SlideShare a Scribd company logo

How Safe is Your Patient Data?

Harmony Healthcare International (HHI)
Harmony Healthcare International (HHI)

As digitization of the healthcare industry increases, the need to safeguard electronic patient data is also becoming increasingly important. Electronic protected health information (ePHI) is not just in the electronic medical records (EMRs). It also resides in emails, in documents and images on computers, servers, printer hard drives and mobile devices like laptops, cell phones, tablets and USB memory sticks. Healthcare professionals are also using texting and online file sharing services to conveniently share confidential information. The loss of this confidential patient health information is disastrous for patients and healthcare organizations.

Healthcare
1 of 59
Download to read offline
How Safe is Your Patient Data? Steps to Protect Electronic Health Information in Nursing Homes A collaborative effort brought to you by Harmony University The Provider Unit of Harmony Healthcare International, Inc. (HHI) And Kinara Insights Presented by: Sameer Sule, MS, MSc Founder & President
Harmony Healthcare International About Sameer Sameer Sule, MS, MSc., Founder and President of Kinara Insights ! Specialize in patient data security & HIPAA compliance. Author of “Protecting Electronic Health Information: A Practical Approach to Patient Data Security in your Healthcare Practice” Extensive experience in guiding clients through the planning, selection and technology implementation phases. Assisted clients through the OCR HIPAA audit process and provided recommendations to address the audit findings. Published in the Journal of Massachusetts Dental Society, The Granite State Report - a publication of the ACHCA New Hampshire Chapter, The Disaster Recovery Journal and the Worcester Telegram and Gazette. Regular blogger- provides insights, tips and advice on secure technology usage in a constantly changing healthcare landscape. MS from Syracuse University and MSc. from the Indian Institute of Technology, Bombay Co-inventor on 14 US, EU, and AU patents. Copyright © 2014 All Rights Reserved
How Safe is Your Patient Data? Steps to Protect Electronic Health Information in Nursing Homes Disclosure: The planners and presenters of this education activity have no relationship with commercial entities or conflicts of interest to disclose Planners: Elisa Bovee, MS, OTR/L Diane Buckley, BSN, RN, RAC-CT Sameer Sule, MS, MSc Presenter: Sameer Sule, MS, MSc Harmony Healthcare International Copyright © 2014 All Rights Reserved
Healthcare Technology Consulting Help healthcare organizations and their business associates use technology in a secure HIPAA compliant manner to be more efficient and deliver high quality patient care. Focus Data Security | HIPAA Compliance Mobile Technology | Cloud Computing KINARA | INSIGHTS www.kinarainsights.com Copyright © 2014 All Rights Reserved
www.kinarainsights.com Services ePHI Risk Assessment HIPAA Security Policies & Procedures (Review /Development) Data Backup & Disaster Recovery Planning Data Security- HIPAA Compliance Training and Workshops Secure Cloud Computing, Mobile Solutions Copyright © 2014 All Rights Reserved
www.kinarainsights.com Objectives By the end of this presentation, you will be able to: 1. Explain the importance of patient data security and consequences of medical identity theft to nursing homes 2. Identify potential data breach scenarios in your facility 3. List the steps for protecting ePHI in your organization Copyright © 2014 All Rights Reserved
www.kinarainsights.com Disclaimer This seminar is meant to provide information for educational purposes only Information presented in this seminar is not legal advice and must not be taken as such HIPAA rules and regulations are subject to different interpretations Please consult your attorney for legal advice specific to your case Copyright © 2014 All Rights Reserved
www.kinarainsights.com Acronyms Used HIPAA (Health Insurance Portability and Accountability Act) ePHI (Electronic Protected Health Information) CE (Covered Entity) BA (Business Associate) BAA (Business Associate Agreement) Copyright © 2014 All Rights Reserved
Why is Data Security Important? www.kinarainsights.com ! MEDICAL IDENTITY THEFT Copyright © 2014 All Rights Reserved
Medical Identity Theft Occurs when criminals use your personal information to obtain medical services, drugs or for fraudulent billing Fastest growing identity theft in the US Over 300,000 victims per year in the US www.kinarainsights.com Copyright © 2014 All Rights Reserved
Health Information at Risk ! Medical/Healthcare industry is a top target for cybercriminals accounting for 44% of the breaches (Identity Theft Resource Center 2013 study) ! Nursing homes are exposed to hacker attacks - Cybersecurity experts find trove of information on file-sharing www.kinarainsights.com web site (Wall Street Journal Article, Feb 2014) ! Cybercriminals know that many healthcare organizations do not have adequate security measures in place to protect confidential data Copyright © 2014 All Rights Reserved
Criminals Love ePHI! Rich in identity information Contains patient name, DOB, SSN#, insurance policy information, credit card details, medical history, emergency contact info of family members, etc. A complete medical record sells for $50 on the black market vs. $20 for credit card info alone www.kinarainsights.com Copyright © 2014 All Rights Reserved
Medical Identity Theft Consequences Financial fraud Medical insurance fraud Corruption of the original medical records Denial of access to your own records www.kinarainsights.com Copyright © 2014 All Rights Reserved
Medical Identity Theft Consequences Possible social stigma and embarrassment Denial of insurance Loss of reputation Loss of time trying to get the records corrected in different healthcare systems that are not connected with each other www.kinarainsights.com Copyright © 2014 All Rights Reserved
Data Breach Costs $$$$$$$$ in HIPAA fines, Legal costs, Remediation costs, Loss of Reputation & Revenue www.kinarainsights.com Copyright © 2014 All Rights Reserved
Recent HIPAA Penalties $4.8 million New York Presbyterian Hospital (NYP) and Columbia University Medical Center (CU) Cause: Physician employed by CU attempted to deactivate a personally-owned computer server on the network containing NYP patient ePHI Disclosure of ePHI of 6,800 individuals, including patient status, vital signs, medications, and laboratory results on internet search engines Lack of technical safeguards to check to see if the server was secure, no risk analysis to identify all systems with ePHI, failure to implement and appropriate policies for database access authorization and failure to comply with its own information access management policies www.kinarainsights.com Copyright © 2014 All Rights Reserved
Recent HIPAA Penalties $1.7 million Concentra Health Services Cause: Unencrypted laptop was stolen from one of its facilities. Company had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktops, medical equipment, tablets and other devices containing ePHI was a critical risk Efforts at encryption were incomplete and inconsistent over time leaving patient ePHI vulnerable throughout the organization Insufficient security management processes www.kinarainsights.com Copyright © 2014 All Rights Reserved
Recent HIPAA Penalties $1.2 million Health Plan, Inc Cause: Photocopier Hard Drive Disclosure of ePHI of 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives ! Failure to incorporate the ePHI stored in copier’s hard drives in its risk analysis ! Failure to implement policies and procedures when returning the hard drives to its leasing agents www.kinarainsights.com Copyright © 2014 All Rights Reserved
Recent HIPAA Penalties $150,000 Dermatology practice in MA Cause: Unencrypted thumb drive containing ePHI of 2,200 individuals stolen from a vehicle of one its staff members. Drive was not recovered. ! Failure to conduct an accurate and thorough risk analysis as part of its security management process. ! First settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of HITECH Act. www.kinarainsights.com Copyright © 2014 All Rights Reserved
Breach Report to Congress In 2012, theft and hacking/IT incidents affected the largest numbers of individuals. Theft continues to be one of the top causes that affects the most individuals. www.kinarainsights.com Copyright © 2014 All Rights Reserved
HIPAA Settlements ! In 7 cases resulting from a breach report, HHS has entered into resolution agreements or corrective action plans totaling more than $8 million in settlements. www.kinarainsights.com Copyright © 2014 All Rights Reserved
Loss of ePHI is disastrous for your patients and your healthcare organization! www.kinarainsights.com Copyright © 2014 All Rights Reserved
Data Security & HIPAA Compliance www.kinarainsights.com Copyright © 2014 All Rights Reserved
HIPAA Security Rule Protect Confidentiality Integrity Availability www.kinarainsights.com of ePHI Copyright © 2014 All Rights Reserved
Security Rule Safeguards Nursing homes and their business associates must implement Administrative, Physical & Technical safeguards to protect ePHI. ! Each safeguard has standards Each standard has implementation specifications that are Required/Addressable Addressable DOES NOT mean optional www.kinarainsights.com Copyright © 2014 All Rights Reserved
Administrative Safeguards STANDARDS IMPLEMENTATION SPECIFICATIONS R= Required, A=Addressable Security Management Process Risk Analysis (R) Risk Management (R) Sanction Policy (R) Information System Activity Review (R) Assigned Security Responsibility (Required) Workforce Security Authorization and/or Supervision (A) Workforce Clearance Procedure (A) Termination Procedures (A) Information Access Management Isolating Health Care Clearinghouse Functions (R) Access Authorization (A) Access Establishment and Modification (A) Security Awareness and Training Security Reminders (A) Protection from Malicious Software (A) Log-in Monitoring (A) Password Management (A) Security Incident Procedures Response and Reporting (R) Contingency Plan Data Backup Plan (R) Contingency Plan Data Backup Plan (R) Disaster Recovery Plan (R) Emergency Mode Operation Plan (R) Testing and Revision Procedures (A) Applications and Data Criticality Analysis (A) Disaster Recovery Plan (R) Emergency Mode Operation Plan (R) Testing and Revision Procedures (A) Applications and Data Criticality Analysis (A) Evaluation (Required) Business Associate Agreements/Contracts and Other Arrangements Written contract or other Arrangement(R) www.kinarainsights.com Copyright © 2014 All Rights Reserved
