SlideShare a Scribd company logo

HIPAA Security 2019

Download as PPTX, PDF
Jose Ivan Delgado, Ph.D.
Jose Ivan Delgado, Ph.D.

The current healthcare system in the United States is heavily influenced by HIPAA Security. This translates into a need to understand technology and cybersecurity beyond the use of anti-malware applications. This presentation presents some of the basics Covered Entities and Business Associates must be aware of as it relates to HIPAA Security.

Healthcare
1 of 30
HIPAA Security Dr. Jose I. Delgado
Introduction This presentation covers: • HIPAA’s Importance – beyond the regulation • What is HIPAA • HIPAA Security Key Components • Cybersecurity • Lessons Learned • Recommendations
Disclaimer This information is not intended to be legal advice and does not intend to create an attorney-client relationship. The information hereby presented is for educational purposes only.
Objectives Understand: • Basics of HIPAA Security • Cybersecurity threats in 2019 • Remediation actions and recommended steps
Perspective on the law Practicing without license • Jail or prison. • Misdemeanor maximum jail sentence of up to one year. • Felony offenses can face eight years or more in a state prison. • Fines. • Misdemeanor fines normally do not exceed $1,000 • Felony fines exceed $10,000.
Perspective on the Law HIPAA Security Violation • Civil Violations • $100 to $50,000 per violation (or record) • Maximum penalty of $1.5 million per year per violation’s type • Criminal Violations • "knowingly" obtain or release information • fine of up to $50,000, as well as imprisonment up to 1 year. • Offenses committed under false pretenses • $100,000 fine, with up to 5 years in prison. • Offenses committed with the intent to sell, transfer or use for commercial advantage, personal gain or malicious harm • fines of $250,000 and imprisonment up to 10 years.
State Attorneys American Recovery and Reinvestment Act of 2009, • The Health Information Technology for Clinical and Economic Health (HITECH) Act gave State Attorneys General the authority to bring civil actions on behalf of state residents for HIPAA violations The HITECH Act permits State Attorneys General to: • Obtain damages on behalf of state residents • Enjoin further violations of the HIPAA Privacy and Security Rules. OCR developed HIPAA Enforcement Training for State Attorneys designed to: • Teach how to use their new authority to enforce the HIPAA • Aid in investigating and seeking damages for HIPAA violations
Violations and Outcomes • Who: Insurance company, Triple-S (Puerto Rico) • What/Why: Widespread non-compliance • Failure to implement Administrative, Privacy, and Technical safeguards • Lack of appropriate Business Associate Agreements • Failure to conduct accurate/thorough Risk Analysis • Settlement: $3.5 Million • Corrective Action Plan: • Conduct Risk Analysis and Implement Risk Management Plan • Implement Process for Evaluating Environmental and Operational Changes • Distribution and Updating of Policies and Procedures • Training
Violations and Outcomes • Who: Raleigh Orthopedic (North Carolina) • What: Breach report, 17,300 patient records • Why: Handed over x-rays and associated PHI to potential business partner without first executing a business associate agreement. • Settlement: $750,000 • Corrective Action Plan: • Business Associate Agreements • Revise Policies and Procedures Related to Business Associate Relationships • Training
Violations and Outcomes • Who: Anthem Inc • What: Breach report, 79 million patient records • Why: Series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of almost 79 million people. • Settlement: $16,000,000 • Corrective Action Plan: • Security Management Process • Development and Distribution of Policies and Procedures
Violations and Outcomes • Who: Advanced Care Hospitalists PL (ACH) • What: Breach report, 400 patient records • Why: Handed over billing data and associated PHI to potential business partner without first executing a business associate agreement. • Settlement: $500,000 • Corrective Action Plan: • Business Associate Agreement • Risk Analysis and Risk Management • Adoption, Distribution, and Updating of Policies and Procedures • Training
What is HIPAA • HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following: • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; • Reduces health care fraud and abuse; • Mandates industry-wide standards for health care information on electronic billing and other processes; and • Requires the protection and confidential handling of protected health information HIPAA is organized into five separate "Titles."
HIPAA Title 1 Title 2 Preventing Health Care Fraud Medical Liability Reform Administrative Simplification Electronic Data Interchange Privacy Security Security Standards Genera Rule Administrative Safeguards 9 Standards 21 Specifications Technical Safeguards 5 Standards 7 Specifications Physical Safeguards 4 Standards 8 Specifications Organizational Requirements Policies and Procedures Title 3 Title 4 Title 5
Privacy vs Security Privacy Security Applies to Protected Health Information Applies to Electronic Protected Health Information Requires HIPAA Privacy Officer Requires HIPAA Security Officer Guidelines are broad Guidelines are specific Requires Annual Training Requires Annual Training plus Security Reminders Requires Policies and Procedures Requires Policies and Procedures
