SlideShare a Scribd company logo

WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance

KSM Consulting
KSM Consulting

With penalties for noncompliance of HIPAA regulations ranging from $100 to $50,000 per violation, compliance isn’t optional. But with new regulations, it can be difficult to remain informed of the latest requirements. If you can’t confidently answer “yes” to the question, “Are you HIPAA compliant?,” this webinar is for you. In this webinar, we’ll discuss five key actions you can take to improve your alignment with HIPAA and strengthen your organization’s overall security posture: Implementing policies and procedures Data discovery and asset inventory Training and awareness Implementing technical controls Security risk assessment

Healthcare
1 of 31
Download to read offline
1WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Webinar:   HIPAA  101:  5  Steps  Toward  Achieving  Compliance Webinar  will  begin  at  NOON  EST Twitter:  @KSMC_Consulting @DanResnick14 Webinar  Login  Information: For  audio,  please  dial:  1.415.655.0001  #  198  812  829
2WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance HIPAA  101
3WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Director,  Cybersecurity  and  Compliance • Leads  the  technology  team  in  assessing   cybersecurity  and  compliance,  developing  solutions   for  compliance,  and  managing  security  ongoing. • 10+  experience  providing  cybersecurity  solutions  to   the  healthcare  industry • Graduate  of  Indiana  University • Twitter:  @danresnick14 Dan  Resnick
4WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Agenda HIPAA  Introduction Security  Rule  Deep  Dive HIPAA  Objectives Cost  of  Non-­Compliance WEBINAR 1. 2. 4. 3. 5  Tips  to  Achieving   Compliance 5.
5WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Introduction  to  HIPAA
6WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance American  Health  Insurance  Portability  and   Accountability  Act  of  1996 • Passed  by  Congress  and  signed  by  President  Clinton. • Created  to  provide  a  set  of  rules  to  be  followed  by   doctors,  hospitals,  and  other  healthcare  providers. • Ensures  that  all  medical  records,  medical  billing,  and   patient  accounts  meet  certain  consistent  standards   with  regards  to  documentation,  handling,  and  privacy. Introduction  to  HIPAA The  main  components: • Privacy  Rule • Security  Rule • Breach  Notification  Rule
7WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance What  does  HIPAA  Cover? Activity Purpose  of  Inclusion Transactions Standardizes  diagnostic  and  treatment  codes,  forms,  and  processes Identifiers Standardizes  the  identifier  code  sets  and  numbers  used  in  transactions Privacy Addresses  who  can  access  PHI  (in  all  forms  – oral,  written,  electronic,  etc.),  how   records  may  be  shared  or  may  not  be  shared,  and  how  the  information  needs  to  be   safeguarded Security Addresses  how  PHI  (electronic  only)  is  protected,  both  in  storage  and  in   transmission
8WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Who  must  comply? A  covered  entity  can  be  a   business  associate  of   another  covered  entity. Covered   Entities Provider Health  Plan Healthcare   Clearinghouse Business   Associates Accreditation Billing Claims   processing Consulting Data  analysis Financial   services Legal  services Management   administration
9WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance PII  vs.  PHI Contact  Information (email  address,  physical  address,   telephone  and  mobile  numbers) Personal  Characteristics (full  name,  date  of  birth,  birth  location,   height,  weight,  hair/eye  color,  religious   affiliation,  ethnicity,  biometric  data,  copy  of   signature,  full  face/body  image,  vehicle   numbers,  certificate/license) Social  Security  Number Government  Issued  Identification (driver’s  license,  passport,  birth  certificate,   library  card,  military  ID) Account  Numbers  and  Financials (bank,  insurance,  investments,  credit   cards,  account  balance,  wage  &  salary,   tax  filing,  credit  history) Medical  Records  Information (prescriptions,  medical  records,   exams,  images,  histories) Verification  Data (mother’s  maiden  name,  pets’  and   kids’  names,  high  school,   passwords) Online  Information (Facebook,  social  media,   passwords,  PINs,  customer   account  numbers,  Static  IP  or   URL) One  additional  item • Any  other  unique  identifying   number,  characteristic,  or  code (Personally  Identifiable  Information)  vs. (Protected  Health  Information)
10WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Objectives  of  HIPAA
11WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Privacy  and  Breach  Key  Takeaways • Who  is  covered – Health  Plans – Healthcare  Providers – Healthcare  Clearinghouses – Business  Associates • What  information  is  protected – Protected  Health  Information • Permitted  Uses  and  Disclosures • Authorized  Uses  and  Disclosures • Establishing  “Minimum  Necessary” • Notice  and  Individual  Rights • Penalties  for  Non-­Compliance Privacy • When  to  notify • Who  to  notify – Individuals – Media • Timeliness  of  notifications Breach
12WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance HIPAA  Security  Rule  Overview Administrative   Safeguards • Security  Management • Security  Personnel • Information  Access   Management • Workforce  Training • Evaluation Physical  Safeguards • Facility  Access  and  Control • Workstation  and  Device   Security Technical   Safeguards • Access  Control • Audit  Control • Integrity  Control • Transmission  Security Organizational   Requirements • Covered  Entity   Responsibilities • Business  Associate   Contracts • Policies  and   Procedures • Documentation   Requirements Required Addressable Availability vs.
13WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Deep  Dive  into  the   HIPAA  Security  Rule
14WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Control  Standard Safeguard  Topics Security  Personnel Designate  a  security  official  who  is   formally  responsible  for  security  policies,   procedures,  and  operations Information  Access  Management Govern  access  to  ePHI Workforce  Training  and   Management Provide  security  training  and  have  a   process  to  apply  sanctions when  violations   of  policy  occur Evaluation Periodic  assessments  of  the  organization’s   policies  and  procedures  against  the   Administrative  Safeguards Security  Management  Process Risk  Analysis  and  Management Administrative  Safeguards Evaluate Implement Document Maintain Risk  Analysis   and  Management
15WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Physical  Safeguards Control  Standard Safeguard  Topics Facility  Access  Control Limit  physical  access  to  facilities  to  only  authorized  individuals  and   supervised  visitors Workstation  and  Device  Security Define  proper  use  of  and  access to workstations  and  electronic  media Control the  transfer,  removal,  disposal,  and  re-­use  of  electronic  media  
16WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Technical  Safeguards Encryption  &  HIPAA • Not  technically required,  however,  it  must  be   considered  in  the  risk  analysis… • Encryption  should  be  implemented  if  an  entity   finds  it  would  safeguard  ePHI,  or  implement   an  alternative  and  document  the  case  for   doing  so. • Encryption  is  the  process  of  encoding. • Ex.  “HIPAA”  -­>  4Uzj398jw • HIPAA  is  intentionally  vague  to  allow  for   technology  advancements • NIST  FIPS  197  (AES)  and  FIPS  140-­2 Control  Standard Safeguard  Topics Access  Control Control  access  to  ePHI to  only  authorized   persons Encryption  and  decryption  mechanism Audit  Controls Record  and  examine  access  and  other   activity  in  information  systems  that  contain   ePHI Integrity  Controls Ensure  that  ePHI is  not  improperly  altered  or   destroyed Transmission   Security Technical  security  measures  which  guard   against  unauthorized  access  to  ePHI that  is   being  transmitted over  an  electronic  network   (includes  encryption  if  appropriate)
17WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Organizational  Safeguards Control  Standard Safeguard  Topics Covered  Entity  Responsibilities CE  must  ensure  that  the  BA  safeguards  ePHI Consistent  use  of  Business  Associate  Contracts  (or  Agreements) BAC/BAA’s  must  contain  security  language Policies,  Procedures,  and   Documentation  Requirements Create  and  maintain policies  and  procedures  to  comply  with  the  Security   Rule  provisions Maintain  governance  documentation  for  six  years Update  the  documentation  periodically  based  on  organizational  change  (at   least  annually) Compliance The  Department  of  Health  and  Human  Services  (HHS),  Office  for  Civil  Rights   (OCR)  is  responsible  for  administering  and  enforcing  the  standards
18WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance The  Costs  of   Non-­Compliance
19WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Costs  of  Non-­Compliance • Four  different  categories  of   violations  measuring  the  level  of   neglect,  ability  to  avoid,  and   actions  taken  to  correct • Each  category  carries  financial   penalties  up  to  $1,500,000  per   category,  per  year. • State  or  Federal  fines • Criminal  penalties  can  also  be   applied  – up  to  10  years  in  jail. HIPAA  Violations  (Breaches) Non-­Compliance  Penalties • Penalties  can  be  imposed  for  any   number  of  reasons: • Failure  to  maintain  documented   policies  and  procedures • Failure  to  conduct  employee  training   on  a  regular  basis  (and  documenting   that  it  was  completed) • Failure  to  complete  and  maintain   BAAs  with  third-­party  service  providers • BAAs  written  before  2014  need  to  be   revised  to  align  with  Omnibus   requirements
20WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance 5  Key  Steps  Toward   Achieving  HIPAA   Compliance
21WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance 5  Key  Steps  Toward   Achieving  HIPAA  Compliance Implement  policies  and  procedures Data  discovery  and  asset  inventory Training  and  awareness Implementing  technical  controls Security  risk  assessment 1 2 3 4 5
22WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Policies  and  Procedures • Leverage  the  HIPAA  Audit  Protocol  to  identify  gaps  in  your  current  policy  library. • Policies  should  be  formally  and  consistently  documented. – Titles,  owners,  effective  dates,  review  dates,  change  log,  revision  history,  links  to  relevant   procedures • Policies  should  be  regularly  reviewed  and  updated  to  reflect  the  organization’s   current  risk  analysis,  environmental  changes,  and  regulatory  requirements. Policies  and  procedures  create  the  foundation  for  your  organization’s  IT  and  IS   operations…  and  success  with  HIPAA  compliance.   1
23WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Data  Discovery  and  Asset  Inventory • Document  what  types  of  data  your  organization  collects,  stores,  and  transmits. – This  will  help  you  identify  critical  systems,  data  repositories,  and  organizational  units  involved   in  the  data’s  lifecycle. • Create  an  asset  inventory  to  track  sensitive  data  to  the  asset  where  the  information  resides.  The   asset  inventory  should  include: End  user  workstations  |  Asset  owners  |  Configuration  information  |  Physical/logical  location   mappings. • Mature  asset  inventories  can  be  leveraged  as  evidence  of  the  presence  of  encryption  on  a   workstation  or  potential  access  within  the  environment  based  on  the  asset  owner. You  can’t  protect  what  you  can’t  find.  Understanding  where  your  sensitive   data  resides  is  the  first  step  in  protection. 2
24WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Training  and  Awareness • Your  workforce  should   – Know  and  understand  HIPAA. – Know  and  understand  your  compliance  policies  and   procedures. – Complete  training  (document  and  maintain  it). • Consider  training  your  users  about  additional  security   topics  (phishing,  safe  web  browsing,  password   management,  data  security,  etc.). Educating  your  workforce  is  not  only  a  requirement  of  HIPAA,  it  is  a  critical   component  to  your  security  program…especially  given  today’s  threat  landscape.   End  users  represent   the  largest  attack   surface  – and  often   the  weakest  link! 3
25WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Implement  Technical  Controls • Leverage  security  technologies  to  strengthen  your  program  and  provide  greater   visibility  into  your  organization. • Encryption,  intrusion  detection,  audit  logging,  event  monitoring  are  all  areas  where   tools  and  technologies  can  provide  value. • Automated  technical  controls  (when  configured  properly)  can  be  a  strong  mechanism   to  prevent  and/or  detect  poor  end  user  behaviors. Not  a  silver  bullet,  but  an  arrow  in  your  quiver. 4
26WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Security  Risk  Assessment • In  our  experience,  the  #1  most  requested  item  by  the  OCR. • The  risk  analysis  report  should  include  a  clear  description  on  the  scope,  audit   methodology,  identified  risks,  and  remediation  actions. • There  is  no  single  approved  risk  assessment  methodology. Demonstrates  that  you  understand  your  environment  and  take  HIPAA  security   seriously. 5
27WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Summary
28WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance 28 Summary Five  Big  Takeaways 1 Policies  and   Procedures 2 Data  Discovery   and  Asset   Inventory 3 Training  and   Awareness 4 Implement   Technical   Controls 5 Security  Risk   Assessment
29WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance KSM  &  KSMC  is  proud  to  offer  a  wide  range  of  cybersecurity,  operations,  and   financial  advisory  services  tailored  for  the  healthcare  industry. How  KSM  and  KSMC  can  help Valuation ▪ Benchmarking                  ▪ FMV/CR  opinions                  ▪ Transaction  support                  ▪ Compliance Hospitals  &  Health  Systems • Strategy  development • Financial  services Physicians  &  Practices ▪ Strategy  guidance   ▪ Tax,  financial  planning ▪ Acquisition  guidance ▪ Financial  operations
30WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Feel  free  to  submit  questions  in  the  chat  box  on  your  screen. Webinar:  HIPAA  101:  5  Steps  Toward  Achieving  Compliance Questions?
31WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Thank  you Dan  Resnick Director,  Cybersecurity  and  Compliance KSM  Consulting,  LLC dresnick@ksmconsulting.com (317)  452-­1646