Physical Safeguards STANDARDS IMPLEMENTATION SPECIFICATIONS www.kinarainsights.com R= Required, A=Addressable Facility Access Controls Contingency Operations (A) Facility Security Plan (A) Access Control and Validation Procedures (A) Maintenance Records (A) Workstation Use (Required) Workstation Security (Required) Device and Media Controls Disposal (R) Media Re-use (R) Accountability (A) Data Backup and Storage (A) Copyright © 2014 All Rights Reserved
Technical Safeguards STANDARDS IMPLEMENTATION SPECIFICATIONS www.kinarainsights.com R= Required, A=Addressable Access control Unique User Identification (R) Emergency Access Procedure (R) Automatic logoff (A) Encryption and Decryption (A) Audit Controls (Required) Integrity Mechanism to authenticate EPHI(A) Person or Entity Authentication (Required) Transmission Security Integrity Controls (A) Encryption (A) Copyright © 2014 All Rights Reserved
www.kinarainsights.com Causes of Data Breach in SNFs Loss / theft of laptops or mobile devices containing ePHI Lack of appropriate authentication/audit software and controls to secure access to ePHI Unsecure medical devices, printers connected to the network Software updates or system maintenance Stolen passwords or weak passwords that are easy to hack Use of unsecure file sharing software/services Use of unsecure email or text messaging services Viruses or malware in the computer system Unintentional employee action or error Intentional employee action Negligence of third party service contractors Copyright © 2014 All Rights Reserved
Key Steps to Data Security 1. Risk Analysis 2. Access and Audit Controls 3. Encryption (Safe Harbor) 4. Mobile Device Management 5. Contingency Planning 6. Policies & Procedures 7. Training 8. Business Associate Agreements 9. Documentation www.kinarainsights.com Copyright © 2014 All Rights Reserved
1. Conduct a Risk Analysis An accurate and thorough assessment of the potential threats and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). www.kinarainsights.com Copyright © 2014 All Rights Reserved
What is Risk Analysis? 1. Knowing where ePHI resides in your computer systems and how it flows through your systems. ! 2. Identifying potential risks to the data. ! 3. Taking reasonable and appropriate measures to mitigate the risks. www.kinarainsights.com Copyright © 2014 All Rights Reserved
O ePHI, ePHI, wherefore art thou ePHI? www.kinarainsights.com Copyright © 2014 All Rights Reserved
ePHI in Motion Electronic Communications Are you using web based email like Hotmail or Gmail to send ePHI? How about text messaging? Is the Wireless internet in the facility secure? Is staff accessing ePHI from remote locations using free/unsecure Wi-Fi? www.kinarainsights.com Copyright © 2014 All Rights Reserved
2. Access and Audit Controls Who has access to ePHI? What are the policies/processes in place to grant individuals access to ePHI? What technology are you using to monitor access? How are alerts set up for monitoring unauthorized access? Do you have audit logs to monitor access to ePHI? www.kinarainsights.com Copyright © 2014 All Rights Reserved
2. Access and Audit Controls The Minimum Necessary Principle ! Restrict ePHI access only to those people that need it to perform their jobs AND Restrict access to ePHI data to the minimum necessary for people to do their jobs www.kinarainsights.com Copyright © 2014 All Rights Reserved
www.kinarainsights.com 3. Encryption Renders your data unreadable to unauthorized users Needs password (key) to access the data Provides a safe harbor in case of a data breach Copyright © 2014 All Rights Reserved
3. Encryption Addressable DOES NOT mean optional Is all your stored (at rest) ePHI encrypted? Is the ePHI encrypted during transmission (in motion) over the network? If the ePHI is not encrypted, what alternative safeguards do you have in place of encryption that ensure the security of ePHI? www.kinarainsights.com Copyright © 2014 All Rights Reserved
4. Manage Mobile Devices Laptops, Smartphones, Tablets, USB drives Usage & Disposal Policy Encryption Device Tracking Remote Lock & Wipeout Wireless Internet Access Secure Wi-Fi network for providers and staff (password protected) Separate guest Wi-Fi network for residents and family www.kinarainsights.com Copyright © 2014 All Rights Reserved
5. Contingency Planning Planning and Preparing for Unforeseen Disruptive Scenarios including natural disasters and disruptions due to power failures, server repair etc. ! Ensuring Continuity of Business Operations and Patient Care www.kinarainsights.com Copyright © 2014 All Rights Reserved
www.kinarainsights.com Eye Opener 70 percent of small firms that experience a major data loss go out of business within a year ! SCORE: Counselors to America’s Small Businesses Copyright © 2014 All Rights Reserved
Is Contingency Planning Required? YES! If you are a Covered Entity or a Business Associate under HIPAA Security Standard § 164.308(a)(7) ! AND ! YES! If you would like to still stay in business after a disaster. www.kinarainsights.com Copyright © 2014 All Rights Reserved
Implementation Specifications Data backup plan (Required) Disaster recovery plan (Required) Emergency mode operation plan (Required) Testing and revision procedures (Addressable) Applications and data criticality analysis (Addressable) www.kinarainsights.com Copyright © 2014 All Rights Reserved
Contingency Plan Benefits Prevents or reduces operational downtime ! Reduces business loss ! Enables continuity of patient care ! Enhances your reputation among patients and business partners www.kinarainsights.com Copyright © 2014 All Rights Reserved
Contingency Planning Cycle www.kinarainsights.com Copyright © 2014 All Rights Reserved
Contingency Plan PLAN IT IMPLEMENT IT TEST IT REGULARLY ! DON’T LEAVE YOUR BUSINESS TO CHANCE!! www.kinarainsights.com Copyright © 2014 All Rights Reserved
6. Policies and Procedures Must have well documented policies and procedures that comprehensively cover the administrative, physical, and technical safeguards in place to protect ePHI. ! Polices should cover risk management, access control to ePHI, contingency planning, employee termination etc. ! Make sure policies and procedures are relevant and up-to-date. www.kinarainsights.com Copyright © 2014 All Rights Reserved
www.kinarainsights.com 7. Training Implement a policy mandating periodic training for all personnel that handle ePHI. Must include permanent staff as well as temporary and contract workers. Conduct periodic training. Document the training. Implement a sanction policy in place that clearly spells out the severe consequences for anyone not following the security policies despite receiving compliance training. ! Humans can be the Weakest Link in the security chain!!! Copyright © 2014 All Rights Reserved
8. Business Associate Agreement Execute a Business Associate Agreement (BAA) with all third party vendors that come in contact with your ePHI, as a part to the services they provide you/on your behalf. ! (These include consultants, transcription companies, billing companies, accountants, legal companies, marketing companies, cloud based data backup services etc.) www.kinarainsights.com Copyright © 2014 All Rights Reserved
Final Omnibus Rule and BAs How many Business Associates (BA) do you have? Expanded BA definition ! Need to have BAA with all your BAs ! BAs are directly liable for data breach www.kinarainsights.com Copyright © 2014 All Rights Reserved
9. Documentation ! Is all your HIPAA related documentation organized and easily accessible? ! You will need to produce this in case of a data breach or HIPAA Compliance Audit www.kinarainsights.com Copyright © 2014 All Rights Reserved
The Big Picture www.kinarainsights.com Copyright © 2014 All Rights Reserved
Security Rule Compliance Don’t assume that if the technology is compliant, the organization is also compliant. Compliance is achieved by a combination of: ❖ Technology ❖ Policies and procedures ❖ Regular staff training ❖ Strict enforcement and sanctions ❖ Periodic review and updates ❖ Proper documentation www.kinarainsights.com Copyright © 2014 All Rights Reserved
Data Security and Compliance Requires planning Must be detailed Takes coordination different departments Requires an investment of time Is on-going www.kinarainsights.com Copyright © 2014 All Rights Reserved
Data Security: A Practical Approach Immediate Action Steps ! 1. Conduct a comprehensive risk analysis. 2. Encrypt all ePHI. 3. Review existing security technology, policies and www.kinarainsights.com procedures. 4. Review your data backup & disaster recovery procedures. 5. Schedule regular staff training. ! Take a step-wise approach and build a strong data security foundation Copyright © 2014 All Rights Reserved
Your Options Do it all by yourself and/or get outside help when needed. Example: You can use ready-made policy templates. But you need to customize them to your organization. GOAL Implement reasonable and appropriate security measures for your organization. www.kinarainsights.com Copyright © 2014 All Rights Reserved
www.kinarainsights.com THANK YOU Sameer Sule, President Kinara Insights Author: “Protecting Electronic Health Information: A Practical Approach to Patient Data Security in Your Healthcare Practice” Amazon: http://www.amazon.com/author/sameersule Email: ssule@kinarainsights.com Blog: www.kinarainsights.com/blog LinkedIn: http://www.linkedin.com/pub/sameer-sule/ 7/b1b/511 Twitter:@sameersule Copyright © 2014 All Rights Reserved
Register online http://info.harmony-healthcare.com/harmony2014 or by phone (978) 887-8919 ext. 13 Harmony Healthcare Copyright © 2014 All Rights Reserved International Register Online
Copyright © 2014 All Rights Reserved Harmony Healthcare International