Security Categories Administrative safeguards: Administrative functions including but not limited to assignment or delegation of security responsibility to an individual and security training requirements. Physical safeguards: Facility, entry points and access. Includes restricting access to EPHI and retaining off site computer backups. Technical safeguards: Refers to the technology used as well as automated processes used to protect data and control access to data.
Required and Addressable Required - If a particular specification is “required”, then the covered entity must take action to implement the specification. Addressable - Implement the specification if reasonable and appropriate • If implementing the specification is not reasonable and appropriate – • Document the rationale supporting the decision and, • Implement an equivalent measure that is reasonable and appropriate and that would accomplish the same purpose or • Not implement the addressable implementation specification or an equivalent alternative measure, if the standard could still be met and implementing the specification or an alternative would not be reasonable or appropriate. Under no conditions should any covered entity considered addressable specifications as optional requirements.
Business Associate • A Business Associate is a person or entity that creates, receives, maintains, or transmits protected health information on behalf of a Covered Entity. • A Covered Entity may be a Business Associate of another Covered Entity.
Omnibus Rule Business Associate Definition • A health information organization, e-prescribing gateway, or other entity that provides data transmission services to a covered entity and requires access on a routine basis to protected health information (PHI). • an entity that is a mere conduit that does not require access to PHI is not included. • A subcontractor. If a business associate subcontracts part of its function requiring access or use of PHI to another organization, that subcontractor is also subject to HIPAA. • There must be a HIPAA compliant business associate agreement between the business associate and its subcontractor. • A person who creates, receives, maintains or transmits PHI on behalf of a covered entity. • Physical storage facilities or companies that store electronic PHI are business associates.
Key About Business Associates Covered Entities must have a valid Business Associate Agreement 01 Covered Entities must obtain assurances that Business Associates are in Compliance with HIPAA 02 Covered Entities must terminate relationship with Business Associates that refuse to be compliant with HIPAA Security 03
Examples of Business Associates • Data processing companies • Medical Transcription specialists • Data Transmission companies • Medical Equipment suppliers • Document Shredding companies • Data Storage Firms • Audit Consultants • Accountants • External Auditors • Electronic Health Data Exchange
Business Associates and risk* 59% of Business Associates reported a data breach 29% of business Associates experienced two breaches or more 80% of BAs reported malware attacks and nearly half were hit by advanced persistent threats *Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute
Cybersecurity Ventures 2019 Report • Cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. • Cyber attacks are the fastest growing crime in the U.S. • Cloud computing will wipe out data centers altogether over the next 3-4 years. • Microsoft helps frame digital growth with its estimate that data volumes online will be 50 times greater in 2020 than they were in 2016. • Cisco confirmed that cloud data center traffic will represent 95 percent of total data center traffic by 2021.
Cybersecurity Reports Global spending on cybersecurity will exceed $1 trillion cumulatively for the 5 year period from 2017-2021, according to Cybersecurity Ventures Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021 Cybercrime will more than triple the number of job openings to 3.5 million Healthcare providers have been the bullseye for hackers over the past three years and are expected to continued to be so Medical information is worth more than 10-times your credit card number on the black market
Patient Data Targeted (Business Associates) 0% 10% 20% 30% 40% 50% 60% 55% 41% 23% 21% 6% 6% 3%
Healthcare Cybersecurity Threats Cloud security Unsecured mobile devices Ransomware People IoT (Internet of things)
Internet of Things (IoT) System of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers ( UIDs ) and the ability to transfer data over a network without requiring human-to- human or human-to-computer interaction. • Amiko.IO focuses on providing products for respiratory disease management, complete with an AI-powered platform. • InfoBionic’s MoMe Kardia provides remote monitoring of cardiac arrhythmia. • PillCamTM , by Medtronic, is a line of swallowable capsules that allow visualization of the esophagus, stomach, small bowel, and colon.
Services to Consider Update Security Patches Automatic monitoring systems Antimalware systems • Antivirus • Ransomware Protection • Backups and Contingency Plans
Plan of Action Assign a Security Officer Have a third party perform a Security Risk Assessment Introduce automated audits and measures Develop and implement Policies Conduct Education/training Annual Training and Security Reminders Review Business Associate Agreements and Compliance
Reminder Security is not a one-time project, but rather an on- going, dynamic process that will create new challenges as covered entities’ organizations and technologies change.
Dr. Jose I. Delgado Taino Consultants Inc., CEO DrDelgado@tainoconsultants.com tainoconsultants.com