Recommended

DPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy RisksDPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy Risks
Hernan Huwyler, MBA CPA
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
Redspin, Inc.
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
 
Hernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacyHernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacy
Hernan Huwyler, MBA CPA
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
JNicholson
 
ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler
ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler
ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler
Hernan Huwyler, MBA CPA
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
Sharing Slides Training
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
Sharing Slides Training
 

Recommended

DPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy RisksDPO Day Conference - Minimizing Privacy Risks
DPO Day Conference - Minimizing Privacy Risks
Hernan Huwyler, MBA CPA
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
Redspin, Inc.
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
PECB
 
Hernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacyHernan huwyler ISOs for cyber security and privacy
Hernan huwyler ISOs for cyber security and privacy
Hernan Huwyler, MBA CPA
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
JNicholson
 
ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler
ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler
ISO 31022 Management of Legal Risks IE Law School Masterclass Hernan Huwyler
Hernan Huwyler, MBA CPA
 
Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2Ais Romney 2006 Slides 08 Is Control2
Ais Romney 2006 Slides 08 Is Control2
Sharing Slides Training
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
Sharing Slides Training
 
Healthcare It Security Risk 0310
Healthcare It Security Risk 0310Healthcare It Security Risk 0310
Healthcare It Security Risk 0310
John Reno
 