Recommended

SNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual Updates
SNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual UpdatesSNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual Updates
SNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual Updates
Harmony Healthcare International (HHI)
 
Interpreting Your 2014 SNF PEPPER
Interpreting Your 2014 SNF PEPPERInterpreting Your 2014 SNF PEPPER
Interpreting Your 2014 SNF PEPPER
Harmony Healthcare International (HHI)
 
Why, How, What: Compliance, Operations & Reimbursment - The Circle of Safety
Why, How, What: Compliance, Operations & Reimbursment - The Circle of SafetyWhy, How, What: Compliance, Operations & Reimbursment - The Circle of Safety
Why, How, What: Compliance, Operations & Reimbursment - The Circle of Safety
Harmony Healthcare International (HHI)
 
Incorporating PEPPER Into Your SNF Compliance Program
Incorporating PEPPER Into Your SNF Compliance ProgramIncorporating PEPPER Into Your SNF Compliance Program
Incorporating PEPPER Into Your SNF Compliance Program
Harmony Healthcare International (HHI)
 
Top Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ HearingTop Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ Hearing
Harmony Healthcare International (HHI)
 
Unusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit ClimateUnusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit Climate
Harmony Healthcare International (HHI)
 
RAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for LeadersRAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for Leaders
Harmony Healthcare International (HHI)
 
Medicare Denied Claims: How the Appeal Letter Can Make or Break You
Medicare Denied Claims: How the Appeal Letter Can Make or Break YouMedicare Denied Claims: How the Appeal Letter Can Make or Break You
Medicare Denied Claims: How the Appeal Letter Can Make or Break You
Harmony Healthcare International (HHI)
 

Recommended

SNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual Updates
SNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual UpdatesSNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual Updates
SNF Guide To FY2015 PPS Final Rule & October 1st RAI User's Manual Updates
Harmony Healthcare International (HHI)
 
Interpreting Your 2014 SNF PEPPER
Interpreting Your 2014 SNF PEPPERInterpreting Your 2014 SNF PEPPER
Interpreting Your 2014 SNF PEPPER
Harmony Healthcare International (HHI)
 
Why, How, What: Compliance, Operations & Reimbursment - The Circle of Safety
Why, How, What: Compliance, Operations & Reimbursment - The Circle of SafetyWhy, How, What: Compliance, Operations & Reimbursment - The Circle of Safety
Why, How, What: Compliance, Operations & Reimbursment - The Circle of Safety
Harmony Healthcare International (HHI)
 
Incorporating PEPPER Into Your SNF Compliance Program
Incorporating PEPPER Into Your SNF Compliance ProgramIncorporating PEPPER Into Your SNF Compliance Program
Incorporating PEPPER Into Your SNF Compliance Program
Harmony Healthcare International (HHI)
 
Top Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ HearingTop Ten Tips for a Successful ALJ Hearing
Top Ten Tips for a Successful ALJ Hearing
Harmony Healthcare International (HHI)
 
Unusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit ClimateUnusual Weather We Are Having: The Medicare Audit Climate
Unusual Weather We Are Having: The Medicare Audit Climate
Harmony Healthcare International (HHI)
 
RAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for LeadersRAC Audit Strategic Road Map for Leaders
RAC Audit Strategic Road Map for Leaders
Harmony Healthcare International (HHI)
 
Medicare Denied Claims: How the Appeal Letter Can Make or Break You
Medicare Denied Claims: How the Appeal Letter Can Make or Break YouMedicare Denied Claims: How the Appeal Letter Can Make or Break You
Medicare Denied Claims: How the Appeal Letter Can Make or Break You
Harmony Healthcare International (HHI)
 
The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?
Harmony Healthcare International (HHI)
 
Steps Towards a Successful Regulatory Survey
Steps Towards a Successful Regulatory SurveySteps Towards a Successful Regulatory Survey
Steps Towards a Successful Regulatory Survey
Harmony Healthcare International (HHI)
 
OM(I)G! New York Medicaid Case Mix Audit Success
OM(I)G! New York Medicaid Case Mix Audit SuccessOM(I)G! New York Medicaid Case Mix Audit Success
OM(I)G! New York Medicaid Case Mix Audit Success
Harmony Healthcare International (HHI)
 
ADR Process for the SNF: Medicare Part B Claims
ADR Process for the SNF: Medicare Part B ClaimsADR Process for the SNF: Medicare Part B Claims
ADR Process for the SNF: Medicare Part B Claims
Harmony Healthcare International (HHI)
 
Quality Assurance Performance Improvement: 12 Steps to Excellence!
Quality Assurance Performance Improvement: 12 Steps to Excellence!Quality Assurance Performance Improvement: 12 Steps to Excellence!
Quality Assurance Performance Improvement: 12 Steps to Excellence!
Harmony Healthcare International (HHI)
 
Introductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare AppealsIntroductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare Appeals
Harmony Healthcare International (HHI)
 
