Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hipaa Compliance With IT

3,966 views

Published on

Achieving HIPAA Compliance with help from IT

Published in: Health & Medicine, Technology
  • Hi Nainil,

    It was encouraging to know your creative ideas about how to achieve HIPAA Compliance. i am working as a Compliance officer. We would like to have any further views also in case you could share the PPT it would be great.

    Regards,
    Swapnil Choudhari
    91-9922939950 [India]
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Hipaa Compliance With IT

  1. 1. Achieving HIPAA Compliance with help from IT Nainil Chheda www.nainil.com
  2. 2. This is like: <ul><li>Mastering the art of eating a yogurt with a Fork </li></ul>
  3. 3. Do we know what HIPAA is? <ul><li>Hippo is the third largest land animal </li></ul><ul><li>It is: </li></ul><ul><ul><li>Huge </li></ul></ul><ul><ul><li>Has a large jaw </li></ul></ul><ul><ul><li>Has an Invisible Boundary which is not to be crossed </li></ul></ul>
  4. 4. Quick Facts <ul><li>How many words and lines are in the Health Insurance Portability and Accountability Act? </li></ul><ul><li>About 73,840 words, 5704 lines </li></ul>
  5. 5. IT Facilitates <ul><li>Moving with the elements (together) </li></ul><ul><li>Not as a Dictator </li></ul>
  6. 6. Awareness <ul><li>Software and hardware, in and of themselves, cannot be &quot;HIPAA compliant&quot; </li></ul><ul><li>It (Software / Hardware) can only aid a practice become HIPAA compliant </li></ul>eCW along with other added components can help a practice achieve HIPAA compliance
  7. 7. Is Technology a Challenge? <ul><li>No </li></ul><ul><li>Then what are the most common challenges in being HIPAA Compliant? </li></ul><ul><li>1) People </li></ul><ul><li>2) Processes </li></ul><ul><li>3) Policies </li></ul>
  8. 8. Checklist <ul><li>Education </li></ul><ul><li>Business Policies </li></ul><ul><li>Technology (standards compliance)‏ </li></ul><ul><li>Documentation </li></ul><ul><li>Periodic Audit </li></ul>
  9. 9. Training & Policy <ul><li>Training </li></ul><ul><li>Mandated by Law </li></ul><ul><li>Employee training </li></ul><ul><li>Twice a year </li></ul><ul><li>TRUP </li></ul><ul><li>(Technological Resource Utilization Policy) </li></ul><ul><li>Signed by employees </li></ul><ul><li>Signed by business associates </li></ul>
  10. 10. Controls <ul><li>sFTP for Database Transfer </li></ul><ul><li>Domain controller </li></ul><ul><li>Remote Desktop (Secure VNC etc) </li></ul><ul><li>HIPAA disclaimer (in email signature) </li></ul><ul><li>Secure Individual Fax Inbox </li></ul><ul><li>Secure Email (like Network Solutions – MessageGuard) </li></ul>
  11. 11. Documentation <ul><li>Escalation Path </li></ul><ul><li>Server Access Logs </li></ul><ul><li>Maintenance Logs </li></ul><ul><li>Proactive Email/RSS Notification </li></ul>
  12. 12. Certified Data Destruction <ul><li>Secure bins </li></ul><ul><li>On-site destruction </li></ul><ul><li>DOD 7 layer format </li></ul>
  13. 13. Do not get scared after this slide
  14. 14. CMS Investigation Interview <ul><li>Personnel Interviewed </li></ul><ul><ul><li>President </li></ul></ul><ul><ul><li>HIPAA Compliance Officer </li></ul></ul><ul><ul><li>Network Engineer </li></ul></ul><ul><ul><li>HR </li></ul></ul><ul><ul><li>Director of Training </li></ul></ul><ul><li>Source : http://www.cms.hhs.gov/Enforcement/Downloads/InformationRequestforComplianceReviews.pdf </li></ul><ul><li>Document Request </li></ul><ul><ul><li>Policy documents on prevention, detection and correction of security violations </li></ul></ul><ul><ul><li>Physical security </li></ul></ul><ul><ul><li>User Access </li></ul></ul><ul><ul><li>User Termination </li></ul></ul><ul><ul><li>Access to EPHI </li></ul></ul><ul><ul><li>Password management </li></ul></ul>
  15. 15. Other Documents <ul><li>Network penetration testing policy and procedure </li></ul><ul><li>Entity-wide security plan </li></ul><ul><li>Risk analysis </li></ul><ul><li>Organizational chart </li></ul><ul><li>Data backup procedure </li></ul><ul><li>Disaster recovery plan </li></ul><ul><li>Virus protection plan </li></ul><ul><li>Training Courses </li></ul>
  16. 16. Thank You Nainil Chheda [email_address] http://www.nainil.com

×