Recommended

Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
Jose Ivan Delgado, Ph.D.
 
Hipaa
HipaaHipaa
Hipaateammayco
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
Jim Anfield
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
Valency Networks
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
Jay Hodes
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA Compliance
CBIZ, Inc.
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updatedkkurapat
 

Recommended

Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
Jose Ivan Delgado, Ph.D.
 
Hipaa
HipaaHipaa
Hipaateammayco
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
Jim Anfield
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
Valency Networks
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
Jay Hodes
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA Compliance
CBIZ, Inc.
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updatedkkurapat
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
rcabarloc
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaa
digitalpractice
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
TrueVault
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
Winston & Strawn LLP
 
Hipaa
HipaaHipaa
Hipaa
belziebub
 
HIPAA Training: Preventing Employees from Violating HIPAA
HIPAA Training: Preventing Employees from Violating HIPAAHIPAA Training: Preventing Employees from Violating HIPAA
HIPAA Training: Preventing Employees from Violating HIPAA
jbhicks
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
TrueVault
 
Hitech Act
Hitech ActHitech Act
Hitech Act
Deborah Obasogie
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for Startups
Obaa, Inc.
 
HIPAA
HIPAA HIPAA
HIPAA
ravelo1212
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
Shred-it
 
Hitech Act
Hitech ActHitech Act
Hitech ActISACA New England
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
9535814851
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingvrgill22
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
Skoda Minotti
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
Compliancy Group
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
SecurityMetrics
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
robint2125
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
JNicholson
 
The viability of Personal Health Information MHA690
The viability of Personal Health Information MHA690The viability of Personal Health Information MHA690
The viability of Personal Health Information MHA690
camillemaxwell2
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
Kimberly Simon MBA
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
christinemaritza
 

More Related Content

What's hot

HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
rcabarloc
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaa
digitalpractice
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
TrueVault
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
Winston & Strawn LLP
 
Hipaa
HipaaHipaa
Hipaa
belziebub
 
HIPAA Training: Preventing Employees from Violating HIPAA
HIPAA Training: Preventing Employees from Violating HIPAAHIPAA Training: Preventing Employees from Violating HIPAA
HIPAA Training: Preventing Employees from Violating HIPAA
jbhicks
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
TrueVault
 
Hitech Act
Hitech ActHitech Act
Hitech Act
Deborah Obasogie
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for Startups
Obaa, Inc.
 