How to Review Medicare Appeals in the SNF
How to Review Medicare Appeals in the SNFHow to Review Medicare Appeals in the SNF
How to Review Medicare Appeals in the SNF
Harmony Healthcare International (HHI)
 
Medicare Denied Claims - How the Appeal Letter Can Make or Break You
Medicare Denied Claims - How the Appeal Letter Can Make or Break YouMedicare Denied Claims - How the Appeal Letter Can Make or Break You
Medicare Denied Claims - How the Appeal Letter Can Make or Break You
Harmony Healthcare International (HHI)
 
The RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and BeyondThe RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and Beyond
Harmony Healthcare International (HHI)
 
Denials Management from ADR to ALJ
Denials Management from ADR to ALJDenials Management from ADR to ALJ
Denials Management from ADR to ALJ
Harmony Healthcare International (HHI)
 
Top 5 Ways to Prevent Falls
Top 5 Ways to Prevent FallsTop 5 Ways to Prevent Falls
Top 5 Ways to Prevent Falls
Harmony Healthcare International (HHI)
 
Nursing Documentation: Do Your Medical Records Support Skilled Care?
Nursing Documentation: Do Your Medical Records Support Skilled Care?Nursing Documentation: Do Your Medical Records Support Skilled Care?
Nursing Documentation: Do Your Medical Records Support Skilled Care?
Harmony Healthcare International (HHI)
 
Medicare Documentation for the Rehabilitation Patient: Evidence of Progress
Medicare Documentation for the Rehabilitation Patient: Evidence of ProgressMedicare Documentation for the Rehabilitation Patient: Evidence of Progress
Medicare Documentation for the Rehabilitation Patient: Evidence of Progress
Harmony Healthcare International (HHI)
 
Documenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL AccuracyDocumenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL Accuracy
Harmony Healthcare International (HHI)
 
Medicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Medicare PPS Schedule: Managing Early, Late, and Missed PPS AssessmentsMedicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Medicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Harmony Healthcare International (HHI)
 
Win, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix LeadershipWin, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix Leadership
Harmony Healthcare International (HHI)
 
Skilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied ClaimsSkilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied Claims
Harmony Healthcare International (HHI)
 
Top Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing FacilityTop Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing Facility
Harmony Healthcare International (HHI)
 
ABCs of Care Planning
ABCs of Care PlanningABCs of Care Planning
ABCs of Care Planning
Harmony Healthcare International (HHI)
 
Documenting the Long-term Care You Provide
Documenting the Long-term Care You ProvideDocumenting the Long-term Care You Provide
Documenting the Long-term Care You Provide
Harmony Healthcare International (HHI)
 
Hippa breaches
Hippa breachesHippa breaches
Hippa breaches
ViSolve, Inc.
 
1Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 20211Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 2021
EttaBenton28
 

More Related Content

What's hot

The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?
Harmony Healthcare International (HHI)
 
Steps Towards a Successful Regulatory Survey
Steps Towards a Successful Regulatory SurveySteps Towards a Successful Regulatory Survey
Steps Towards a Successful Regulatory Survey
Harmony Healthcare International (HHI)
 
OM(I)G! New York Medicaid Case Mix Audit Success
OM(I)G! New York Medicaid Case Mix Audit SuccessOM(I)G! New York Medicaid Case Mix Audit Success
OM(I)G! New York Medicaid Case Mix Audit Success
Harmony Healthcare International (HHI)
 
ADR Process for the SNF: Medicare Part B Claims
ADR Process for the SNF: Medicare Part B ClaimsADR Process for the SNF: Medicare Part B Claims
ADR Process for the SNF: Medicare Part B Claims
Harmony Healthcare International (HHI)
 
Quality Assurance Performance Improvement: 12 Steps to Excellence!
Quality Assurance Performance Improvement: 12 Steps to Excellence!Quality Assurance Performance Improvement: 12 Steps to Excellence!
Quality Assurance Performance Improvement: 12 Steps to Excellence!
Harmony Healthcare International (HHI)
 
Introductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare AppealsIntroductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare Appeals
Harmony Healthcare International (HHI)
 
How to Review Medicare Appeals in the SNF
How to Review Medicare Appeals in the SNFHow to Review Medicare Appeals in the SNF
How to Review Medicare Appeals in the SNF
Harmony Healthcare International (HHI)
 
Medicare Denied Claims - How the Appeal Letter Can Make or Break You
Medicare Denied Claims - How the Appeal Letter Can Make or Break YouMedicare Denied Claims - How the Appeal Letter Can Make or Break You
Medicare Denied Claims - How the Appeal Letter Can Make or Break You
Harmony Healthcare International (HHI)
 
The RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and BeyondThe RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and Beyond
Harmony Healthcare International (HHI)
 
Denials Management from ADR to ALJ
Denials Management from ADR to ALJDenials Management from ADR to ALJ
Denials Management from ADR to ALJ
Harmony Healthcare International (HHI)
 
Top 5 Ways to Prevent Falls
Top 5 Ways to Prevent FallsTop 5 Ways to Prevent Falls
Top 5 Ways to Prevent Falls
Harmony Healthcare International (HHI)
 
Nursing Documentation: Do Your Medical Records Support Skilled Care?
Nursing Documentation: Do Your Medical Records Support Skilled Care?Nursing Documentation: Do Your Medical Records Support Skilled Care?
Nursing Documentation: Do Your Medical Records Support Skilled Care?
Harmony Healthcare International (HHI)
 
Medicare Documentation for the Rehabilitation Patient: Evidence of Progress
Medicare Documentation for the Rehabilitation Patient: Evidence of ProgressMedicare Documentation for the Rehabilitation Patient: Evidence of Progress
Medicare Documentation for the Rehabilitation Patient: Evidence of Progress
Harmony Healthcare International (HHI)
 
Documenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL AccuracyDocumenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL Accuracy
Harmony Healthcare International (HHI)
 
Medicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Medicare PPS Schedule: Managing Early, Late, and Missed PPS AssessmentsMedicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Medicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Harmony Healthcare International (HHI)
 
Win, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix LeadershipWin, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix Leadership
Harmony Healthcare International (HHI)
 
Skilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied ClaimsSkilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied Claims
Harmony Healthcare International (HHI)
 
Top Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing FacilityTop Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing Facility
Harmony Healthcare International (HHI)
 
ABCs of Care Planning
ABCs of Care PlanningABCs of Care Planning
ABCs of Care Planning
Harmony Healthcare International (HHI)
 
Documenting the Long-term Care You Provide
Documenting the Long-term Care You ProvideDocumenting the Long-term Care You Provide
Documenting the Long-term Care You Provide
Harmony Healthcare International (HHI)
 

What's hot (20)

The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?The Cost of Non-Compliance: Is it in Your Budget?
The Cost of Non-Compliance: Is it in Your Budget?
 
Steps Towards a Successful Regulatory Survey
Steps Towards a Successful Regulatory SurveySteps Towards a Successful Regulatory Survey
Steps Towards a Successful Regulatory Survey
 
OM(I)G! New York Medicaid Case Mix Audit Success
OM(I)G! New York Medicaid Case Mix Audit SuccessOM(I)G! New York Medicaid Case Mix Audit Success
OM(I)G! New York Medicaid Case Mix Audit Success
 
ADR Process for the SNF: Medicare Part B Claims
ADR Process for the SNF: Medicare Part B ClaimsADR Process for the SNF: Medicare Part B Claims
ADR Process for the SNF: Medicare Part B Claims
 
Quality Assurance Performance Improvement: 12 Steps to Excellence!
Quality Assurance Performance Improvement: 12 Steps to Excellence!Quality Assurance Performance Improvement: 12 Steps to Excellence!
Quality Assurance Performance Improvement: 12 Steps to Excellence!
 
Introductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare AppealsIntroductory Guide to SNF Medicare Appeals
Introductory Guide to SNF Medicare Appeals
 
How to Review Medicare Appeals in the SNF
How to Review Medicare Appeals in the SNFHow to Review Medicare Appeals in the SNF
How to Review Medicare Appeals in the SNF
 
Medicare Denied Claims - How the Appeal Letter Can Make or Break You
Medicare Denied Claims - How the Appeal Letter Can Make or Break YouMedicare Denied Claims - How the Appeal Letter Can Make or Break You
Medicare Denied Claims - How the Appeal Letter Can Make or Break You
 
The RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and BeyondThe RAI Process: CAAs, Care Planning and Beyond
The RAI Process: CAAs, Care Planning and Beyond
 
Denials Management from ADR to ALJ
Denials Management from ADR to ALJDenials Management from ADR to ALJ
Denials Management from ADR to ALJ
 
Top 5 Ways to Prevent Falls
Top 5 Ways to Prevent FallsTop 5 Ways to Prevent Falls
Top 5 Ways to Prevent Falls
 
Nursing Documentation: Do Your Medical Records Support Skilled Care?
Nursing Documentation: Do Your Medical Records Support Skilled Care?Nursing Documentation: Do Your Medical Records Support Skilled Care?
Nursing Documentation: Do Your Medical Records Support Skilled Care?
 
Medicare Documentation for the Rehabilitation Patient: Evidence of Progress
Medicare Documentation for the Rehabilitation Patient: Evidence of ProgressMedicare Documentation for the Rehabilitation Patient: Evidence of Progress
Medicare Documentation for the Rehabilitation Patient: Evidence of Progress
 
Documenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL AccuracyDocumenting the Care you Provide ADL Accuracy
Documenting the Care you Provide ADL Accuracy
 
Medicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Medicare PPS Schedule: Managing Early, Late, and Missed PPS AssessmentsMedicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
Medicare PPS Schedule: Managing Early, Late, and Missed PPS Assessments
 
Win, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix LeadershipWin, Lose, or Draw: Case Mix Leadership
Win, Lose, or Draw: Case Mix Leadership
 
Skilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied ClaimsSkilled Rehab Services: Avoiding Denied Claims
Skilled Rehab Services: Avoiding Denied Claims
 
Top Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing FacilityTop Ten Missed Opportunities in the Skilled Nursing Facility
Top Ten Missed Opportunities in the Skilled Nursing Facility
 
ABCs of Care Planning
ABCs of Care PlanningABCs of Care Planning
ABCs of Care Planning
 
Documenting the Long-term Care You Provide
Documenting the Long-term Care You ProvideDocumenting the Long-term Care You Provide
Documenting the Long-term Care You Provide
 

Similar to How Safe is Your Patient Data?

Hippa breaches
Hippa breachesHippa breaches
Hippa breaches
ViSolve, Inc.
 
1Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 20211Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 2021
EttaBenton28
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
ClearDATACloud
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
Network 1 Consulting
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
PYA, P.C.
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
haydens
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
MBMeHealthCareSolutions
 
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdfUnderstanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
OmniMD Healthcare
 
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
Shelly Megan
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
wlynn1
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
gppcpa
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
Nisos Health
 
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfHIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
SuccessiveDigital
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
mindleaftechnologies
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
Kimberly Simon MBA
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
Kimberly Simon MBA
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
Kimberly Simon MBA
 
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Erik Ginalick
 
Data and Network Security: What You Need to Know
Data and Network Security: What You Need to KnowData and Network Security: What You Need to Know
Data and Network Security: What You Need to Know
PYA, P.C.
 

Similar to How Safe is Your Patient Data? (20)

Hippa breaches
Hippa breachesHippa breaches
Hippa breaches
 
1Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 20211Anthem Inc. HIPAA ViolationJune 21, 2021
1Anthem Inc. HIPAA ViolationJune 21, 2021
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdfUnderstanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
Understanding the Importance of HIPAA Compliance in Medical Billing Software.pdf
 
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
The Importance of HIPAA Compliance in ensuring the Privacy and Security of PHI!
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
 
Dental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business AssociatesDental Compliance for Dentists and Business Associates
Dental Compliance for Dentists and Business Associates
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfHIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
 
Data and Network Security: What You Need to Know
Data and Network Security: What You Need to KnowData and Network Security: What You Need to Know
Data and Network Security: What You Need to Know
 

More from Harmony Healthcare International (HHI)

Thinking Out of the Box: Treatment Planning Outside the Gym
Thinking Out of the Box: Treatment Planning Outside the GymThinking Out of the Box: Treatment Planning Outside the Gym
Thinking Out of the Box: Treatment Planning Outside the Gym
Harmony Healthcare International (HHI)
 
Medicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of ComplianceMedicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of Compliance
Harmony Healthcare International (HHI)
 
Measure Up with Standardized Assessments
Measure Up with Standardized AssessmentsMeasure Up with Standardized Assessments
Measure Up with Standardized Assessments
Harmony Healthcare International (HHI)
 
MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?
MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?
MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?
Harmony Healthcare International (HHI)
 
MDS 3.0: A Guide to Coding Accuracy
MDS 3.0: A Guide to Coding AccuracyMDS 3.0: A Guide to Coding Accuracy
MDS 3.0: A Guide to Coding Accuracy
Harmony Healthcare International (HHI)
 
Management of the Non-Traditional Rehabilitation Patient
Management of the Non-Traditional Rehabilitation PatientManagement of the Non-Traditional Rehabilitation Patient
Management of the Non-Traditional Rehabilitation Patient
Harmony Healthcare International (HHI)
 
M is for Miscoding
M is for MiscodingM is for Miscoding
M is for Miscoding
Harmony Healthcare International (HHI)
 
Is Antipsychotic Medication Reduction Making You Crazy?
Is Antipsychotic Medication Reduction Making You Crazy?Is Antipsychotic Medication Reduction Making You Crazy?
Is Antipsychotic Medication Reduction Making You Crazy?
Harmony Healthcare International (HHI)
 
Hospital Readmission Roullette
Hospital Readmission RoulletteHospital Readmission Roullette
Hospital Readmission Roullette
Harmony Healthcare International (HHI)
 
Design and Delivery of Therapy Treatment for the Complex SNF Patient
Design and Delivery of Therapy Treatment for the Complex SNF PatientDesign and Delivery of Therapy Treatment for the Complex SNF Patient
Design and Delivery of Therapy Treatment for the Complex SNF Patient
Harmony Healthcare International (HHI)
 

More from Harmony Healthcare International (HHI) (10)

Thinking Out of the Box: Treatment Planning Outside the Gym
Thinking Out of the Box: Treatment Planning Outside the GymThinking Out of the Box: Treatment Planning Outside the Gym
Thinking Out of the Box: Treatment Planning Outside the Gym
 
Medicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of ComplianceMedicare Part B Program Development in the Age of Compliance
Medicare Part B Program Development in the Age of Compliance
 
Measure Up with Standardized Assessments
Measure Up with Standardized AssessmentsMeasure Up with Standardized Assessments
Measure Up with Standardized Assessments
 
MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?
MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?
MDS Interviews: What Does "Sock,Bed,Blue" Mean to You?
 
MDS 3.0: A Guide to Coding Accuracy
MDS 3.0: A Guide to Coding AccuracyMDS 3.0: A Guide to Coding Accuracy
MDS 3.0: A Guide to Coding Accuracy
 
Management of the Non-Traditional Rehabilitation Patient
Management of the Non-Traditional Rehabilitation PatientManagement of the Non-Traditional Rehabilitation Patient
Management of the Non-Traditional Rehabilitation Patient
 
M is for Miscoding
M is for MiscodingM is for Miscoding
M is for Miscoding
 
Is Antipsychotic Medication Reduction Making You Crazy?
Is Antipsychotic Medication Reduction Making You Crazy?Is Antipsychotic Medication Reduction Making You Crazy?
Is Antipsychotic Medication Reduction Making You Crazy?
 