E Discovery V2.Pdf
E Discovery V2.PdfE Discovery V2.Pdf
E Discovery V2.Pdf
Fred Travis
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
Kimberly Simon MBA
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
data brackets
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
Steve Knapp
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
EC-Council
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
Hernan Huwyler, MBA CPA
 
Hipaa it risk analysis and risk analysis
Hipaa it risk analysis and risk analysisHipaa it risk analysis and risk analysis
Hipaa it risk analysis and risk analysis
John_mith
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
Redspin, Inc.
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
Vandana Verma
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
Graeme Cross
 
Aon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placematAon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placemat
Graeme Cross
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You Up
EAI Information Systems
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
himalya sharma
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
Corporater
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
OnRamp
 
Breach response
Breach responseBreach response
Breach response
Claudiu Popa
 
DOL Fiduciary Rule Infographic
DOL Fiduciary Rule InfographicDOL Fiduciary Rule Infographic
DOL Fiduciary Rule Infographic
EAI Information Systems
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
sharing notes123
 
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilsonChkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
vp1234
 

More Related Content

What's hot

EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
data brackets
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
Steve Knapp
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
OnRamp
 

What's hot (20)

Healthcare It Security Risk 0310
Healthcare It Security Risk 0310Healthcare It Security Risk 0310
Healthcare It Security Risk 0310
 
E Discovery V2.Pdf
E Discovery V2.PdfE Discovery V2.Pdf
E Discovery V2.Pdf
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample document
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
 
Hipaa it risk analysis and risk analysis
Hipaa it risk analysis and risk analysisHipaa it risk analysis and risk analysis
Hipaa it risk analysis and risk analysis
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
Aon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placematAon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placemat
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You Up
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
 
Breach response
Breach responseBreach response
Breach response
 
DOL Fiduciary Rule Infographic
DOL Fiduciary Rule InfographicDOL Fiduciary Rule Infographic
DOL Fiduciary Rule Infographic
 

Similar to WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance

Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilsonChkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
vp1234
 
How To Provide Superior Ethics Training
How To Provide Superior Ethics TrainingHow To Provide Superior Ethics Training
How To Provide Superior Ethics Training
Kendal Peterson
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
supportc2go
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle Management
Barry Caplin
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
MBMeHealthCareSolutions
 

Similar to WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance (20)

Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
 
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilsonChkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
Chkmo conducting an_hr_audit_and_using_technology_for_compliance_amy_wilson
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
How To Provide Superior Ethics Training
How To Provide Superior Ethics TrainingHow To Provide Superior Ethics Training
How To Provide Superior Ethics Training
 
3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
How to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity ClientsHow to Manage a Data Breach Involving Multiple Covered Entity Clients
How to Manage a Data Breach Involving Multiple Covered Entity Clients
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
Claranetpresentation
ClaranetpresentationClaranetpresentation
Claranetpresentation
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle Management
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
Securing SharePoint -- 5 SharePoint Security Essentials You Cannot Afford to ...
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 

More from KSM Consulting

Getting Started with Business Intelligence Webinar
Getting Started with Business Intelligence WebinarGetting Started with Business Intelligence Webinar
Getting Started with Business Intelligence Webinar
KSM Consulting
 
Webinar: Disrupting the Opioid Epidemic with Data Analytics
Webinar: Disrupting the Opioid Epidemic with Data AnalyticsWebinar: Disrupting the Opioid Epidemic with Data Analytics
Webinar: Disrupting the Opioid Epidemic with Data Analytics
KSM Consulting
 
Webinar: Roadmap to Implementing Managed Services
Webinar: Roadmap to Implementing Managed ServicesWebinar: Roadmap to Implementing Managed Services
Webinar: Roadmap to Implementing Managed Services
KSM Consulting
 

More from KSM Consulting (8)

Making Your Data Center Selection: The Whens, Whys, and Hows
Making Your Data Center Selection: The Whens, Whys, and HowsMaking Your Data Center Selection: The Whens, Whys, and Hows
Making Your Data Center Selection: The Whens, Whys, and Hows
 
Webinar: The Importance of a Next-Generation Network
Webinar: The Importance of a Next-Generation NetworkWebinar: The Importance of a Next-Generation Network
Webinar: The Importance of a Next-Generation Network
 
Moving from Controller to Strategic Organizational Leader
Moving from Controller to Strategic Organizational LeaderMoving from Controller to Strategic Organizational Leader
Moving from Controller to Strategic Organizational Leader
 
Webinar: Document Management - Achieving Success Through End-User Focus
Webinar: Document Management - Achieving Success Through End-User FocusWebinar: Document Management - Achieving Success Through End-User Focus
Webinar: Document Management - Achieving Success Through End-User Focus
 