HIPAA
HIPAA HIPAA
HIPAA
ravelo1212
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
Shred-it
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
9535814851
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingvrgill22
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
Skoda Minotti
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
Compliancy Group
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
SecurityMetrics
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
robint2125
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
JNicholson
 
The viability of Personal Health Information MHA690
The viability of Personal Health Information MHA690The viability of Personal Health Information MHA690
The viability of Personal Health Information MHA690
camillemaxwell2
 

What's hot (20)

HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaa
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
Hipaa
HipaaHipaa
Hipaa
 
HIPAA Training: Preventing Employees from Violating HIPAA
HIPAA Training: Preventing Employees from Violating HIPAAHIPAA Training: Preventing Employees from Violating HIPAA
HIPAA Training: Preventing Employees from Violating HIPAA
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for Startups
 
HIPAA
HIPAA HIPAA
HIPAA
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy training
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
The viability of Personal Health Information MHA690
The viability of Personal Health Information MHA690The viability of Personal Health Information MHA690
The viability of Personal Health Information MHA690
 

Similar to HIPAA Security 2019

Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
Kimberly Simon MBA
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
christinemaritza
 
Hipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complyHipaa changes 2018 and how to comply
Hipaa changes 2018 and how to comply
Sangeetha Parandhaman
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
Kimberly Simon MBA
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
Kimberly Simon MBA
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
ControlCase
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcementsupportc2go
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilituescomplianceexpert
 
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondBreaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Conference Panel
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
Ryan Snell
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
Michigan Primary Care Association
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
M2SYS Technology
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
Iatric Systems
 
HIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentHIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk Assessment
Conference Panel
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
Michigan Primary Care Association
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 

Similar to HIPAA Security 2019 (20)

Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
 
Hipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complyHipaa changes 2018 and how to comply
Hipaa changes 2018 and how to comply
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUSTHealthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilitues
 
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondBreaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
What Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​sWhat Covered Entities Need to Know about OCR HIPAA Audit​s
What Covered Entities Need to Know about OCR HIPAA Audit​s
 
HIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentHIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk Assessment
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 

More from Jose Ivan Delgado, Ph.D.

Guide to Online Tracking Technologies.pptx
Guide to Online Tracking Technologies.pptxGuide to Online Tracking Technologies.pptx
Guide to Online Tracking Technologies.pptx
Jose Ivan Delgado, Ph.D.
 
Macra 101
Macra 101Macra 101
Macra 101
Jose Ivan Delgado, Ph.D.
 
Macra 2017
Macra 2017Macra 2017
Macra 2017
Jose Ivan Delgado, Ph.D.
 
Healthcare unplug oct
Healthcare unplug octHealthcare unplug oct
Healthcare unplug oct
Jose Ivan Delgado, Ph.D.
 
Healthcare unplug
Healthcare unplugHealthcare unplug
Healthcare unplug
Jose Ivan Delgado, Ph.D.
 
Meaningful use 2016
Meaningful use 2016Meaningful use 2016
Meaningful use 2016
Jose Ivan Delgado, Ph.D.
 
Icd 10 general presentation
Icd 10 general presentationIcd 10 general presentation
Icd 10 general presentation
Jose Ivan Delgado, Ph.D.
 
Icd 10 codes
Icd 10 codesIcd 10 codes
Icd 10 codes
Jose Ivan Delgado, Ph.D.
 
Colors only god could create
Colors only god could createColors only god could create
Colors only god could create
Jose Ivan Delgado, Ph.D.
 
Meaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and OrganizationsMeaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and Organizations
Jose Ivan Delgado, Ph.D.
 
Meaningful use 2015
Meaningful use 2015Meaningful use 2015
Meaningful use 2015
Jose Ivan Delgado, Ph.D.
 
Healhcare Billing Comparison
Healhcare Billing ComparisonHealhcare Billing Comparison
Healhcare Billing Comparison
Jose Ivan Delgado, Ph.D.
 
Services, Compliance and Innovation
Services, Compliance and InnovationServices, Compliance and Innovation
Services, Compliance and Innovation
Jose Ivan Delgado, Ph.D.
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
Jose Ivan Delgado, Ph.D.
 
