In this webinar, AvePoint's Chief Compliance & Risk Officer Dana Simberkoff and AvePoint's Director of Risk Management & Compliance Marc Dreyfus shared the playbook to jumpstart your comprehensive, automated program to mitigate the risk of data loss, privacy, and security breaches using AvePoint Compliance Guardian’s “Say it, do it, prove it” approach. To watch the webinar, please visit: http://www.avepoint.com/resources/videos/
Dev Dives: Streamline document processing with UiPath Studio Web
3 Steps to Automate Compliance for Healthcare Organizations
1. Three Steps to Automate Compliance for
Healthcare Organizations
Dana Simberkoff, JD, CIPP/US
Chief Compliance and Risk Officer, AvePoint
Marc Dreyfus, CIPP/US, CIPP/T
Director, Risk Management & Compliance, AvePoint
Accessible content is available upon request.
2. • State of IT Compliance
• HIPAA, HITECH -Why worry?
• Assessment: Knowing is Half the Battle
• Three Steps to Automate Compliance: Say it, Do it, Prove it
• Getting to Yes: Privacy & Security by Design
6. How do we balance the business benefit of the free flow of information with the
risk of inappropriate access and disclosure?
7.
8. Broad application
… to doctors, hospitals, pharmacies, medical billing services, health care plans, HMOs, and business associates of
these entities such as their accountants and attorneys
Applies to all records
Requires that all records regardless of format be managed as part of the organization’s official records
management program
Carries hefty penalties
Medical fraud has increased nearly 20 percent in the past year, affecting an estimated 1.84 million American adults
and costing victims $12.3 billion in out-of-pocket medical expenditures.
9. Openness &
transparency
Ensure all data sources link to privacy policies
Collection, use &
disclosure limitation
Secure methods used to collect PHI through
websites and web applications
Safeguards
Monitor, notify, and act when PHI is stored
inappropriately
Accountability
Multi-layer reporting to deliver visibility into HIPAA
compliance status
Individual choice
Allow for review of privacy policy and opt-out prior
to submitting PHI
Correction
Create an accessible, protected manner for
disputing accuracy of information through secure
web-enabled applications
13. • What kind of data is
stored in your
information and
collaboration gateways
and why?
• How business users
within your organization
are utilizing the IT
systems that hold
information that may be
at risk.
File System
Cloud
Social
SharePoint
21. Develop a service level agreement
among your compliance officers, your IT
team, and the business before you
implement a compliance plan.
It’s important to understand:
• What kinds of data your business handles and
uses
• How your co-workers are using it for their day-to-day
jobs
• Why and how they need to handle protected data
in the course of their work
22.
23. What are you trying to
protect and from whom?
Name
Address
Important dates
Telephone & fax numbers
Email address
Social Security number
Medical record number
Health plan beneficiary number
Account number
Certificate/license number
Vehicle/device serial numbers
24.
25.
26.
27. Do It: Take Action on Risk-Defined Content and Systems to Ensure
Compliance
28. Create common-sense
policies, rules, and IT controls
Implement transparent and
non-transparent controls to IT
environments
Automate the process of
regulated content protection
29. Trust your end users
to appropriately
identify and classify
sensitive data they are
handling and/or
creating, but verify
that they are doing so
properly.
30.
31. • Make it easier for your employees to do the right
thing than the wrong thing
• Create a transparent security organization to
discourage employees from working around security
“Culture eats strategy for lunch!”
39. Download our free privacy impact
assessment tool
privacyassociation.org/resources/apia
Learn more about Compliance Guardian
avepoint.com/compliance-guardian
Sign up for a free consultation
pages.avepoint.com/compliance-consultation
Article: Automation key to successful
policy implementation
ow.ly/ENB13