Presented in Partnership withHIPAA Mandates a PLAN!  (beyond hardware and software)            © HIPAA Continuity Planners...
Compliance	  Simplified	  –	  Achieve	  ,	  Illustrate,	  Maintain	  Industry	  leading	  Education	                       ...
HIPAA Mandates: •    Risk Analysis •    Continuity Plan •    Security Procedures •    An Incident Response Plan •    Conta...
Processes and Procedures       Risk AnalysisProcess of identifying possible external  and internal conditions, events or  ...
Processes and Procedures                          Continuity PlanSet of documents, instructions, and procedures which enab...
Processes and Procedures                 SecurityHIPAA mandates security procedures for:•  Premises Access•  Computer Acce...
Processes and Procedures for     Incident Response PlanSome steps of the IRP may include the following:•    Define the inc...
Processes and Procedures for     Incident Response Plan•    Notify appropriate individuals / agencies –the     amount of p...
Processes and Procedures             Contact PlanEstablish:•  Procedures to contact employees via   telephone, text and/or...
DocumentationHIPAA required documentation:•  Risk Analysis•  Written Continuity Plan•  Security Procedures•  Emergency ope...
Training•    Security Awareness Training•    Computer Security•    Incident Command•    Evacuation Procedures and Responsi...
HIPAA/HITECH Penalties•  Tier A is for violations in which the offender didn’t realize he or she   violated the Act and wo...
Compliance	  Simplified	  –	  Achieve	  ,	  Illustrate,	  Maintain	                          Compliance	  Simplified!	      ...
Questions?A.J. (Andy) Weitzberg       President   aj@hipaacp.com  www.hipaacp.com  631.865.0707 Ofc  516.641.4001 Cell  © ...
Upcoming SlideShare
Loading in …5
×

HIPAA Business Continuity Planning

919 views

Published on

go to www.compliancy-group.com/webinar to join our webinars
or go to http://compliancy-group.com/past-webinars/ to download these and other past webinar slides!

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
919
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

HIPAA Business Continuity Planning

  1. 1. Presented in Partnership withHIPAA Mandates a PLAN! (beyond hardware and software) © HIPAA Continuity Planners 1 2012
  2. 2. Compliance  Simplified  –  Achieve  ,  Illustrate,  Maintain  Industry  leading  Education   Todays  Webinar     •  Please  ask  questions  via   questions  or  chat     •  Todays  slides  are  avialable    Certified  Partner  Program   http://compliancy-­‐group.com/ slides023/       •  Past  webinars  and  recordings   http://compliancy-­‐group.com/ webinar/#     855.85HIPAA   www.compliancygroup.com  
  3. 3. HIPAA Mandates: •  Risk Analysis •  Continuity Plan •  Security Procedures •  An Incident Response Plan •  Contact Procedures •  Documentation •  Employee Training © HIPAA Continuity Planners 3 2012
  4. 4. Processes and Procedures Risk AnalysisProcess of identifying possible external and internal conditions, events or situations, determination of causal relationships between probablehappenings, their magnitude with likely outcomes, as they might effect the continuing operation of the office. © HIPAA Continuity Planners 4 2012
  5. 5. Processes and Procedures Continuity PlanSet of documents, instructions, and procedures which enable a business to respond to accidents, disasters, emergencies, and threats without any stoppage or hindrance in its key operations.Business resumption plan, disaster recovery plan, or resilience plan** From BusinessDictionary.com © HIPAA Continuity Planners 5 2012
  6. 6. Processes and Procedures SecurityHIPAA mandates security procedures for:•  Premises Access•  Computer Access authorization•  Server Access•  Log-in Monitoring•  Password management•  Health information sharing•  Termination procedures•  Compliance Tracking Software with logs•  Business Associates © HIPAA Continuity Planners 6 2012
  7. 7. Processes and Procedures for Incident Response PlanSome steps of the IRP may include the following:•  Define the incident – what happened? When did it happen? Who was involved? When was it discovered?•  Stop the incident – if a smartphone is lost take the steps to disable the access, if a breach is found take the steps to prevent further access, etc.•  Document the incident – fill in all the details of what occurred from step 1 (define the incident) and step 2 (steps taken to stop the incident). Clearly document all aspects of the incident. © HIPAA Continuity Planners 7 2012
  8. 8. Processes and Procedures for Incident Response Plan•  Notify appropriate individuals / agencies –the amount of patient records affected will determine what notification steps are needed. Individual patients and Health and Human Services (HHS) will need to be notified. In addition, local media may need to be notified as well.•  Provide guidance to prevent the incident from occurring again – an important aspect of an incident response is to ensure that the same incident does not happen in the future. Recommendations to increase security and reduce the risk of an incident are essential. © HIPAA Continuity Planners 8 2012
  9. 9. Processes and Procedures Contact PlanEstablish:•  Procedures to contact employees via telephone, text and/or email in case of office closing.•  A copy of employee emergency notification outside of the office•  A copy of patient contacts for daily appointments be available outside the office for notification of an office closing. © HIPAA Continuity Planners 9 2012
  10. 10. DocumentationHIPAA required documentation:•  Risk Analysis•  Written Continuity Plan•  Security Procedures•  Emergency operation mode plan•  Periodic Evaluations•  Compliance Tracking Software with logs © HIPAA Continuity Planners 10 2012
  11. 11. Training•  Security Awareness Training•  Computer Security•  Incident Command•  Evacuation Procedures and Responsibility•  Basic HIPAA Requirements•  Employee buy-in through understanding © HIPAA Continuity Planners 11 2012
  12. 12. HIPAA/HITECH Penalties•  Tier A is for violations in which the offender didn’t realize he or she violated the Act and would have handled the matter differently if he or she had. This results in a $100 fine for each violation, and the total imposed for such violations cannot exceed $25,000 for the calendar year.•  Tier B is for violations due to reasonable cause, but not “willful neglect.” The result is a $1,000 fine for each violation, and the fines cannot exceed $100,000 for the calendar year.•  Tier C is for violations due to willful neglect that the organization ultimately corrected , and the fines cannot exceed. The result is a $10,000 fine for each violation $250,000 for the calendar year.•  Tier D is for violations of willful neglect that the organization did not correct. The result is a $50,000 fine for each violation, and the fines cannot exceed $1,500,000 for the calendar year.•  The HITECH Act allows states! attorneys general to levy fines and seek attorneys fees from covered entities on behalf of victims. Courts now have the ability to award costs, which they were previously unable to do. © HIPAA Continuity Planners 12 2012
  13. 13. Compliance  Simplified  –  Achieve  ,  Illustrate,  Maintain   Compliance  Simplified!     HIPAA  Compliance   Achieve     HITECH  Attestation     Meaningful  Use  core  measure  15  Illustrate   Free  Demo  and  15  Day  Evaluation   855.85HIPAA     Maintain   http://www.compliancygroup.com     New  &  Past    Webinars   http://compliancy-­‐group.com/webinar/#       855.85HIPAA   www.compliancygroup.com  
  14. 14. Questions?A.J. (Andy) Weitzberg President aj@hipaacp.com www.hipaacp.com 631.865.0707 Ofc 516.641.4001 Cell © HIPAA Continuity Planners 14 2012

×