Hospital Readmission Roullette
Hospital Readmission RoulletteHospital Readmission Roullette
Hospital Readmission Roullette
 
Design and Delivery of Therapy Treatment for the Complex SNF Patient
Design and Delivery of Therapy Treatment for the Complex SNF PatientDesign and Delivery of Therapy Treatment for the Complex SNF Patient
Design and Delivery of Therapy Treatment for the Complex SNF Patient
 

Recently uploaded

RECENT ADVANCES IN BREAST CANCER RADIOTHERAPY
RECENT ADVANCES IN BREAST CANCER RADIOTHERAPYRECENT ADVANCES IN BREAST CANCER RADIOTHERAPY
RECENT ADVANCES IN BREAST CANCER RADIOTHERAPY
Isha Jaiswal
 
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COMHUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
priyabhojwani1200
 
PrudentRx's Function in the Management of Chronic Illnesses
PrudentRx's Function in the Management of Chronic IllnessesPrudentRx's Function in the Management of Chronic Illnesses
PrudentRx's Function in the Management of Chronic Illnesses
PrudentRx Program
 
Trauma Outpatient Center .
Trauma Outpatient Center .Trauma Outpatient Center .
Trauma Outpatient Center .
TraumaOutpatientCent
 
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
rightmanforbloodline
 
DRAFT Ventilator Rapid Reference version 2.4.pdf
DRAFT Ventilator Rapid Reference version 2.4.pdfDRAFT Ventilator Rapid Reference version 2.4.pdf
DRAFT Ventilator Rapid Reference version 2.4.pdf
Robert Cole
 
Professional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine LectureProfessional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine Lecture
DIVYANSHU740006
 
The Power of Superfoods and Exercise.pdf
The Power of Superfoods and Exercise.pdfThe Power of Superfoods and Exercise.pdf
The Power of Superfoods and Exercise.pdf
Dr Rachana Gujar
 
KEY Points of Leicester travel clinic In London doc.docx
KEY Points of Leicester travel clinic In London doc.docxKEY Points of Leicester travel clinic In London doc.docx
KEY Points of Leicester travel clinic In London doc.docx
NX Healthcare
 
Under Pressure : Kenneth Kruk's Strategy
Under Pressure : Kenneth Kruk's StrategyUnder Pressure : Kenneth Kruk's Strategy
Under Pressure : Kenneth Kruk's Strategy
Kenneth Kruk
 
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
The Lifesciences Magazine
 
Letter to MREC - application to conduct study
Letter to MREC - application to conduct studyLetter to MREC - application to conduct study
Letter to MREC - application to conduct study
Azreen Aj
 
PrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and EngagementPrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and Engagement
PrudentRx Program
 
PET CT beginners Guide covers some of the underrepresented topics in PET CT
PET CT beginners Guide covers some of the underrepresented topics in PET CTPET CT beginners Guide covers some of the underrepresented topics in PET CT
PET CT beginners Guide covers some of the underrepresented topics in PET CT
MiadAlsulami
 
Stem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac Care
Stem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac CareStem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac Care
Stem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac Care
Dr. David Greene Arizona
 
Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...
Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...
Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...
nirahealhty
 
Top massage center in ajman chandrima Spa
Top massage center in ajman chandrima SpaTop massage center in ajman chandrima Spa
Top massage center in ajman chandrima Spa
Chandrima Spa Ajman
 
Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.
Vishal kr Thakur
 
Can Allopathy and Homeopathy Be Used Together in India.pdf
Can Allopathy and Homeopathy Be Used Together in India.pdfCan Allopathy and Homeopathy Be Used Together in India.pdf
Can Allopathy and Homeopathy Be Used Together in India.pdf
Dharma Homoeopathy
 
Anxiety, Trauma and Stressor Related Disorder.pptx
Anxiety, Trauma and Stressor Related Disorder.pptxAnxiety, Trauma and Stressor Related Disorder.pptx
Anxiety, Trauma and Stressor Related Disorder.pptx
Sagunlohala1
 

Recently uploaded (20)

RECENT ADVANCES IN BREAST CANCER RADIOTHERAPY
RECENT ADVANCES IN BREAST CANCER RADIOTHERAPYRECENT ADVANCES IN BREAST CANCER RADIOTHERAPY
RECENT ADVANCES IN BREAST CANCER RADIOTHERAPY
 
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COMHUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
 
PrudentRx's Function in the Management of Chronic Illnesses
PrudentRx's Function in the Management of Chronic IllnessesPrudentRx's Function in the Management of Chronic Illnesses
PrudentRx's Function in the Management of Chronic Illnesses
 
Trauma Outpatient Center .
Trauma Outpatient Center .Trauma Outpatient Center .
Trauma Outpatient Center .
 
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
 
DRAFT Ventilator Rapid Reference version 2.4.pdf
DRAFT Ventilator Rapid Reference version 2.4.pdfDRAFT Ventilator Rapid Reference version 2.4.pdf
DRAFT Ventilator Rapid Reference version 2.4.pdf
 
Professional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine LectureProfessional Secrecy: Forensic Medicine Lecture
Professional Secrecy: Forensic Medicine Lecture
 
The Power of Superfoods and Exercise.pdf
The Power of Superfoods and Exercise.pdfThe Power of Superfoods and Exercise.pdf
The Power of Superfoods and Exercise.pdf
 
KEY Points of Leicester travel clinic In London doc.docx
KEY Points of Leicester travel clinic In London doc.docxKEY Points of Leicester travel clinic In London doc.docx
KEY Points of Leicester travel clinic In London doc.docx
 
Under Pressure : Kenneth Kruk's Strategy
Under Pressure : Kenneth Kruk's StrategyUnder Pressure : Kenneth Kruk's Strategy
Under Pressure : Kenneth Kruk's Strategy
 
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
 
Letter to MREC - application to conduct study
Letter to MREC - application to conduct studyLetter to MREC - application to conduct study
Letter to MREC - application to conduct study
 
PrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and EngagementPrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and Engagement
 
PET CT beginners Guide covers some of the underrepresented topics in PET CT
PET CT beginners Guide covers some of the underrepresented topics in PET CTPET CT beginners Guide covers some of the underrepresented topics in PET CT
PET CT beginners Guide covers some of the underrepresented topics in PET CT
 
Stem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac Care
Stem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac CareStem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac Care
Stem Cell Solutions: Dr. David Greene's Path to Non-Surgical Cardiac Care
 
Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...
Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...
Can coffee help me lose weight? Yes, 25,422 users in the USA use it for that ...
 
Top massage center in ajman chandrima Spa
Top massage center in ajman chandrima SpaTop massage center in ajman chandrima Spa
Top massage center in ajman chandrima Spa
 
Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.Pneumothorax and role of Physiotherapy in it.
Pneumothorax and role of Physiotherapy in it.
 
Can Allopathy and Homeopathy Be Used Together in India.pdf
Can Allopathy and Homeopathy Be Used Together in India.pdfCan Allopathy and Homeopathy Be Used Together in India.pdf
Can Allopathy and Homeopathy Be Used Together in India.pdf
 
Anxiety, Trauma and Stressor Related Disorder.pptx
Anxiety, Trauma and Stressor Related Disorder.pptxAnxiety, Trauma and Stressor Related Disorder.pptx
Anxiety, Trauma and Stressor Related Disorder.pptx
 

How Safe is Your Patient Data?

