Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact


Published on

An in-depth look at how HIPAA Compliance impacts your organization. Join us as we discuss: risk assessments, building security programs to address HIPAA, covered entities and business associates.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Firehost Webinar: Hipaa Compliance 101 Part 2- Your Organizational Impact

  1. 1. 8 April 2014 HIPAA Compliance 101: Part 2 Your Organizational Impact Kurt Hagerman Chief Information Security Officer
  2. 2. Today’s Speaker Kurt Hagerman Chief Information Security Officer Kurt Hagerman oversees all compliance related and security initiatives. He is responsible for leading FireHost in attaining ISO, PCI, HIPAA and other certifications, which allows FireHost customers to more easily achieve their own compliance requirements. He regularly speaks and writes on information security topics in the payments and healthcare spaces as well as on cloud security. HIPAA Compliance 101
  3. 3. Agenda • HIPAA’s Impact on Your Organization • Risk Assessments • Building Security Programs to address HIPAA • Covered Entities and Business Associates • Getting Started • Questions & Answers HIPAA Compliance 101
  4. 4. HIPAA: The Impact on Your Organization • Review last webinar: • Impact on your entire organization • HR, billing, finance, IT and IT security, customer service • Records retention and policies • Internal processes & procedures • Don’t forget 3rd parties – called Business Associates (BA) HIPAA Compliance 101
  5. 5. Risk Assessments Not just IT exercise – get stakeholders involved • OCR audits found poor or lack of assessments • HIPAA embraces a risk-based approach to security • Elements of proper risk assessment: • Identify all sources and flows of ePHI • Identify threats and vulnerabilities • Evaluate impact and likelihood of threats and vulnerabilities being exploited • Assign risk levels and identify mitigation options • Determine which options to implement • Don’t forget to include Business Associates HIPAA Compliance 101
  6. 6. Building Your Security Programs to Address HIPAA • Compliance does not equal security • Take results of risk assessment • Select reasonable and appropriate controls that address the identified risks • Step back and evaluate controls and compare them to industry standard framework like NIST or ISO • Ensure your controls not only meet HIPAA requirements but address key areas within those frameworks to provide protection for entire organization HIPAA Compliance 101
  7. 7. Business Associates and Covered Entities • Covered Entities: healthcare organizations, hospitals, clinics and insurers • Business Associates: vendors, service providers • Both BA’s and CE’s are now directly accountable to OCR • This requires a clear and transparent division of responsibility for security • Must put business associate agreements in place that define this division • OCR has provided guidelines for minimum content of business associate agreements (BAA) • Ensure you work with BA’s who can clearly articulate their security controls program and are transparent on division of responsibilities HIPAA Compliance 101
  8. 8. Date: HIPAA Compliance 101: Part 3 Cutting Through the Clutter: Achieving HIPAA What’s next HIPAA Compliance 101
  9. 9. &Answers Questions HIPAA Compliance 101
  10. 10. Thank You Email Phone Kurt Hagerman Chief Information Security Officer 877 262 3473 x8073 HIPAA Compliance 101