Developing a Holistic Cloud Strategy Webinar
Developing a Holistic Cloud Strategy WebinarDeveloping a Holistic Cloud Strategy Webinar
Developing a Holistic Cloud Strategy Webinar
 
Getting Started with Business Intelligence Webinar
Getting Started with Business Intelligence WebinarGetting Started with Business Intelligence Webinar
Getting Started with Business Intelligence Webinar
 
Webinar: Disrupting the Opioid Epidemic with Data Analytics
Webinar: Disrupting the Opioid Epidemic with Data AnalyticsWebinar: Disrupting the Opioid Epidemic with Data Analytics
Webinar: Disrupting the Opioid Epidemic with Data Analytics
 
Webinar: Roadmap to Implementing Managed Services
Webinar: Roadmap to Implementing Managed ServicesWebinar: Roadmap to Implementing Managed Services
Webinar: Roadmap to Implementing Managed Services
 

Recently uploaded

Call Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali Punjab
Call Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali PunjabCall Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali Punjab
Call Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali Punjab
Sheetaleventcompany
 
Escorts Lahore || 🔞 03274100048 || Escort service in Lahore
Escorts Lahore || 🔞 03274100048 || Escort service in LahoreEscorts Lahore || 🔞 03274100048 || Escort service in Lahore
Escorts Lahore || 🔞 03274100048 || Escort service in Lahore
Deny Daniel
 
Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...
Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...
Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...
mahaiklolahd
 
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
mahaiklolahd
 
Gorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali Punjab
Gorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali PunjabGorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali Punjab
Gorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali Punjab
Sheetaleventcompany
 
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking ModelsRishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rupali Sharma
 
vadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
vadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetvadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
vadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh
 
surat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
surat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetsurat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
surat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
Call Girls Chandigarh
 
Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...
Sheetaleventcompany
 
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun UttrakhandDehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
indiancallgirl4rent
 
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
Kolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girl
Kolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girlKolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girl
Kolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girl
only4webmaster01
 
Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024
Sheetaleventcompany
 

Recently uploaded (20)

Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur RajasthanJaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
Jaipur Call Girls 9257276172 Call Girl in Jaipur Rajasthan
 
Call Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali Punjab
Call Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali PunjabCall Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali Punjab
Call Girls Service Mohali {7435815124} ❤️VVIP PALAK Call Girl in Mohali Punjab
 
Sexy Call Girl Tiruvannamalai Arshi 💚9058824046💚 Tiruvannamalai Escort Service
Sexy Call Girl Tiruvannamalai Arshi 💚9058824046💚 Tiruvannamalai Escort ServiceSexy Call Girl Tiruvannamalai Arshi 💚9058824046💚 Tiruvannamalai Escort Service
Sexy Call Girl Tiruvannamalai Arshi 💚9058824046💚 Tiruvannamalai Escort Service
 
Escorts Lahore || 🔞 03274100048 || Escort service in Lahore
Escorts Lahore || 🔞 03274100048 || Escort service in LahoreEscorts Lahore || 🔞 03274100048 || Escort service in Lahore
Escorts Lahore || 🔞 03274100048 || Escort service in Lahore
 
2024 PCP #IMPerative Updates in Rheumatology
2024 PCP #IMPerative Updates in Rheumatology2024 PCP #IMPerative Updates in Rheumatology
2024 PCP #IMPerative Updates in Rheumatology
 
Sexy Call Girl Dharmapuri Arshi 💚9058824046💚 Dharmapuri Escort Service
Sexy Call Girl Dharmapuri Arshi 💚9058824046💚 Dharmapuri Escort ServiceSexy Call Girl Dharmapuri Arshi 💚9058824046💚 Dharmapuri Escort Service
Sexy Call Girl Dharmapuri Arshi 💚9058824046💚 Dharmapuri Escort Service
 
Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...
Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...
Call Girl in Indore 8827247818 {Low Price}👉 Nitya Indore Call Girls * ITRG...
 
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
Call Girl in Bangalore 9632137771 {LowPrice} ❤️ (Navya) Bangalore Call Girls ...
 
Gorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali Punjab
Gorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali PunjabGorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali Punjab
Gorgeous Call Girls Mohali {7435815124} ❤️VVIP ANGEL Call Girls in Mohali Punjab
 
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking ModelsRishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
Rishikesh Call Girls Service 6398383382 Real Russian Girls Looking Models
 
vadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
vadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetvadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
vadodara Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
surat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
surat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meetsurat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
surat Call Girls 👙 6297143586 👙 Genuine WhatsApp Number for Real Meet
 
Kochi call girls Mallu escort girls available 7877702510
Kochi call girls Mallu escort girls available 7877702510Kochi call girls Mallu escort girls available 7877702510
Kochi call girls Mallu escort girls available 7877702510
 
