SlideShare a Scribd company logo

Hipaa hitech requirements

Download as PPTX, PDF
DQS Inc.
DQS Inc.

Featured Speaker: Subrata Guha, UL DQS Inc. IT Services Director Subrata Guha, UL DQS Inc IT Services Director, hosts this on-demand webinar that will focus on Information Security Management Systems (ISMS) and HIPAA. The presentation includes: Changes in the HIPAA privacy rules introduced in January 2013 Role of information security in the HITECH Act applicable to the Health Care sector HIPAA risk assessment How to achieve HIPAA compliance

Health & MedicineTechnologyBusiness
1 of 31
DQS–ULGroup Security Requirements for HIPAA and HITECH Act Subrata Guha Program Manager – IT Certification
DQS–ULGroup Questions What are the HIPAA Security Rules? What is HITECH Act? How to achieve compliance? Any other questions?
DQS–ULGroup What are the HIPAA Security Rules?
DQS–ULGroup Background  HIPAA - Health Insurance Portability and Accountability Act introduced in 1996  Rules updated in 2013  Objectives:  Security - Protection of Electronic Protected Health Information (EPHI)  Privacy – Protection of Protected Health Information (PHI)  Scope :Covered Entities and Business Associates  Healthcare Providers  Health Insurance Providers  Healthcare Clearinghouses  Medicare Prescription Drug Card Sponsors  Suppliers / partners of covered entities
DQS–ULGroup Players involved in HIPAA Department of Health and Human Services (HHS) Covered Entities Business Associates Patients
DQS–ULGroup Components of HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996 Title I Title II Title III Title IV Title V Health Care Access, Portability and Renewability Preventing Health Care Fraud and Abuse Medical Library Reform Administrative Simplification Tax Related Health Provision Group Health Plan Revenue Offsets General Administrative Requirements Administrative Requirements Security and Privacy Source: NIST SP-800-66
DQS–ULGroup Components of HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996 Title I Title II Title III Title IV Title V Health Care Access, Portability and Renewability Preventing Health Care Fraud and Abuse Medical Library Reform Administrative Simplification (Updated March 2013) Tax Related Health Provision Group Health Plan Revenue Offsets General Administrative Requirements Administrative Requirements Security and Privacy Source: NIST SP-800-66
DQS–ULGroup What is HITEC Act.?
DQS–ULGroup HITECH Act.  Health Information Technology for Economic and Clinical Health (HITECH) Act introduced in 2009.  Objective is to strengthen the privacy and security protections for HIPAA  Extended HIPAA privacy and security requirements to the business associates.  Increased penalties for violation  Other objective of HITECH Act is to promote use of Electronic Health Records (HER)
DQS–ULGroup Components of HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996 Title I Title II Title III Title IV Title V Health Care Access, Portability and Renewability Preventing Health Care Fraud and Abuse Medical Library Reform Administrative Simplification (Updated March 2013) Tax Related Health Provision Group Health Plan Revenue Offsets General Administrative Requirements Administrative Requirements Security and Privacy Source: NIST SP-800-66
DQS–ULGroup General Provisions Preemption of State Laws Compliance and Investigations Imposition of Civil Money Penalties Procedures for Hearing Code of Federal Regulation (CFR) Title 45 Part 160.101-514 General Administrative Requirements
DQS–ULGroup General Provisions Standard Unique Health Identifier for Health Care Providers Standard Unique Health Identifier for Health Plans Standard Unique Employer Identifier General Provisions for Transactions Code of Federal Regulation (CFR) Title 45 Part 162.100-1902 Administrative Requirements Code Sets Health Care Claims or Equivalent Encounter Information Eligibility for Health Plan Referral Certification and Authorization Health Care Claim Status Enrolment and Disenrollment In A Health Plan ( More..)
DQS–ULGroup HIPAA Security Rules Security Standards: General Rules Administrative Safeguards Technical Safeguards Physical Safeguards Organizational Requirements Documentation Requirements Code of Federal Regulation (CFR) Title 45 Part 164.306-316 define security rules
DQS–ULGroup Structure of HIPAA Security Rules Standard Describes the rule. Example: A covered entity or business associate must comply with the applicable standards as provided ………. Implementation specifications Key activities to be performed to meet the intent of the standard Required Mandatory activity Addressable Can be excluded with justification or implement an alternative practice.
DQS–ULGroup Security Standard: General Rules  Ensure Confidentiality, Integrity and Availability of EPHIs  Protect EPHIs against anticipated threats and hazards  Ensure compliance by the work force Scope: EPHI the covered entity or business associate creates, receives, maintains, or transmits. Implementation: Security measures depending on the  Size, complexity and type of business functions  Size of IT infrastructure  Anticipated risk and impact