Healthcare Compliance Software
Healthcare Compliance SoftwareHealthcare Compliance Software
Healthcare Compliance Software
Jose Ivan Delgado, Ph.D.
 
Physician quality reporting system (pqrs)
Physician quality reporting system (pqrs)Physician quality reporting system (pqrs)
Physician quality reporting system (pqrs)
Jose Ivan Delgado, Ph.D.
 
Healthcare update 2
Healthcare update 2Healthcare update 2
Healthcare update 2
Jose Ivan Delgado, Ph.D.
 
Healthcare Business: Present and Future Challenges
Healthcare Business: Present and Future ChallengesHealthcare Business: Present and Future Challenges
Healthcare Business: Present and Future Challenges
Jose Ivan Delgado, Ph.D.
 
From paper to digital
From paper to digitalFrom paper to digital
From paper to digital
Jose Ivan Delgado, Ph.D.
 
Where do you fall
Where do you fallWhere do you fall
Where do you fall
Jose Ivan Delgado, Ph.D.
 

More from Jose Ivan Delgado, Ph.D. (20)

Guide to Online Tracking Technologies.pptx
Guide to Online Tracking Technologies.pptxGuide to Online Tracking Technologies.pptx
Guide to Online Tracking Technologies.pptx
 
Macra 101
Macra 101Macra 101
Macra 101
 
Macra 2017
Macra 2017Macra 2017
Macra 2017
 
Healthcare unplug oct
Healthcare unplug octHealthcare unplug oct
Healthcare unplug oct
 
Healthcare unplug
Healthcare unplugHealthcare unplug
Healthcare unplug
 
Meaningful use 2016
Meaningful use 2016Meaningful use 2016
Meaningful use 2016
 
Icd 10 general presentation
Icd 10 general presentationIcd 10 general presentation
Icd 10 general presentation
 
Icd 10 codes
Icd 10 codesIcd 10 codes
Icd 10 codes
 
Colors only god could create
Colors only god could createColors only god could create
Colors only god could create
 
Meaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and OrganizationsMeaningful Use Basics for Healthcare Professionals and Organizations
Meaningful Use Basics for Healthcare Professionals and Organizations
 
Meaningful use 2015
Meaningful use 2015Meaningful use 2015
Meaningful use 2015
 
Healhcare Billing Comparison
Healhcare Billing ComparisonHealhcare Billing Comparison
Healhcare Billing Comparison
 
Services, Compliance and Innovation
Services, Compliance and InnovationServices, Compliance and Innovation
Services, Compliance and Innovation
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
 
Healthcare Compliance Software
Healthcare Compliance SoftwareHealthcare Compliance Software
Healthcare Compliance Software
 
Physician quality reporting system (pqrs)
Physician quality reporting system (pqrs)Physician quality reporting system (pqrs)
Physician quality reporting system (pqrs)
 
Healthcare update 2
Healthcare update 2Healthcare update 2
Healthcare update 2
 
Healthcare Business: Present and Future Challenges
Healthcare Business: Present and Future ChallengesHealthcare Business: Present and Future Challenges
Healthcare Business: Present and Future Challenges
 
From paper to digital
From paper to digitalFrom paper to digital
From paper to digital
 
Where do you fall
Where do you fallWhere do you fall
Where do you fall
 

Recently uploaded

Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...
Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...
Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...
aunty1x2
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
Rommel Luis III Israel
 
Performance Standards for Antimicrobial Susceptibility Testing
Performance Standards for Antimicrobial Susceptibility TestingPerformance Standards for Antimicrobial Susceptibility Testing
Performance Standards for Antimicrobial Susceptibility Testing
Nguyễn Thị Vân Anh
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptx
priyabhojwani1200
 
What Are Homeopathic Treatments for Migraines.pdf
What Are Homeopathic Treatments for Migraines.pdfWhat Are Homeopathic Treatments for Migraines.pdf
What Are Homeopathic Treatments for Migraines.pdf
Dharma Homoeopathy
 