Sexy Call Girl Nagercoil Arshi 💚9058824046💚 Nagercoil Escort Service
Sexy Call Girl Nagercoil Arshi 💚9058824046💚 Nagercoil Escort ServiceSexy Call Girl Nagercoil Arshi 💚9058824046💚 Nagercoil Escort Service
Sexy Call Girl Nagercoil Arshi 💚9058824046💚 Nagercoil Escort Service
 
Sexy Call Girl Villupuram Arshi 💚9058824046💚 Villupuram Escort Service
Sexy Call Girl Villupuram Arshi 💚9058824046💚 Villupuram Escort ServiceSexy Call Girl Villupuram Arshi 💚9058824046💚 Villupuram Escort Service
Sexy Call Girl Villupuram Arshi 💚9058824046💚 Villupuram Escort Service
 
Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...
Low Rate Call Girls Pune {9xx000xx09} ❤️VVIP NISHA Call Girls in Pune Maharas...
 
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun UttrakhandDehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
Dehradun Call Girls 8854095900 Call Girl in Dehradun Uttrakhand
 
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Budhwar Peth ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Kolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girl
Kolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girlKolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girl
Kolkata Call Girls Miss Inaaya ❤️ at @30% discount Everyday Call girl
 
Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024Top 20 Famous Indian Female Pornstars Name List 2024
Top 20 Famous Indian Female Pornstars Name List 2024
 