DQS–ULGroup Administrative Safeguards (1/2) Standard Implementation specification Security management process • Risk analysis (R) • Risk management (R) • Sanction policy (R) • Information System activity review (R) Assigned security responsibilities None Workforce security • Authorization and/or supervision (A) • Workforce clearance procedure (A) • Termination procedure (A) Information access management • Isolating healthcare clearance house functions (R) • Access authorization (A) • Access establishment and modification (A) Security awareness and training • Security reminders (A) • Protection from malicious software (A) • Login monitoring (A) • Password management (A)
DQS–ULGroup Administrative Safeguards (2/2) Standard Implementation specification Security incident procedure • Response and reporting (R) Contingency plan • Data backup plan (R) • Disaster recovery plan (R) • Emergency mode operation plan (R) • Testing and revision procedure (A) • Application and data criticality analysis (A) Evaluation – Business associates contract or other arrangements • Perform periodic technical and non- technical evaluation of Written contracts or other arrangements (R)
DQS–ULGroup Physical Safeguards Standard Implementation specification Facility access control • Contingency operation (A) • Facility security plan (A) • Access control and validation procedure (A) • Maintenance records (A) Workstation use • None Workstation security • None Device and media control • Disposal (R) • Media re-use (R) • Accountability (A) • Data backup and storage (A)
DQS–ULGroup Technical Safeguards Standard Implementation specification Access control • Unique user identification (R) • Emergency access procedure (R) • Automatic logoff (A) • Encryption and decryption (A) Audit control • None Integrity • Mechanism to authenticate EPHI (A) Person or entity authentication • None Transmission security • Integrity control (A) • Encryption (A)
DQS–ULGroup Organizational Requirements Standard Implementation specification Business associates contract or other arrangements • Business associate contract (R) • Reporting of incidents (R) • Other arrangements (A) • Contract with sub-contractors (R) Requirements for group health plans • Implement administrative, physical and technical safeguards (R) • Ensure adequate separation (R) • Ensure adequate security measures by agents (R) • Report incidents to group health plan (R)
DQS–ULGroup Policies, Procedures and Documentation Requirements Standard Implementation specification Policies and procedures • None Documentation • Retention period (R) • Availability (R) • Updates (R)
DQS–ULGroup Notification to Individuals Notification to Media Notification to the Secretary Notification by a Business Associate Law Enforcement Delay Code of Federal Regulation (CFR) Title 45 Part 164.404-414 Breach Notifications Administrative Requirements and Burden of Proof
DQS–ULGroup Use and Disclosure of PHI: General Rules Use and Disclosure : Organizational Requirements Use and Disclosure to Cary Out Treatment, Payment etc. Use and Disclosure : Individual to Agree or Object Use and Disclosure : Authorization not Required Code of Federal Regulation (CFR) Title 45 Part 164.504-530 HIPAA Privacy Rules Use and Disclosure of PHI: Other Requirements Notice of Privacy Practice Right to request Privacy Protection Access of Individual to PHI Amendment of PHI Accounting of Disclosure of PHI
DQS–ULGroup Enforcement Process Intake and Review Office of Civil Rights (OCR) Complain Criminal violation Department of Justice HIPAA violation Resolution Yes No No Investigation OCR issues corrective actions CAR closed Yes No Yes OCR imposes penalty
DQS–ULGroup How to Achieve Compliance?
DQS–ULGroup HIPAA Compliance Process  Identify EPHIs and/or PHIs your organization creates, receives, maintains or transmits  Conduct Risk Assessment  Establish policies and procedures following HIPAA security standards to address risks  Monitor compliance  Report breaches
DQS–ULGroup Pitfalls  Compliance is self declaration – no third-party certification available  Set of rules does not provide a governance structure to maintain the system  Investigations are triggered by complaints – burden of proof on the covered entity or business associates  Penalty can be as high as $1.5 million
DQS–ULGroup Other options Adoption of Management System Framework e.g. ISO IEC 27001 standard
DQS–ULGroup ISO IEC 27001:2013 Context of the Organization Leadership Planning OperationImprovement Performance Evaluation Support Annex A Recommended Controls
DQS–ULGroup Why ISO 27001:2013?  Establish governance structure to establish, monitor and improve security  Annex A controls covers ~90% of HIPAA security rules  Additional controls from 45 CFR 164 can be added to the Statement of Applicability  ISO 27002 provides implementation guideline for the controls  Third party certification increases credibility  Annual surveillance ensures continued compliance
DQS–ULGroup Questions ?

Recommended

Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014DQS Inc.
 
NQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity ChecklistNQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity ChecklistNQA
 
NQA ISO 22301 Transition Gap Guide
NQA ISO 22301 Transition Gap GuideNQA ISO 22301 Transition Gap Guide
NQA ISO 22301 Transition Gap GuideNQA
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changesn|u - The Open Security Community
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA
 
Iso 13485:2016
Iso 13485:2016Iso 13485:2016
Iso 13485:2016Suhas R
 
NQA ISO 27001 27017 27018 27701 Mapping
NQA ISO 27001 27017 27018 27701 MappingNQA ISO 27001 27017 27018 27701 Mapping
NQA ISO 27001 27017 27018 27701 MappingNQA
 

Recommended

Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014DQS Inc.
 
NQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity ChecklistNQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity ChecklistNQA
 
NQA ISO 22301 Transition Gap Guide
NQA ISO 22301 Transition Gap GuideNQA ISO 22301 Transition Gap Guide
NQA ISO 22301 Transition Gap GuideNQA
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changesn|u - The Open Security Community
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA
 
Iso 13485:2016
Iso 13485:2016Iso 13485:2016
Iso 13485:2016Suhas R
 
NQA ISO 27001 27017 27018 27701 Mapping
NQA ISO 27001 27017 27018 27701 MappingNQA ISO 27001 27017 27018 27701 Mapping
NQA ISO 27001 27017 27018 27701 MappingNQA
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistLloyd's Register Quality Assurance Nederland
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsPECB
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Greenlight Guru
 
18001 audit-checklist
18001 audit-checklist18001 audit-checklist
18001 audit-checklistOmparkash Saini
 
NQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA
 
ISO 27001:2013 IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in india ISO 27001:2013 IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in indiaiFour Consultancy
 
ISO 9001, 14001, 45001 (IMS) basics training material
ISO 9001, 14001, 45001 (IMS) basics training materialISO 9001, 14001, 45001 (IMS) basics training material
ISO 9001, 14001, 45001 (IMS) basics training materialRanganathanR9
 
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...Triumvirate Environmental
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
ISO 45001:2018 slide show
ISO 45001:2018 slide show ISO 45001:2018 slide show
ISO 45001:2018 slide show Vinay Kumar Srivastava
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistIvan Piskunov
 
Integrated ISO 14001, ISO 45001 Certification Documents
Integrated ISO 14001, ISO 45001 Certification DocumentsIntegrated ISO 14001, ISO 45001 Certification Documents
Integrated ISO 14001, ISO 45001 Certification DocumentsGlobal Manager Group
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Lakshy Management Consultant Pvt Ltd
 
Ohsas 18001 2007 awareness training
Ohsas 18001 2007 awareness trainingOhsas 18001 2007 awareness training
Ohsas 18001 2007 awareness trainingumar farooq
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
ISO 14001 ems & OHSAS18001
ISO 14001 ems & OHSAS18001 ISO 14001 ems & OHSAS18001
ISO 14001 ems & OHSAS18001 Erma Noralia
 
Achieving Superior Energy Performance (SEP) - U.S. DOE
Achieving Superior Energy Performance (SEP) - U.S. DOEAchieving Superior Energy Performance (SEP) - U.S. DOE
Achieving Superior Energy Performance (SEP) - U.S. DOEDQS Inc.
 
TS 16949 Rules 4th Edition presentation - japanese
TS 16949 Rules 4th Edition presentation - japaneseTS 16949 Rules 4th Edition presentation - japanese
TS 16949 Rules 4th Edition presentation - japaneseDQS Inc.
 

More Related Content

What's hot

ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsPECB
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Greenlight Guru
 
NQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA
 
ISO 27001:2013 IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in india ISO 27001:2013 IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in indiaiFour Consultancy
 
ISO 9001, 14001, 45001 (IMS) basics training material
ISO 9001, 14001, 45001 (IMS) basics training materialISO 9001, 14001, 45001 (IMS) basics training material
ISO 9001, 14001, 45001 (IMS) basics training materialRanganathanR9
 
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...Triumvirate Environmental
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistIvan Piskunov
 
Integrated ISO 14001, ISO 45001 Certification Documents
Integrated ISO 14001, ISO 45001 Certification DocumentsIntegrated ISO 14001, ISO 45001 Certification Documents
Integrated ISO 14001, ISO 45001 Certification DocumentsGlobal Manager Group
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Lakshy Management Consultant Pvt Ltd
 
Ohsas 18001 2007 awareness training
Ohsas 18001 2007 awareness trainingOhsas 18001 2007 awareness training
Ohsas 18001 2007 awareness trainingumar farooq
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
ISO 14001 ems & OHSAS18001
ISO 14001 ems & OHSAS18001 ISO 14001 ems & OHSAS18001
ISO 14001 ems & OHSAS18001 Erma Noralia
 

What's hot (20)

ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
 
ISO 45001 Key Implementation Steps
ISO 45001 Key Implementation StepsISO 45001 Key Implementation Steps
ISO 45001 Key Implementation Steps
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview
 
18001 audit-checklist
18001 audit-checklist18001 audit-checklist
18001 audit-checklist
 
NQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA ISO 45001 Gap Guide
NQA ISO 45001 Gap Guide
 
ISO 27001:2013 IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in india ISO 27001:2013 IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in india
 
ISO 9001, 14001, 45001 (IMS) basics training material
ISO 9001, 14001, 45001 (IMS) basics training materialISO 9001, 14001, 45001 (IMS) basics training material
ISO 9001, 14001, 45001 (IMS) basics training material
 
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
Why Audit? What Is the Difference Between Regulatory Auditing and ISO 14001 o...
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
ISO 45001:2018 slide show
ISO 45001:2018 slide show ISO 45001:2018 slide show
ISO 45001:2018 slide show
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
Integrated ISO 14001, ISO 45001 Certification Documents
Integrated ISO 14001, ISO 45001 Certification DocumentsIntegrated ISO 14001, ISO 45001 Certification Documents
Integrated ISO 14001, ISO 45001 Certification Documents
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914
 
Ohsas 18001 2007 awareness training
Ohsas 18001 2007 awareness trainingOhsas 18001 2007 awareness training
Ohsas 18001 2007 awareness training
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
 
ISO 14001 ems & OHSAS18001
ISO 14001 ems & OHSAS18001 ISO 14001 ems & OHSAS18001
ISO 14001 ems & OHSAS18001
 

Viewers also liked

Achieving Superior Energy Performance (SEP) - U.S. DOE
Achieving Superior Energy Performance (SEP) - U.S. DOEAchieving Superior Energy Performance (SEP) - U.S. DOE
Achieving Superior Energy Performance (SEP) - U.S. DOEDQS Inc.
 
TS 16949 Rules 4th Edition presentation - japanese
TS 16949 Rules 4th Edition presentation - japaneseTS 16949 Rules 4th Edition presentation - japanese
TS 16949 Rules 4th Edition presentation - japaneseDQS Inc.
 
ISO 14001 Revision: Status and Transition
ISO 14001 Revision: Status and TransitionISO 14001 Revision: Status and Transition
ISO 14001 Revision: Status and TransitionDQS Inc.
 
Deepening the Dive into ISO 14001:2015
Deepening the Dive into ISO 14001:2015Deepening the Dive into ISO 14001:2015
Deepening the Dive into ISO 14001:2015DQS Inc.
 
ISO 9001:2015 Revision Update Part 5
ISO 9001:2015 Revision Update Part 5ISO 9001:2015 Revision Update Part 5
ISO 9001:2015 Revision Update Part 5DQS Inc.
 
ISO 13485:2016 Revisions Webinar
ISO 13485:2016 Revisions WebinarISO 13485:2016 Revisions Webinar
ISO 13485:2016 Revisions WebinarDQS Inc.
 
ISO/TS 16949 Rules 4th edition training
ISO/TS 16949 Rules 4th edition trainingISO/TS 16949 Rules 4th edition training
ISO/TS 16949 Rules 4th edition trainingDQS Inc.
 
ISO 14001:2015 Revision Update Webinar
ISO 14001:2015 Revision Update WebinarISO 14001:2015 Revision Update Webinar
ISO 14001:2015 Revision Update WebinarDQS Inc.
 
ISO 9001:2015 Overview: Revisions & Impact - Part 1
ISO 9001:2015 Overview: Revisions & Impact - Part 1ISO 9001:2015 Overview: Revisions & Impact - Part 1
ISO 9001:2015 Overview: Revisions & Impact - Part 1DQS Inc.
 
ISO 9001-2015 Revision Training Presentation
ISO 9001-2015 Revision Training PresentationISO 9001-2015 Revision Training Presentation
ISO 9001-2015 Revision Training PresentationDQS Inc.
 
ISO 9001:2015 Revision Overview: part 2
ISO 9001:2015 Revision Overview: part 2ISO 9001:2015 Revision Overview: part 2
ISO 9001:2015 Revision Overview: part 2DQS Inc.
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rulecomplianceonline123
 
TS 16949 rules 4th edition presentation - spanish
TS 16949 rules 4th edition presentation - spanishTS 16949 rules 4th edition presentation - spanish
TS 16949 rules 4th edition presentation - spanishDQS Inc.
 
ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.
ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.
ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.DQS Inc.
 
ISO 9001:2015 Revision Overview: part 3
ISO 9001:2015 Revision Overview: part 3ISO 9001:2015 Revision Overview: part 3
ISO 9001:2015 Revision Overview: part 3DQS Inc.
 