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Guillermo Rivera
 
A Community health , health for prisoners
A Community health , health for prisonersA Community health , health for prisoners
A Community health , health for prisoners
Ahmed Elmi
 
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
preciousstephanie75
 
How many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdfHow many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdf
pubrica101
 
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
aunty1x2
 
VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...
VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...
VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...
Nguyễn Thị Vân Anh
 
Preventing Pickleball Injuries & Treatment
Preventing Pickleball Injuries & TreatmentPreventing Pickleball Injuries & Treatment
Preventing Pickleball Injuries & Treatment
LAB Sports Therapy
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
RitonDeb1
 
Navigating the Health Insurance Market_ Understanding Trends and Options.pdf
Navigating the Health Insurance Market_ Understanding Trends and Options.pdfNavigating the Health Insurance Market_ Understanding Trends and Options.pdf
Navigating the Health Insurance Market_ Understanding Trends and Options.pdf
Enterprise Wired
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
ranishasharma67
 
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfCHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
Sachin Sharma
 
Immunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentationImmunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentation
BeshedaWedajo
 
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptxGLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
priyabhojwani1200
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
The Harvest Clinic
 
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.pptNursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
Rommel Luis III Israel
 

Recently uploaded (20)

Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...
Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...
Contact Now 89011**83002 Dehradun ℂall Girls By Full Service ℂall Girl In De...
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
 
Performance Standards for Antimicrobial Susceptibility Testing
Performance Standards for Antimicrobial Susceptibility TestingPerformance Standards for Antimicrobial Susceptibility Testing
Performance Standards for Antimicrobial Susceptibility Testing
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptx
 
What Are Homeopathic Treatments for Migraines.pdf
What Are Homeopathic Treatments for Migraines.pdfWhat Are Homeopathic Treatments for Migraines.pdf
What Are Homeopathic Treatments for Migraines.pdf
 
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
 
A Community health , health for prisoners
A Community health , health for prisonersA Community health , health for prisoners
A Community health , health for prisoners
 
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
 
How many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdfHow many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdf
 
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
Dehradun ❤CALL Girls 8901183002 ❤ℂall Girls IN Dehradun ESCORT SERVICE❤
 
VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...
VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...
VERIFICATION AND VALIDATION TOOLKIT Determining Performance Characteristics o...
 
Preventing Pickleball Injuries & Treatment
Preventing Pickleball Injuries & TreatmentPreventing Pickleball Injuries & Treatment
Preventing Pickleball Injuries & Treatment
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
 
Navigating the Health Insurance Market_ Understanding Trends and Options.pdf
Navigating the Health Insurance Market_ Understanding Trends and Options.pdfNavigating the Health Insurance Market_ Understanding Trends and Options.pdf
Navigating the Health Insurance Market_ Understanding Trends and Options.pdf
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
 
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfCHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
 
Immunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentationImmunity to Veterinary parasitic infections power point presentation
Immunity to Veterinary parasitic infections power point presentation
 
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptxGLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
 
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.pptNursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
 