WEBINAR: HIPAA 101: Five Steps Toward Achieving Compliance

  • 1. 1WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Webinar:   HIPAA  101:  5  Steps  Toward  Achieving  Compliance Webinar  will  begin  at  NOON  EST Twitter:  @KSMC_Consulting @DanResnick14 Webinar  Login  Information: For  audio,  please  dial:  1.415.655.0001  #  198  812  829
  • 2. 2WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance HIPAA  101
  • 3. 3WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Director,  Cybersecurity  and  Compliance • Leads  the  technology  team  in  assessing   cybersecurity  and  compliance,  developing  solutions   for  compliance,  and  managing  security  ongoing. • 10+  experience  providing  cybersecurity  solutions  to   the  healthcare  industry • Graduate  of  Indiana  University • Twitter:  @danresnick14 Dan  Resnick
  • 4. 4WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Agenda HIPAA  Introduction Security  Rule  Deep  Dive HIPAA  Objectives Cost  of  Non-­Compliance WEBINAR 1. 2. 4. 3. 5  Tips  to  Achieving   Compliance 5.
  • 5. 5WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Introduction  to  HIPAA
  • 6. 6WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance American  Health  Insurance  Portability  and   Accountability  Act  of  1996 • Passed  by  Congress  and  signed  by  President  Clinton. • Created  to  provide  a  set  of  rules  to  be  followed  by   doctors,  hospitals,  and  other  healthcare  providers. • Ensures  that  all  medical  records,  medical  billing,  and   patient  accounts  meet  certain  consistent  standards   with  regards  to  documentation,  handling,  and  privacy. Introduction  to  HIPAA The  main  components: • Privacy  Rule • Security  Rule • Breach  Notification  Rule
  • 7. 7WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance What  does  HIPAA  Cover? Activity Purpose  of  Inclusion Transactions Standardizes  diagnostic  and  treatment  codes,  forms,  and  processes Identifiers Standardizes  the  identifier  code  sets  and  numbers  used  in  transactions Privacy Addresses  who  can  access  PHI  (in  all  forms  – oral,  written,  electronic,  etc.),  how   records  may  be  shared  or  may  not  be  shared,  and  how  the  information  needs  to  be   safeguarded Security Addresses  how  PHI  (electronic  only)  is  protected,  both  in  storage  and  in   transmission
  • 8. 8WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Who  must  comply? A  covered  entity  can  be  a   business  associate  of   another  covered  entity. Covered   Entities Provider Health  Plan Healthcare   Clearinghouse Business   Associates Accreditation Billing Claims   processing Consulting Data  analysis Financial   services Legal  services Management   administration
  • 9. 9WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance PII  vs.  PHI Contact  Information (email  address,  physical  address,   telephone  and  mobile  numbers) Personal  Characteristics (full  name,  date  of  birth,  birth  location,   height,  weight,  hair/eye  color,  religious   affiliation,  ethnicity,  biometric  data,  copy  of   signature,  full  face/body  image,  vehicle   numbers,  certificate/license) Social  Security  Number Government  Issued  Identification (driver’s  license,  passport,  birth  certificate,   library  card,  military  ID) Account  Numbers  and  Financials (bank,  insurance,  investments,  credit   cards,  account  balance,  wage  &  salary,   tax  filing,  credit  history) Medical  Records  Information (prescriptions,  medical  records,   exams,  images,  histories) Verification  Data (mother’s  maiden  name,  pets’  and   kids’  names,  high  school,   passwords) Online  Information (Facebook,  social  media,   passwords,  PINs,  customer   account  numbers,  Static  IP  or   URL) One  additional  item • Any  other  unique  identifying   number,  characteristic,  or  code (Personally  Identifiable  Information)  vs. (Protected  Health  Information)
  • 10. 10WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Objectives  of  HIPAA
  • 11. 11WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Privacy  and  Breach  Key  Takeaways • Who  is  covered – Health  Plans – Healthcare  Providers – Healthcare  Clearinghouses – Business  Associates • What  information  is  protected – Protected  Health  Information • Permitted  Uses  and  Disclosures • Authorized  Uses  and  Disclosures • Establishing  “Minimum  Necessary” • Notice  and  Individual  Rights • Penalties  for  Non-­Compliance Privacy • When  to  notify • Who  to  notify – Individuals – Media • Timeliness  of  notifications Breach
  • 12. 12WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance HIPAA  Security  Rule  Overview Administrative   Safeguards • Security  Management • Security  Personnel • Information  Access   Management • Workforce  Training • Evaluation Physical  Safeguards • Facility  Access  and  Control • Workstation  and  Device   Security Technical   Safeguards • Access  Control • Audit  Control • Integrity  Control • Transmission  Security Organizational   Requirements • Covered  Entity   Responsibilities • Business  Associate   Contracts • Policies  and   Procedures • Documentation   Requirements Required Addressable Availability vs.
  • 13. 13WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Deep  Dive  into  the   HIPAA  Security  Rule
  • 14. 14WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Control  Standard Safeguard  Topics Security  Personnel Designate  a  security  official  who  is   formally  responsible  for  security  policies,   procedures,  and  operations Information  Access  Management Govern  access  to  ePHI Workforce  Training  and   Management Provide  security  training  and  have  a   process  to  apply  sanctions when  violations   of  policy  occur Evaluation Periodic  assessments  of  the  organization’s   policies  and  procedures  against  the   Administrative  Safeguards Security  Management  Process Risk  Analysis  and  Management Administrative  Safeguards Evaluate Implement Document Maintain Risk  Analysis   and  Management
  • 15. 15WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Physical  Safeguards Control  Standard Safeguard  Topics Facility  Access  Control Limit  physical  access  to  facilities  to  only  authorized  individuals  and   supervised  visitors Workstation  and  Device  Security Define  proper  use  of  and  access to workstations  and  electronic  media Control the  transfer,  removal,  disposal,  and  re-­use  of  electronic  media  
  • 16. 16WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Technical  Safeguards Encryption  &  HIPAA • Not  technically required,  however,  it  must  be   considered  in  the  risk  analysis… • Encryption  should  be  implemented  if  an  entity   finds  it  would  safeguard  ePHI,  or  implement   an  alternative  and  document  the  case  for   doing  so. • Encryption  is  the  process  of  encoding. • Ex.  “HIPAA”  -­>  4Uzj398jw • HIPAA  is  intentionally  vague  to  allow  for   technology  advancements • NIST  FIPS  197  (AES)  and  FIPS  140-­2 Control  Standard Safeguard  Topics Access  Control Control  access  to  ePHI to  only  authorized   persons Encryption  and  decryption  mechanism Audit  Controls Record  and  examine  access  and  other   activity  in  information  systems  that  contain   ePHI Integrity  Controls Ensure  that  ePHI is  not  improperly  altered  or   destroyed Transmission   Security Technical  security  measures  which  guard   against  unauthorized  access  to  ePHI that  is   being  transmitted over  an  electronic  network   (includes  encryption  if  appropriate)
