SlideShare a Scribd company logo

Safeguarding Health Information through HIPA.pptx

Download as PPTX, PDF
I
ibrahimsukari2

Safeguarding Health Information through HIPA

Health & Medicine
1 of 25
Safeguarding Health Information: Building Assurance through HIPAA Security - 2018 OCR & ONC Security Risk Assessment (SRA) Tool Walk-Through: New Features and New Functionality October 18, 2018
Happy Cybersecurity Month-Privacy and Security: A Shared Responsibility 2
Security Risk Assessment (SRA) Tool 3 • The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have updated the popular Security Risk Assessment (SRA) Tool to make it easier to use and apply more broadly to the risks to health information. • The tool is designed for use by small to medium sized health care practices – covered entities, and business associates to help them identify risks and vulnerabilities to ePHI. • The updated tool provides enhanced functionality to document how such organizations can implement or plan to implement appropriate security measures to protect ePHI. • Windows operating system- Download the Windows version of the tool at http://www.HealthIT.gov/security-risk-assessment. • The iOS iPad version was not updated, but the previous version is available at the Apple App Store (search under “HHS SRA Tool”).
SRA Tool Development Approach • ONC engaged the Technology Learning Community for Privacy and Security » User Stories>>> Testing>>>Feedback>>>Enhancement Requests • ONC and OCR conducted comprehensive usability testing of the SRA tool (version 2.0) with health care practice managers. • Analysis of the findings across the user base informed the development of the content and the requirements for the SRA Tool 3.0. • ONC and OCR then conducted testing of the SRA tool 3.0 to compare the user experience in completing the same tasks presented in the first round of testing. • Over the next year, ONC and OCR will continue to gather feedback on the tool to inform future SRA tool modifications and updates. You can give feedback or request help by emailing PrivacyAndSecurity@hhs.gov 4
New Features and Functionality • Enhanced User Interface • Modular Workflow with Question Branching Logic • Custom Assessment Logic • Progress Tracker • Improved Threats & Vulnerabilities Rating • Detailed Reports • Business Associate and Asset Tracking • Overall Improvement of the User Experience 5
Additional Features • Asset List/Vendor List import/export • Accommodates Multi-Location Practices • Document Tracking/Linking within Assessment Sections or within Documents Section [aggregates documents] • Audit Logging Across User Accounts • Dynamic Content within Assessment • Wizard-based Branching Logic within Assessment • Risk Guided Framework 6
SRA Tool Brief Overview- Content • Section 1: Security Risk Assessment (SRA) Basics (security management process) • Section 2: Security Policies, Procedures, & Documentation (defining policies & procedures) • Section 3: Security & Your Workforce (defining/managing access to systems and workforce training) • Section 4: Security & Your Data (technical security procedures) • Section 5: Security & Your Practice (physical security procedures) • Section 6: Security & Your Vendors (business associate agreements and vendor access to PHI) • Section 7: Contingency Planning (backups and data recovery plans) 7
Important Reminder! The SRA Tool runs on your computer. It does not transmit information to the Department of Health and Human Services, The Office of the National Coordinator for Health IT, or The Office for Civil Rights. 8
Top 10 Myths of Security Risk Analysis 1. The security risk analysis is optional for small providers. 2. Simply installing a certified EHR fulfills the security risk analysis MU requirement. 3. My EHR vendor took care of everything I need to do about privacy and security. 4. I have to outsource the security risk analysis. 5. A checklist will suffice for the risk analysis requirement. 9
Top 10 Myths of Security Risk Analysis 6. There is a specific risk analysis method that I must follow. 7. My security risk analysis only needs to look at my EHR. 8. I only need to do a risk analysis once. 9. Before I attest for an EHR incentive program, I must fully mitigate all risks. 10. Each year, I’ll have to completely redo my security risk analysis. 10
Create New SRA: • Enter your name • Pick a place to save your SRA • Name your SRA • Review the Disclaimer • Begin your SRA 11
Create New SRA: • Enter your name • Pick a place to save your SRA • Name your SRA • Review the Disclaimer • Begin your SRA 12
Entering your Practice Info: • Practice Information » Track Asset Inventory » Track BAs » Track Documentation 13
Asset Tracking: • Practice Information » Track Asset Inventory » Track BAs » Track Documentation 14
Vendor/BAA Tracking: • Practice Information » Track Asset Inventory » Track BAs » Track Document ation 15
Assessment: • Assessment Sections  Wizard-based Logic  Multiple Choice Question & Answer format  Dynamic Education content  Related Standard Language • Progress Indicators 16
Identifying Vulnerabilitie s: • Multi-Select format • Guidance within ToolTips 17
Rating Likelihood and Impact of Threats: • Likelihood & Impact Rating  Color coded rating system  Guided Risk Framework • Guidance within ToolTips 18
Reviewing the Section Summary: • Section Summary » Areas of Success » Areas for Review » Score » Comments & Documents • Final SRA Summary » Dashboard » Detailed Report 19
Understandin g your scores: • Section Summary » Areas of Success » Areas for Review » Score » Comments & Documents • Final SRA Summary » Dashboard » Detailed Report 20
Risk Report 21
Final SRA Summary • Section Summary » Areas of Success » Areas for Review » Score » Comments & Documents • Final SRA Summary » Dashboard » Detailed Report 22
Final SRA Summary • Summary Dashboard » Cumulative Risk score » Risk score by section » Total Areas for Review » Total # of Vulnerabilities 23
Final SRA Summary • Detailed Report » Risk scores for each section » Audit Log » Comprehensiv e report of SRA results » Risk ratings for Threats & Vulnerabilities 24
@ONC_HealthIT @HHSONC Questions?