HIPAA Security 2019

  • 1. HIPAA Security Dr. Jose I. Delgado
  • 2. Introduction This presentation covers: • HIPAA’s Importance – beyond the regulation • What is HIPAA • HIPAA Security Key Components • Cybersecurity • Lessons Learned • Recommendations
  • 3. Disclaimer This information is not intended to be legal advice and does not intend to create an attorney-client relationship. The information hereby presented is for educational purposes only.
  • 4. Objectives Understand: • Basics of HIPAA Security • Cybersecurity threats in 2019 • Remediation actions and recommended steps
  • 5. Perspective on the law Practicing without license • Jail or prison. • Misdemeanor maximum jail sentence of up to one year. • Felony offenses can face eight years or more in a state prison. • Fines. • Misdemeanor fines normally do not exceed $1,000 • Felony fines exceed $10,000.
  • 6. Perspective on the Law HIPAA Security Violation • Civil Violations • $100 to $50,000 per violation (or record) • Maximum penalty of $1.5 million per year per violation’s type • Criminal Violations • "knowingly" obtain or release information • fine of up to $50,000, as well as imprisonment up to 1 year. • Offenses committed under false pretenses • $100,000 fine, with up to 5 years in prison. • Offenses committed with the intent to sell, transfer or use for commercial advantage, personal gain or malicious harm • fines of $250,000 and imprisonment up to 10 years.
  • 7. State Attorneys American Recovery and Reinvestment Act of 2009, • The Health Information Technology for Clinical and Economic Health (HITECH) Act gave State Attorneys General the authority to bring civil actions on behalf of state residents for HIPAA violations The HITECH Act permits State Attorneys General to: • Obtain damages on behalf of state residents • Enjoin further violations of the HIPAA Privacy and Security Rules. OCR developed HIPAA Enforcement Training for State Attorneys designed to: • Teach how to use their new authority to enforce the HIPAA • Aid in investigating and seeking damages for HIPAA violations
  • 8. Violations and Outcomes • Who: Insurance company, Triple-S (Puerto Rico) • What/Why: Widespread non-compliance • Failure to implement Administrative, Privacy, and Technical safeguards • Lack of appropriate Business Associate Agreements • Failure to conduct accurate/thorough Risk Analysis • Settlement: $3.5 Million • Corrective Action Plan: • Conduct Risk Analysis and Implement Risk Management Plan • Implement Process for Evaluating Environmental and Operational Changes • Distribution and Updating of Policies and Procedures • Training
  • 9. Violations and Outcomes • Who: Raleigh Orthopedic (North Carolina) • What: Breach report, 17,300 patient records • Why: Handed over x-rays and associated PHI to potential business partner without first executing a business associate agreement. • Settlement: $750,000 • Corrective Action Plan: • Business Associate Agreements • Revise Policies and Procedures Related to Business Associate Relationships • Training
  • 10. Violations and Outcomes • Who: Anthem Inc • What: Breach report, 79 million patient records • Why: Series of cyberattacks led to the largest U.S. health data breach in history and exposed the electronic protected health information of almost 79 million people. • Settlement: $16,000,000 • Corrective Action Plan: • Security Management Process • Development and Distribution of Policies and Procedures
  • 11. Violations and Outcomes • Who: Advanced Care Hospitalists PL (ACH) • What: Breach report, 400 patient records • Why: Handed over billing data and associated PHI to potential business partner without first executing a business associate agreement. • Settlement: $500,000 • Corrective Action Plan: • Business Associate Agreement • Risk Analysis and Risk Management • Adoption, Distribution, and Updating of Policies and Procedures • Training
  • 12. What is HIPAA • HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following: • Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; • Reduces health care fraud and abuse; • Mandates industry-wide standards for health care information on electronic billing and other processes; and • Requires the protection and confidential handling of protected health information HIPAA is organized into five separate "Titles."
  • 13. HIPAA Title 1 Title 2 Preventing Health Care Fraud Medical Liability Reform Administrative Simplification Electronic Data Interchange Privacy Security Security Standards Genera Rule Administrative Safeguards 9 Standards 21 Specifications Technical Safeguards 5 Standards 7 Specifications Physical Safeguards 4 Standards 8 Specifications Organizational Requirements Policies and Procedures Title 3 Title 4 Title 5
  • 14. Privacy vs Security Privacy Security Applies to Protected Health Information Applies to Electronic Protected Health Information Requires HIPAA Privacy Officer Requires HIPAA Security Officer Guidelines are broad Guidelines are specific Requires Annual Training Requires Annual Training plus Security Reminders Requires Policies and Procedures Requires Policies and Procedures
  • 15. Security Categories Administrative safeguards: Administrative functions including but not limited to assignment or delegation of security responsibility to an individual and security training requirements. Physical safeguards: Facility, entry points and access. Includes restricting access to EPHI and retaining off site computer backups. Technical safeguards: Refers to the technology used as well as automated processes used to protect data and control access to data.