  • 17. 17WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Organizational  Safeguards Control  Standard Safeguard  Topics Covered  Entity  Responsibilities CE  must  ensure  that  the  BA  safeguards  ePHI Consistent  use  of  Business  Associate  Contracts  (or  Agreements) BAC/BAA’s  must  contain  security  language Policies,  Procedures,  and   Documentation  Requirements Create  and  maintain policies  and  procedures  to  comply  with  the  Security   Rule  provisions Maintain  governance  documentation  for  six  years Update  the  documentation  periodically  based  on  organizational  change  (at   least  annually) Compliance The  Department  of  Health  and  Human  Services  (HHS),  Office  for  Civil  Rights   (OCR)  is  responsible  for  administering  and  enforcing  the  standards
  • 18. 18WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance The  Costs  of   Non-­Compliance
  • 19. 19WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Costs  of  Non-­Compliance • Four  different  categories  of   violations  measuring  the  level  of   neglect,  ability  to  avoid,  and   actions  taken  to  correct • Each  category  carries  financial   penalties  up  to  $1,500,000  per   category,  per  year. • State  or  Federal  fines • Criminal  penalties  can  also  be   applied  – up  to  10  years  in  jail. HIPAA  Violations  (Breaches) Non-­Compliance  Penalties • Penalties  can  be  imposed  for  any   number  of  reasons: • Failure  to  maintain  documented   policies  and  procedures • Failure  to  conduct  employee  training   on  a  regular  basis  (and  documenting   that  it  was  completed) • Failure  to  complete  and  maintain   BAAs  with  third-­party  service  providers • BAAs  written  before  2014  need  to  be   revised  to  align  with  Omnibus   requirements
  • 20. 20WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance 5  Key  Steps  Toward   Achieving  HIPAA   Compliance
  • 21. 21WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance 5  Key  Steps  Toward   Achieving  HIPAA  Compliance Implement  policies  and  procedures Data  discovery  and  asset  inventory Training  and  awareness Implementing  technical  controls Security  risk  assessment 1 2 3 4 5
  • 22. 22WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Policies  and  Procedures • Leverage  the  HIPAA  Audit  Protocol  to  identify  gaps  in  your  current  policy  library. • Policies  should  be  formally  and  consistently  documented. – Titles,  owners,  effective  dates,  review  dates,  change  log,  revision  history,  links  to  relevant   procedures • Policies  should  be  regularly  reviewed  and  updated  to  reflect  the  organization’s   current  risk  analysis,  environmental  changes,  and  regulatory  requirements. Policies  and  procedures  create  the  foundation  for  your  organization’s  IT  and  IS   operations…  and  success  with  HIPAA  compliance.   1
  • 23. 23WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Data  Discovery  and  Asset  Inventory • Document  what  types  of  data  your  organization  collects,  stores,  and  transmits. – This  will  help  you  identify  critical  systems,  data  repositories,  and  organizational  units  involved   in  the  data’s  lifecycle. • Create  an  asset  inventory  to  track  sensitive  data  to  the  asset  where  the  information  resides.  The   asset  inventory  should  include: End  user  workstations  |  Asset  owners  |  Configuration  information  |  Physical/logical  location   mappings. • Mature  asset  inventories  can  be  leveraged  as  evidence  of  the  presence  of  encryption  on  a   workstation  or  potential  access  within  the  environment  based  on  the  asset  owner. You  can’t  protect  what  you  can’t  find.  Understanding  where  your  sensitive   data  resides  is  the  first  step  in  protection. 2
  • 24. 24WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Training  and  Awareness • Your  workforce  should   – Know  and  understand  HIPAA. – Know  and  understand  your  compliance  policies  and   procedures. – Complete  training  (document  and  maintain  it). • Consider  training  your  users  about  additional  security   topics  (phishing,  safe  web  browsing,  password   management,  data  security,  etc.). Educating  your  workforce  is  not  only  a  requirement  of  HIPAA,  it  is  a  critical   component  to  your  security  program…especially  given  today’s  threat  landscape.   End  users  represent   the  largest  attack   surface  – and  often   the  weakest  link! 3
  • 25. 25WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Implement  Technical  Controls • Leverage  security  technologies  to  strengthen  your  program  and  provide  greater   visibility  into  your  organization. • Encryption,  intrusion  detection,  audit  logging,  event  monitoring  are  all  areas  where   tools  and  technologies  can  provide  value. • Automated  technical  controls  (when  configured  properly)  can  be  a  strong  mechanism   to  prevent  and/or  detect  poor  end  user  behaviors. Not  a  silver  bullet,  but  an  arrow  in  your  quiver. 4
  • 26. 26WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Security  Risk  Assessment • In  our  experience,  the  #1  most  requested  item  by  the  OCR. • The  risk  analysis  report  should  include  a  clear  description  on  the  scope,  audit   methodology,  identified  risks,  and  remediation  actions. • There  is  no  single  approved  risk  assessment  methodology. Demonstrates  that  you  understand  your  environment  and  take  HIPAA  security   seriously. 5
  • 27. 27WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Summary
  • 28. 28WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance 28 Summary Five  Big  Takeaways 1 Policies  and   Procedures 2 Data  Discovery   and  Asset   Inventory 3 Training  and   Awareness 4 Implement   Technical   Controls 5 Security  Risk   Assessment
  • 29. 29WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance KSM  &  KSMC  is  proud  to  offer  a  wide  range  of  cybersecurity,  operations,  and   financial  advisory  services  tailored  for  the  healthcare  industry. How  KSM  and  KSMC  can  help Valuation ▪ Benchmarking                  ▪ FMV/CR  opinions                  ▪ Transaction  support                  ▪ Compliance Hospitals  &  Health  Systems • Strategy  development • Financial  services Physicians  &  Practices ▪ Strategy  guidance   ▪ Tax,  financial  planning ▪ Acquisition  guidance ▪ Financial  operations
  • 30. 30WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Feel  free  to  submit  questions  in  the  chat  box  on  your  screen. Webinar:  HIPAA  101:  5  Steps  Toward  Achieving  Compliance Questions?
  • 31. 31WEBINAR ksmconsulting.com©  2017  KSM  Consulting,  LLC HIPAA  101:  5  Tips  to  Compliance Thank  you Dan  Resnick Director,  Cybersecurity  and  Compliance KSM  Consulting,  LLC dresnick@ksmconsulting.com (317)  452-­1646