ISO 9001:2015 webinar Part 3 - UL DQS Inc
ISO 9001:2015 webinar Part 3 - UL DQS IncISO 9001:2015 webinar Part 3 - UL DQS Inc
ISO 9001:2015 webinar Part 3 - UL DQS IncDQS Inc.
 
HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...
HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...
HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...Project HealthDesign
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceHostway|HOSTING
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 

Viewers also liked (20)

Achieving Superior Energy Performance (SEP) - U.S. DOE
Achieving Superior Energy Performance (SEP) - U.S. DOEAchieving Superior Energy Performance (SEP) - U.S. DOE
Achieving Superior Energy Performance (SEP) - U.S. DOE
 
TS 16949 Rules 4th Edition presentation - japanese
TS 16949 Rules 4th Edition presentation - japaneseTS 16949 Rules 4th Edition presentation - japanese
TS 16949 Rules 4th Edition presentation - japanese
 
ISO 14001 Revision: Status and Transition
ISO 14001 Revision: Status and TransitionISO 14001 Revision: Status and Transition
ISO 14001 Revision: Status and Transition
 
Deepening the Dive into ISO 14001:2015
Deepening the Dive into ISO 14001:2015Deepening the Dive into ISO 14001:2015
Deepening the Dive into ISO 14001:2015
 
ISO 9001:2015 Revision Update Part 5
ISO 9001:2015 Revision Update Part 5ISO 9001:2015 Revision Update Part 5
ISO 9001:2015 Revision Update Part 5
 
ISO 13485:2016 Revisions Webinar
ISO 13485:2016 Revisions WebinarISO 13485:2016 Revisions Webinar
ISO 13485:2016 Revisions Webinar
 
ISO/TS 16949 Rules 4th edition training
ISO/TS 16949 Rules 4th edition trainingISO/TS 16949 Rules 4th edition training
ISO/TS 16949 Rules 4th edition training
 
ISO 14001:2015 Revision Update Webinar
ISO 14001:2015 Revision Update WebinarISO 14001:2015 Revision Update Webinar
ISO 14001:2015 Revision Update Webinar
 
ISO 9001:2015 Overview: Revisions & Impact - Part 1
ISO 9001:2015 Overview: Revisions & Impact - Part 1ISO 9001:2015 Overview: Revisions & Impact - Part 1
ISO 9001:2015 Overview: Revisions & Impact - Part 1
 
ISO 9001-2015 Revision Training Presentation
ISO 9001-2015 Revision Training PresentationISO 9001-2015 Revision Training Presentation
ISO 9001-2015 Revision Training Presentation
 
ISO 9001:2015 Revision Overview: part 2
ISO 9001:2015 Revision Overview: part 2ISO 9001:2015 Revision Overview: part 2
ISO 9001:2015 Revision Overview: part 2
 
Complying with HIPAA Security Rule
Complying with HIPAA Security RuleComplying with HIPAA Security Rule
Complying with HIPAA Security Rule
 
TS 16949 rules 4th edition presentation - spanish
TS 16949 rules 4th edition presentation - spanishTS 16949 rules 4th edition presentation - spanish
TS 16949 rules 4th edition presentation - spanish
 
ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.
ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.
ISO 50001 Energy Management, SEP Executive Briefing - UL DQS Inc.
 
ISO 9001:2015 Revision Overview: part 3
ISO 9001:2015 Revision Overview: part 3ISO 9001:2015 Revision Overview: part 3
ISO 9001:2015 Revision Overview: part 3
 
ISO 9001:2015 webinar Part 3 - UL DQS Inc
ISO 9001:2015 webinar Part 3 - UL DQS IncISO 9001:2015 webinar Part 3 - UL DQS Inc
ISO 9001:2015 webinar Part 3 - UL DQS Inc
 
HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...
HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...
HIPAA Security Rule Compliance When Communicating with Patients Using Mobile ...
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
 
Security Privacy & Compliance for mHealth Apps 2014 ISRM Conference 2014
Security Privacy & Compliance for mHealth Apps 2014 ISRM Conference 2014Security Privacy & Compliance for mHealth Apps 2014 ISRM Conference 2014
Security Privacy & Compliance for mHealth Apps 2014 ISRM Conference 2014
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
 

Similar to Hipaa hitech requirements

HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
Privacy, Confidentiality, and Security Lecture 3_slides
Privacy, Confidentiality, and Security Lecture 3_slidesPrivacy, Confidentiality, and Security Lecture 3_slides
Privacy, Confidentiality, and Security Lecture 3_slidesZakCooper1
 
Privacy, Confidentiality, and Security Lecture 4_slides
Privacy, Confidentiality, and Security Lecture 4_slidesPrivacy, Confidentiality, and Security Lecture 4_slides
Privacy, Confidentiality, and Security Lecture 4_slidesZakCooper1
 
HIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to PharmacovigilanceHIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to PharmacovigilancePerficient, Inc.
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysislearfield
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
Demystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to ComplianceDemystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to ComplianceShyamMishra72
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurancemindleaftechnologies
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTControlCase
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Accounting_Whitepapers
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxVistaInfosec
 
Achieving HIPAA Compliance: The Roadmap to Certification Success
Achieving HIPAA Compliance: The Roadmap to Certification SuccessAchieving HIPAA Compliance: The Roadmap to Certification Success
Achieving HIPAA Compliance: The Roadmap to Certification SuccessShyamMishra72
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesCMDLMS
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 

Similar to Hipaa hitech requirements (20)

HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Privacy, Confidentiality, and Security Lecture 3_slides
Privacy, Confidentiality, and Security Lecture 3_slidesPrivacy, Confidentiality, and Security Lecture 3_slides
Privacy, Confidentiality, and Security Lecture 3_slides
 
Privacy, Confidentiality, and Security Lecture 4_slides
Privacy, Confidentiality, and Security Lecture 4_slidesPrivacy, Confidentiality, and Security Lecture 4_slides
Privacy, Confidentiality, and Security Lecture 4_slides
 
HIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to PharmacovigilanceHIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to Pharmacovigilance
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
HIPAA Compliance Checklist for Medical Practices
HIPAA Compliance Checklist for Medical PracticesHIPAA Compliance Checklist for Medical Practices
HIPAA Compliance Checklist for Medical Practices
 
Demystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to ComplianceDemystifying HIPAA Certification: Your Path to Compliance
Demystifying HIPAA Certification: Your Path to Compliance
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
HIPAA omnibus rule update
HIPAA omnibus rule updateHIPAA omnibus rule update
HIPAA omnibus rule update
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docx
 
Achieving HIPAA Compliance: The Roadmap to Certification Success
Achieving HIPAA Compliance: The Roadmap to Certification SuccessAchieving HIPAA Compliance: The Roadmap to Certification Success
Achieving HIPAA Compliance: The Roadmap to Certification Success
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know
 

Recently uploaded

9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls ServiceGENUINE ESCORT AGENCY
 
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...BhumiSaxena1
 
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...chandars293
 
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on WhatsappMost Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on WhatsappInaaya Sharma
 
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service AvailableTrichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service AvailableGENUINE ESCORT AGENCY
 
Call Girls Jaipur Just Call 9521753030 Top Class Call Girl Service Available
Call Girls Jaipur Just Call 9521753030 Top Class Call Girl Service AvailableCall Girls Jaipur Just Call 9521753030 Top Class Call Girl Service Available
Call Girls Jaipur Just Call 9521753030 Top Class Call Girl Service AvailableJanvi Singh
 
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In AhmedabadGENUINE ESCORT AGENCY
 
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Sheetaleventcompany
 
Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...
Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...
Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...aartirawatdelhi
 
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...Ishani Gupta
 
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Anamika Rawat
 
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...Dipal Arora
 
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...chandars293
 
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...Anamika Rawat
 
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...chennailover
 
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...parulsinha
 
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...parulsinha
 
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...hotbabesbook
 
Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...
Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...
Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...chetankumar9855
 
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...karishmasinghjnh
 

Recently uploaded (20)

9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
9630942363 Genuine Call Girls In Ahmedabad Gujarat Call Girls Service
 
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
 
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
The Most Attractive Hyderabad Call Girls Kothapet 𖠋 9332606886 𖠋 Will You Mis...
 
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on WhatsappMost Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
 
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service AvailableTrichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
Trichy Call Girls Book Now 9630942363 Top Class Trichy Escort Service Available
 
Call Girls Jaipur Just Call 9521753030 Top Class Call Girl Service Available
Call Girls Jaipur Just Call 9521753030 Top Class Call Girl Service AvailableCall Girls Jaipur Just Call 9521753030 Top Class Call Girl Service Available
Call Girls Jaipur Just Call 9521753030 Top Class Call Girl Service Available
 
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
8980367676 Call Girls In Ahmedabad Escort Service Available 24×7 In Ahmedabad
 
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
Low Rate Call Girls Bangalore {7304373326} ❤️VVIP NISHA Call Girls in Bangalo...
 
Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...
Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...
Night 7k to 12k Navi Mumbai Call Girl Photo 👉 BOOK NOW 9833363713 👈 ♀️ night ...
 
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
Mumbai ] (Call Girls) in Mumbai 10k @ I'm VIP Independent Escorts Girls 98333...
 
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
Jogeshwari ! Call Girls Service Mumbai - 450+ Call Girl Cash Payment 90042684...
 