  • 1. How Safe is Your Patient Data? Steps to Protect Electronic Health Information in Nursing Homes A collaborative effort brought to you by Harmony University The Provider Unit of Harmony Healthcare International, Inc. (HHI) And Kinara Insights Presented by: Sameer Sule, MS, MSc Founder & President
  • 2. Harmony Healthcare International About Sameer Sameer Sule, MS, MSc., Founder and President of Kinara Insights ! Specialize in patient data security & HIPAA compliance. Author of “Protecting Electronic Health Information: A Practical Approach to Patient Data Security in your Healthcare Practice” Extensive experience in guiding clients through the planning, selection and technology implementation phases. Assisted clients through the OCR HIPAA audit process and provided recommendations to address the audit findings. Published in the Journal of Massachusetts Dental Society, The Granite State Report - a publication of the ACHCA New Hampshire Chapter, The Disaster Recovery Journal and the Worcester Telegram and Gazette. Regular blogger- provides insights, tips and advice on secure technology usage in a constantly changing healthcare landscape. MS from Syracuse University and MSc. from the Indian Institute of Technology, Bombay Co-inventor on 14 US, EU, and AU patents. Copyright © 2014 All Rights Reserved
  • 3. How Safe is Your Patient Data? Steps to Protect Electronic Health Information in Nursing Homes Disclosure: The planners and presenters of this education activity have no relationship with commercial entities or conflicts of interest to disclose Planners: Elisa Bovee, MS, OTR/L Diane Buckley, BSN, RN, RAC-CT Sameer Sule, MS, MSc Presenter: Sameer Sule, MS, MSc Harmony Healthcare International Copyright © 2014 All Rights Reserved
  • 4. Healthcare Technology Consulting Help healthcare organizations and their business associates use technology in a secure HIPAA compliant manner to be more efficient and deliver high quality patient care. Focus Data Security | HIPAA Compliance Mobile Technology | Cloud Computing KINARA | INSIGHTS www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 5. www.kinarainsights.com Services ePHI Risk Assessment HIPAA Security Policies & Procedures (Review /Development) Data Backup & Disaster Recovery Planning Data Security- HIPAA Compliance Training and Workshops Secure Cloud Computing, Mobile Solutions Copyright © 2014 All Rights Reserved
  • 6. www.kinarainsights.com Objectives By the end of this presentation, you will be able to: 1. Explain the importance of patient data security and consequences of medical identity theft to nursing homes 2. Identify potential data breach scenarios in your facility 3. List the steps for protecting ePHI in your organization Copyright © 2014 All Rights Reserved
  • 7. www.kinarainsights.com Disclaimer This seminar is meant to provide information for educational purposes only Information presented in this seminar is not legal advice and must not be taken as such HIPAA rules and regulations are subject to different interpretations Please consult your attorney for legal advice specific to your case Copyright © 2014 All Rights Reserved
  • 8. www.kinarainsights.com Acronyms Used HIPAA (Health Insurance Portability and Accountability Act) ePHI (Electronic Protected Health Information) CE (Covered Entity) BA (Business Associate) BAA (Business Associate Agreement) Copyright © 2014 All Rights Reserved
  • 9. Why is Data Security Important? www.kinarainsights.com ! MEDICAL IDENTITY THEFT Copyright © 2014 All Rights Reserved
  • 10. Medical Identity Theft Occurs when criminals use your personal information to obtain medical services, drugs or for fraudulent billing Fastest growing identity theft in the US Over 300,000 victims per year in the US www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 11. Health Information at Risk ! Medical/Healthcare industry is a top target for cybercriminals accounting for 44% of the breaches (Identity Theft Resource Center 2013 study) ! Nursing homes are exposed to hacker attacks - Cybersecurity experts find trove of information on file-sharing www.kinarainsights.com web site (Wall Street Journal Article, Feb 2014) ! Cybercriminals know that many healthcare organizations do not have adequate security measures in place to protect confidential data Copyright © 2014 All Rights Reserved
  • 12. Criminals Love ePHI! Rich in identity information Contains patient name, DOB, SSN#, insurance policy information, credit card details, medical history, emergency contact info of family members, etc. A complete medical record sells for $50 on the black market vs. $20 for credit card info alone www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 13. Medical Identity Theft Consequences Financial fraud Medical insurance fraud Corruption of the original medical records Denial of access to your own records www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 14. Medical Identity Theft Consequences Possible social stigma and embarrassment Denial of insurance Loss of reputation Loss of time trying to get the records corrected in different healthcare systems that are not connected with each other www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 15. Data Breach Costs $$$$$$$$ in HIPAA fines, Legal costs, Remediation costs, Loss of Reputation & Revenue www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 16. Recent HIPAA Penalties $4.8 million New York Presbyterian Hospital (NYP) and Columbia University Medical Center (CU) Cause: Physician employed by CU attempted to deactivate a personally-owned computer server on the network containing NYP patient ePHI Disclosure of ePHI of 6,800 individuals, including patient status, vital signs, medications, and laboratory results on internet search engines Lack of technical safeguards to check to see if the server was secure, no risk analysis to identify all systems with ePHI, failure to implement and appropriate policies for database access authorization and failure to comply with its own information access management policies www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 17. Recent HIPAA Penalties $1.7 million Concentra Health Services Cause: Unencrypted laptop was stolen from one of its facilities. Company had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktops, medical equipment, tablets and other devices containing ePHI was a critical risk Efforts at encryption were incomplete and inconsistent over time leaving patient ePHI vulnerable throughout the organization Insufficient security management processes www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 18. Recent HIPAA Penalties $1.2 million Health Plan, Inc Cause: Photocopier Hard Drive Disclosure of ePHI of 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives ! Failure to incorporate the ePHI stored in copier’s hard drives in its risk analysis ! Failure to implement policies and procedures when returning the hard drives to its leasing agents www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 19. Recent HIPAA Penalties $150,000 Dermatology practice in MA Cause: Unencrypted thumb drive containing ePHI of 2,200 individuals stolen from a vehicle of one its staff members. Drive was not recovered. ! Failure to conduct an accurate and thorough risk analysis as part of its security management process. ! First settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of HITECH Act. www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 20. Breach Report to Congress In 2012, theft and hacking/IT incidents affected the largest numbers of individuals. Theft continues to be one of the top causes that affects the most individuals. www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 21. HIPAA Settlements ! In 7 cases resulting from a breach report, HHS has entered into resolution agreements or corrective action plans totaling more than $8 million in settlements. www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 22. Loss of ePHI is disastrous for your patients and your healthcare organization! www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 23. Data Security & HIPAA Compliance www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 24. HIPAA Security Rule Protect Confidentiality Integrity Availability www.kinarainsights.com of ePHI Copyright © 2014 All Rights Reserved
  • 25. Security Rule Safeguards Nursing homes and their business associates must implement Administrative, Physical & Technical safeguards to protect ePHI. ! Each safeguard has standards Each standard has implementation specifications that are Required/Addressable Addressable DOES NOT mean optional www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 26. Administrative Safeguards STANDARDS IMPLEMENTATION SPECIFICATIONS R= Required, A=Addressable Security Management Process Risk Analysis (R) Risk Management (R) Sanction Policy (R) Information System Activity Review (R) Assigned Security Responsibility (Required) Workforce Security Authorization and/or Supervision (A) Workforce Clearance Procedure (A) Termination Procedures (A) Information Access Management Isolating Health Care Clearinghouse Functions (R) Access Authorization (A) Access Establishment and Modification (A) Security Awareness and Training Security Reminders (A) Protection from Malicious Software (A) Log-in Monitoring (A) Password Management (A) Security Incident Procedures Response and Reporting (R) Contingency Plan Data Backup Plan (R) Contingency Plan Data Backup Plan (R) Disaster Recovery Plan (R) Emergency Mode Operation Plan (R) Testing and Revision Procedures (A) Applications and Data Criticality Analysis (A) Disaster Recovery Plan (R) Emergency Mode Operation Plan (R) Testing and Revision Procedures (A) Applications and Data Criticality Analysis (A) Evaluation (Required) Business Associate Agreements/Contracts and Other Arrangements Written contract or other Arrangement(R) www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 27. Physical Safeguards STANDARDS IMPLEMENTATION SPECIFICATIONS www.kinarainsights.com R= Required, A=Addressable Facility Access Controls Contingency Operations (A) Facility Security Plan (A) Access Control and Validation Procedures (A) Maintenance Records (A) Workstation Use (Required) Workstation Security (Required) Device and Media Controls Disposal (R) Media Re-use (R) Accountability (A) Data Backup and Storage (A) Copyright © 2014 All Rights Reserved