  • 16. Required and Addressable Required - If a particular specification is “required”, then the covered entity must take action to implement the specification. Addressable - Implement the specification if reasonable and appropriate • If implementing the specification is not reasonable and appropriate – • Document the rationale supporting the decision and, • Implement an equivalent measure that is reasonable and appropriate and that would accomplish the same purpose or • Not implement the addressable implementation specification or an equivalent alternative measure, if the standard could still be met and implementing the specification or an alternative would not be reasonable or appropriate. Under no conditions should any covered entity considered addressable specifications as optional requirements.
  • 17. Business Associate • A Business Associate is a person or entity that creates, receives, maintains, or transmits protected health information on behalf of a Covered Entity. • A Covered Entity may be a Business Associate of another Covered Entity.
  • 18. Omnibus Rule Business Associate Definition • A health information organization, e-prescribing gateway, or other entity that provides data transmission services to a covered entity and requires access on a routine basis to protected health information (PHI). • an entity that is a mere conduit that does not require access to PHI is not included. • A subcontractor. If a business associate subcontracts part of its function requiring access or use of PHI to another organization, that subcontractor is also subject to HIPAA. • There must be a HIPAA compliant business associate agreement between the business associate and its subcontractor. • A person who creates, receives, maintains or transmits PHI on behalf of a covered entity. • Physical storage facilities or companies that store electronic PHI are business associates.
  • 19. Key About Business Associates Covered Entities must have a valid Business Associate Agreement 01 Covered Entities must obtain assurances that Business Associates are in Compliance with HIPAA 02 Covered Entities must terminate relationship with Business Associates that refuse to be compliant with HIPAA Security 03
  • 20. Examples of Business Associates • Data processing companies • Medical Transcription specialists • Data Transmission companies • Medical Equipment suppliers • Document Shredding companies • Data Storage Firms • Audit Consultants • Accountants • External Auditors • Electronic Health Data Exchange
  • 21. Business Associates and risk* 59% of Business Associates reported a data breach 29% of business Associates experienced two breaches or more 80% of BAs reported malware attacks and nearly half were hit by advanced persistent threats *Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute
  • 22. Cybersecurity Ventures 2019 Report • Cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. • Cyber attacks are the fastest growing crime in the U.S. • Cloud computing will wipe out data centers altogether over the next 3-4 years. • Microsoft helps frame digital growth with its estimate that data volumes online will be 50 times greater in 2020 than they were in 2016. • Cisco confirmed that cloud data center traffic will represent 95 percent of total data center traffic by 2021.
  • 23. Cybersecurity Reports Global spending on cybersecurity will exceed $1 trillion cumulatively for the 5 year period from 2017-2021, according to Cybersecurity Ventures Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021 Cybercrime will more than triple the number of job openings to 3.5 million Healthcare providers have been the bullseye for hackers over the past three years and are expected to continued to be so Medical information is worth more than 10-times your credit card number on the black market
  • 26. Internet of Things (IoT) System of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers ( UIDs ) and the ability to transfer data over a network without requiring human-to- human or human-to-computer interaction. • Amiko.IO focuses on providing products for respiratory disease management, complete with an AI-powered platform. • InfoBionic’s MoMe Kardia provides remote monitoring of cardiac arrhythmia. • PillCamTM , by Medtronic, is a line of swallowable capsules that allow visualization of the esophagus, stomach, small bowel, and colon.
  • 27. Services to Consider Update Security Patches Automatic monitoring systems Antimalware systems • Antivirus • Ransomware Protection • Backups and Contingency Plans
  • 28. Plan of Action Assign a Security Officer Have a third party perform a Security Risk Assessment Introduce automated audits and measures Develop and implement Policies Conduct Education/training Annual Training and Security Reminders Review Business Associate Agreements and Compliance
  • 29. Reminder Security is not a one-time project, but rather an on- going, dynamic process that will create new challenges as covered entities’ organizations and technologies change.
  • 30. Dr. Jose I. Delgado Taino Consultants Inc., CEO DrDelgado@tainoconsultants.com tainoconsultants.com