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
 
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
Top Rated Hyderabad Call Girls Erragadda ⟟ 9332606886 ⟟ Call Me For Genuine ...
 
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
 
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
Coimbatore Call Girls in Coimbatore 7427069034 genuine Escort Service Girl 10...
 
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
 
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
 
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
Night 7k to 12k Chennai City Center Call Girls 👉👉 7427069034⭐⭐ 100% Genuine E...
 
Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...
Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...
Call Girl In Pune 👉 Just CALL ME: 9352988975 💋 Call Out Call Both With High p...
 
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
 

Hipaa hitech requirements

  • 1. DQS–ULGroup Security Requirements for HIPAA and HITECH Act Subrata Guha Program Manager – IT Certification
  • 2. DQS–ULGroup Questions What are the HIPAA Security Rules? What is HITECH Act? How to achieve compliance? Any other questions?
  • 3. DQS–ULGroup What are the HIPAA Security Rules?
  • 4. DQS–ULGroup Background  HIPAA - Health Insurance Portability and Accountability Act introduced in 1996  Rules updated in 2013  Objectives:  Security - Protection of Electronic Protected Health Information (EPHI)  Privacy – Protection of Protected Health Information (PHI)  Scope :Covered Entities and Business Associates  Healthcare Providers  Health Insurance Providers  Healthcare Clearinghouses  Medicare Prescription Drug Card Sponsors  Suppliers / partners of covered entities
  • 5. DQS–ULGroup Players involved in HIPAA Department of Health and Human Services (HHS) Covered Entities Business Associates Patients
  • 6. DQS–ULGroup Components of HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996 Title I Title II Title III Title IV Title V Health Care Access, Portability and Renewability Preventing Health Care Fraud and Abuse Medical Library Reform Administrative Simplification Tax Related Health Provision Group Health Plan Revenue Offsets General Administrative Requirements Administrative Requirements Security and Privacy Source: NIST SP-800-66
  • 7. DQS–ULGroup Components of HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996 Title I Title II Title III Title IV Title V Health Care Access, Portability and Renewability Preventing Health Care Fraud and Abuse Medical Library Reform Administrative Simplification (Updated March 2013) Tax Related Health Provision Group Health Plan Revenue Offsets General Administrative Requirements Administrative Requirements Security and Privacy Source: NIST SP-800-66
  • 9. DQS–ULGroup HITECH Act.  Health Information Technology for Economic and Clinical Health (HITECH) Act introduced in 2009.  Objective is to strengthen the privacy and security protections for HIPAA  Extended HIPAA privacy and security requirements to the business associates.  Increased penalties for violation  Other objective of HITECH Act is to promote use of Electronic Health Records (HER)
  • 10. DQS–ULGroup Components of HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996 Title I Title II Title III Title IV Title V Health Care Access, Portability and Renewability Preventing Health Care Fraud and Abuse Medical Library Reform Administrative Simplification (Updated March 2013) Tax Related Health Provision Group Health Plan Revenue Offsets General Administrative Requirements Administrative Requirements Security and Privacy Source: NIST SP-800-66
  • 11. DQS–ULGroup General Provisions Preemption of State Laws Compliance and Investigations Imposition of Civil Money Penalties Procedures for Hearing Code of Federal Regulation (CFR) Title 45 Part 160.101-514 General Administrative Requirements
  • 12. DQS–ULGroup General Provisions Standard Unique Health Identifier for Health Care Providers Standard Unique Health Identifier for Health Plans Standard Unique Employer Identifier General Provisions for Transactions Code of Federal Regulation (CFR) Title 45 Part 162.100-1902 Administrative Requirements Code Sets Health Care Claims or Equivalent Encounter Information Eligibility for Health Plan Referral Certification and Authorization Health Care Claim Status Enrolment and Disenrollment In A Health Plan ( More..)
  • 13. DQS–ULGroup HIPAA Security Rules Security Standards: General Rules Administrative Safeguards Technical Safeguards Physical Safeguards Organizational Requirements Documentation Requirements Code of Federal Regulation (CFR) Title 45 Part 164.306-316 define security rules
  • 14. DQS–ULGroup Structure of HIPAA Security Rules Standard Describes the rule. Example: A covered entity or business associate must comply with the applicable standards as provided ………. Implementation specifications Key activities to be performed to meet the intent of the standard Required Mandatory activity Addressable Can be excluded with justification or implement an alternative practice.