  • 28. Technical Safeguards STANDARDS IMPLEMENTATION SPECIFICATIONS www.kinarainsights.com R= Required, A=Addressable Access control Unique User Identification (R) Emergency Access Procedure (R) Automatic logoff (A) Encryption and Decryption (A) Audit Controls (Required) Integrity Mechanism to authenticate EPHI(A) Person or Entity Authentication (Required) Transmission Security Integrity Controls (A) Encryption (A) Copyright © 2014 All Rights Reserved
  • 29. www.kinarainsights.com Causes of Data Breach in SNFs Loss / theft of laptops or mobile devices containing ePHI Lack of appropriate authentication/audit software and controls to secure access to ePHI Unsecure medical devices, printers connected to the network Software updates or system maintenance Stolen passwords or weak passwords that are easy to hack Use of unsecure file sharing software/services Use of unsecure email or text messaging services Viruses or malware in the computer system Unintentional employee action or error Intentional employee action Negligence of third party service contractors Copyright © 2014 All Rights Reserved
  • 30. Key Steps to Data Security 1. Risk Analysis 2. Access and Audit Controls 3. Encryption (Safe Harbor) 4. Mobile Device Management 5. Contingency Planning 6. Policies & Procedures 7. Training 8. Business Associate Agreements 9. Documentation www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 31. 1. Conduct a Risk Analysis An accurate and thorough assessment of the potential threats and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 32. What is Risk Analysis? 1. Knowing where ePHI resides in your computer systems and how it flows through your systems. ! 2. Identifying potential risks to the data. ! 3. Taking reasonable and appropriate measures to mitigate the risks. www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 33. O ePHI, ePHI, wherefore art thou ePHI? www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 34. ePHI in Motion Electronic Communications Are you using web based email like Hotmail or Gmail to send ePHI? How about text messaging? Is the Wireless internet in the facility secure? Is staff accessing ePHI from remote locations using free/unsecure Wi-Fi? www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 35. 2. Access and Audit Controls Who has access to ePHI? What are the policies/processes in place to grant individuals access to ePHI? What technology are you using to monitor access? How are alerts set up for monitoring unauthorized access? Do you have audit logs to monitor access to ePHI? www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 36. 2. Access and Audit Controls The Minimum Necessary Principle ! Restrict ePHI access only to those people that need it to perform their jobs AND Restrict access to ePHI data to the minimum necessary for people to do their jobs www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 37. www.kinarainsights.com 3. Encryption Renders your data unreadable to unauthorized users Needs password (key) to access the data Provides a safe harbor in case of a data breach Copyright © 2014 All Rights Reserved
  • 38. 3. Encryption Addressable DOES NOT mean optional Is all your stored (at rest) ePHI encrypted? Is the ePHI encrypted during transmission (in motion) over the network? If the ePHI is not encrypted, what alternative safeguards do you have in place of encryption that ensure the security of ePHI? www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 39. 4. Manage Mobile Devices Laptops, Smartphones, Tablets, USB drives Usage & Disposal Policy Encryption Device Tracking Remote Lock & Wipeout Wireless Internet Access Secure Wi-Fi network for providers and staff (password protected) Separate guest Wi-Fi network for residents and family www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 40. 5. Contingency Planning Planning and Preparing for Unforeseen Disruptive Scenarios including natural disasters and disruptions due to power failures, server repair etc. ! Ensuring Continuity of Business Operations and Patient Care www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 41. www.kinarainsights.com Eye Opener 70 percent of small firms that experience a major data loss go out of business within a year ! SCORE: Counselors to America’s Small Businesses Copyright © 2014 All Rights Reserved
  • 42. Is Contingency Planning Required? YES! If you are a Covered Entity or a Business Associate under HIPAA Security Standard § 164.308(a)(7) ! AND ! YES! If you would like to still stay in business after a disaster. www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 43. Implementation Specifications Data backup plan (Required) Disaster recovery plan (Required) Emergency mode operation plan (Required) Testing and revision procedures (Addressable) Applications and data criticality analysis (Addressable) www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 44. Contingency Plan Benefits Prevents or reduces operational downtime ! Reduces business loss ! Enables continuity of patient care ! Enhances your reputation among patients and business partners www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 45. Contingency Planning Cycle www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 46. Contingency Plan PLAN IT IMPLEMENT IT TEST IT REGULARLY ! DON’T LEAVE YOUR BUSINESS TO CHANCE!! www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 47. 6. Policies and Procedures Must have well documented policies and procedures that comprehensively cover the administrative, physical, and technical safeguards in place to protect ePHI. ! Polices should cover risk management, access control to ePHI, contingency planning, employee termination etc. ! Make sure policies and procedures are relevant and up-to-date. www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 48. www.kinarainsights.com 7. Training Implement a policy mandating periodic training for all personnel that handle ePHI. Must include permanent staff as well as temporary and contract workers. Conduct periodic training. Document the training. Implement a sanction policy in place that clearly spells out the severe consequences for anyone not following the security policies despite receiving compliance training. ! Humans can be the Weakest Link in the security chain!!! Copyright © 2014 All Rights Reserved
  • 49. 8. Business Associate Agreement Execute a Business Associate Agreement (BAA) with all third party vendors that come in contact with your ePHI, as a part to the services they provide you/on your behalf. ! (These include consultants, transcription companies, billing companies, accountants, legal companies, marketing companies, cloud based data backup services etc.) www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 50. Final Omnibus Rule and BAs How many Business Associates (BA) do you have? Expanded BA definition ! Need to have BAA with all your BAs ! BAs are directly liable for data breach www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 51. 9. Documentation ! Is all your HIPAA related documentation organized and easily accessible? ! You will need to produce this in case of a data breach or HIPAA Compliance Audit www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 52. The Big Picture www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 53. Security Rule Compliance Don’t assume that if the technology is compliant, the organization is also compliant. Compliance is achieved by a combination of: ❖ Technology ❖ Policies and procedures ❖ Regular staff training ❖ Strict enforcement and sanctions ❖ Periodic review and updates ❖ Proper documentation www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 54. Data Security and Compliance Requires planning Must be detailed Takes coordination different departments Requires an investment of time Is on-going www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 55. Data Security: A Practical Approach Immediate Action Steps ! 1. Conduct a comprehensive risk analysis. 2. Encrypt all ePHI. 3. Review existing security technology, policies and www.kinarainsights.com procedures. 4. Review your data backup & disaster recovery procedures. 5. Schedule regular staff training. ! Take a step-wise approach and build a strong data security foundation Copyright © 2014 All Rights Reserved
  • 56. Your Options Do it all by yourself and/or get outside help when needed. Example: You can use ready-made policy templates. But you need to customize them to your organization. GOAL Implement reasonable and appropriate security measures for your organization. www.kinarainsights.com Copyright © 2014 All Rights Reserved
  • 57. www.kinarainsights.com THANK YOU Sameer Sule, President Kinara Insights Author: “Protecting Electronic Health Information: A Practical Approach to Patient Data Security in Your Healthcare Practice” Amazon: http://www.amazon.com/author/sameersule Email: ssule@kinarainsights.com Blog: www.kinarainsights.com/blog LinkedIn: http://www.linkedin.com/pub/sameer-sule/ 7/b1b/511 Twitter:@sameersule Copyright © 2014 All Rights Reserved
  • 58. Register online http://info.harmony-healthcare.com/harmony2014 or by phone (978) 887-8919 ext. 13 Harmony Healthcare Copyright © 2014 All Rights Reserved International Register Online
  • 59. Copyright © 2014 All Rights Reserved Harmony Healthcare International