technology
  • Be the first to comment

  • Be the first to like this

hipaa presentation

  1. 1. HIPAA Security Putting the Pieces Together People’s Hospital
  2. 2. <ul><li>C onfidentiality-preventing disclosure </li></ul><ul><li>of private information </li></ul><ul><li>I ntegrity- ensuring health data has not </li></ul><ul><li>been altered or misplaced </li></ul><ul><li>A vailability- ensures information is </li></ul><ul><li>accessible by authorized </li></ul><ul><li>users </li></ul>Security Rules ensure C.I.A
  3. 3. 3 Safeguards of the HIPAA Security Rules <ul><li>Technical </li></ul><ul><li>Physical </li></ul><ul><li>Administrative </li></ul>
  4. 4. Technical <ul><li>Access- granted based on job level and a “need to know”, password protected access, monitor logins, audit access, and mandate locking of computers. Use auto logoffs, Mandate no sharing of passwords and changing passwords every 3 months </li></ul><ul><li>Electronic transmission of ePHI must be encrypted and decrypted </li></ul>
  5. 5. Technical cont. <ul><li>Terminate access immediately should employee leave </li></ul><ul><li>Educate staff on strong password use </li></ul><ul><li>Mandate passwords be changed when compromised </li></ul><ul><li>Educate staff on the consequence of inappropriate password use </li></ul>
  6. 6. Physical <ul><li>Protect hardware from theft and destruction </li></ul><ul><li>Monitor access of staff and visitors into the hospital </li></ul><ul><li>Restrict access to areas based on job roles </li></ul><ul><li>Protect servers from physical damage and store in an access controlled area </li></ul><ul><li>Prohibit network alterations </li></ul><ul><li>Ensure disposal of paper data in shred boxes and electronic data must be destroyed prior to shredding </li></ul>
  7. 7. Administrative <ul><li>Risk Analysis- perform an assessment of the risk to determine necessary activities </li></ul><ul><li>Policies and procedures to prevent, detect, contain and correct security violations </li></ul><ul><li>Risk Management- measures to reduce risk such as using virus protection and firewall’s </li></ul>
  8. 8. Administrative cont. <ul><li>Sanctions- Ensure staff are educated on the “0 tolerance” policy regarding infractions </li></ul><ul><li>Information System Activity Review- run audits and reports regularly </li></ul><ul><li>Security Awareness-ensure all staff are trained on security </li></ul><ul><li>Back Up data plans and disaster recovery plans will be implemented </li></ul>
  9. 9. Administrative cont. <ul><li>Mr. Joe Smith, the Information Security officer responsible for policies and procedures </li></ul><ul><li>Security Incident Reporting- identify violations and corrective actions </li></ul><ul><li>Instruct staff aware if an unauthorized disclosure occurs, they should report it promptly </li></ul>
  10. 10. <ul><li>HIPAA is mandated by law </li></ul><ul><li>All health care providers and their associates must comply </li></ul><ul><li>All health care providers and their associates must be aware of the laws and consequences of violations </li></ul>
  11. 11. Ensure Compliance
  12. 12. References <ul><li>Wager, K. A., Lee, F. W., & Glaser, J. (2009). Introduction to Health Care Information. Health care information systems: a practical approach for health care management (2nd ed., p. 5). San Francisco, CA: Jossey-Bass. </li></ul><ul><li>Summary of the HIPAA Security Rule. (n.d.). United States Department of Health and Human Services . Retrieved June 20, 2011, from http://www.hhs.gov/ocr/privacy/hipaa </li></ul>

×