  • 15. DQS–ULGroup Security Standard: General Rules  Ensure Confidentiality, Integrity and Availability of EPHIs  Protect EPHIs against anticipated threats and hazards  Ensure compliance by the work force Scope: EPHI the covered entity or business associate creates, receives, maintains, or transmits. Implementation: Security measures depending on the  Size, complexity and type of business functions  Size of IT infrastructure  Anticipated risk and impact
  • 16. DQS–ULGroup Administrative Safeguards (1/2) Standard Implementation specification Security management process • Risk analysis (R) • Risk management (R) • Sanction policy (R) • Information System activity review (R) Assigned security responsibilities None Workforce security • Authorization and/or supervision (A) • Workforce clearance procedure (A) • Termination procedure (A) Information access management • Isolating healthcare clearance house functions (R) • Access authorization (A) • Access establishment and modification (A) Security awareness and training • Security reminders (A) • Protection from malicious software (A) • Login monitoring (A) • Password management (A)
  • 17. DQS–ULGroup Administrative Safeguards (2/2) Standard Implementation specification Security incident procedure • Response and reporting (R) Contingency plan • Data backup plan (R) • Disaster recovery plan (R) • Emergency mode operation plan (R) • Testing and revision procedure (A) • Application and data criticality analysis (A) Evaluation – Business associates contract or other arrangements • Perform periodic technical and non- technical evaluation of Written contracts or other arrangements (R)
  • 18. DQS–ULGroup Physical Safeguards Standard Implementation specification Facility access control • Contingency operation (A) • Facility security plan (A) • Access control and validation procedure (A) • Maintenance records (A) Workstation use • None Workstation security • None Device and media control • Disposal (R) • Media re-use (R) • Accountability (A) • Data backup and storage (A)
  • 19. DQS–ULGroup Technical Safeguards Standard Implementation specification Access control • Unique user identification (R) • Emergency access procedure (R) • Automatic logoff (A) • Encryption and decryption (A) Audit control • None Integrity • Mechanism to authenticate EPHI (A) Person or entity authentication • None Transmission security • Integrity control (A) • Encryption (A)
  • 20. DQS–ULGroup Organizational Requirements Standard Implementation specification Business associates contract or other arrangements • Business associate contract (R) • Reporting of incidents (R) • Other arrangements (A) • Contract with sub-contractors (R) Requirements for group health plans • Implement administrative, physical and technical safeguards (R) • Ensure adequate separation (R) • Ensure adequate security measures by agents (R) • Report incidents to group health plan (R)
  • 21. DQS–ULGroup Policies, Procedures and Documentation Requirements Standard Implementation specification Policies and procedures • None Documentation • Retention period (R) • Availability (R) • Updates (R)
  • 22. DQS–ULGroup Notification to Individuals Notification to Media Notification to the Secretary Notification by a Business Associate Law Enforcement Delay Code of Federal Regulation (CFR) Title 45 Part 164.404-414 Breach Notifications Administrative Requirements and Burden of Proof
  • 23. DQS–ULGroup Use and Disclosure of PHI: General Rules Use and Disclosure : Organizational Requirements Use and Disclosure to Cary Out Treatment, Payment etc. Use and Disclosure : Individual to Agree or Object Use and Disclosure : Authorization not Required Code of Federal Regulation (CFR) Title 45 Part 164.504-530 HIPAA Privacy Rules Use and Disclosure of PHI: Other Requirements Notice of Privacy Practice Right to request Privacy Protection Access of Individual to PHI Amendment of PHI Accounting of Disclosure of PHI
  • 24. DQS–ULGroup Enforcement Process Intake and Review Office of Civil Rights (OCR) Complain Criminal violation Department of Justice HIPAA violation Resolution Yes No No Investigation OCR issues corrective actions CAR closed Yes No Yes OCR imposes penalty
  • 26. DQS–ULGroup HIPAA Compliance Process  Identify EPHIs and/or PHIs your organization creates, receives, maintains or transmits  Conduct Risk Assessment  Establish policies and procedures following HIPAA security standards to address risks  Monitor compliance  Report breaches
  • 27. DQS–ULGroup Pitfalls  Compliance is self declaration – no third-party certification available  Set of rules does not provide a governance structure to maintain the system  Investigations are triggered by complaints – burden of proof on the covered entity or business associates  Penalty can be as high as $1.5 million
  • 28. DQS–ULGroup Other options Adoption of Management System Framework e.g. ISO IEC 27001 standard
  • 29. DQS–ULGroup ISO IEC 27001:2013 Context of the Organization Leadership Planning OperationImprovement Performance Evaluation Support Annex A Recommended Controls
  • 30. DQS–ULGroup Why ISO 27001:2013?  Establish governance structure to establish, monitor and improve security  Annex A controls covers ~90% of HIPAA security rules  Additional controls from 45 CFR 164 can be added to the Statement of Applicability  ISO 27002 provides implementation guideline for the controls  Third party certification increases credibility  Annual surveillance ensures continued compliance