Recommended

Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRA
Matt Moneypenny
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
Evan Francen
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
Rob Arnold
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™
CPaschal
 
Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk management
healthpoint
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
SLVA Information Security
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEW
shyamuop
 

Recommended

Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRA
Matt Moneypenny
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
Evan Francen
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
Rob Arnold
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™
CPaschal
 
Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk management
healthpoint
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
SLVA Information Security
 
Cmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEWCmgt 400 Entire Course NEW
Cmgt 400 Entire Course NEW
shyamuop
 
CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEW
shyamuopfive
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Denim Group
 
Risk assessment user_guide_final_3_26_2014
Risk assessment user_guide_final_3_26_2014Risk assessment user_guide_final_3_26_2014
Risk assessment user_guide_final_3_26_2014
siupals
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
HIPAA omnibus rule update
HIPAA omnibus rule updateHIPAA omnibus rule update
HIPAA omnibus rule update
O'Connor Davies CPAs
 
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
Polsinelli PC
 
Preparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA AuditPreparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA Audit
PYA, P.C.
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
Splunk
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Denim Group
 
HIPAA Security Risk Assessment
HIPAA Security Risk Assessment HIPAA Security Risk Assessment
HIPAA Security Risk Assessment
Marci Fugarino SPHR, SHRM-SCP
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1
Royalzig Luxury Furniture
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
FizZaShYkh
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
Compliancy Group
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
humanus2
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
Cameron Forbes Over
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
Cameron Forbes Over
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
Charles McNeil
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin, Inc.
 
❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
Sheetaleventcompany
 
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Sheetaleventcompany
 

More Related Content

Similar to Safeguarding Health Information through HIPA.pptx

Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Denim Group
 
Risk assessment user_guide_final_3_26_2014
Risk assessment user_guide_final_3_26_2014Risk assessment user_guide_final_3_26_2014
Risk assessment user_guide_final_3_26_2014
siupals
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Denim Group
 

Similar to Safeguarding Health Information through HIPA.pptx (20)

CMGT 400 Entire Course NEW
CMGT 400 Entire Course NEWCMGT 400 Entire Course NEW
CMGT 400 Entire Course NEW
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
 
Risk assessment user_guide_final_3_26_2014
Risk assessment user_guide_final_3_26_2014Risk assessment user_guide_final_3_26_2014
Risk assessment user_guide_final_3_26_2014
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
HIPAA omnibus rule update
HIPAA omnibus rule updateHIPAA omnibus rule update
HIPAA omnibus rule update
 
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...
 
Preparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA AuditPreparing & Responding to an OCR HIPAA Audit
Preparing & Responding to an OCR HIPAA Audit
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
HIPAA Security Risk Assessment
HIPAA Security Risk Assessment HIPAA Security Risk Assessment
HIPAA Security Risk Assessment
 
internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1internet securityand cyber law Unit3 1
internet securityand cyber law Unit3 1
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 

Recently uploaded

❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
Sheetaleventcompany
 
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Sheetaleventcompany
 
Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...
Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...
Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...
call girls hydrabad
 
Cardiac Output, Venous Return, and Their Regulation
Cardiac Output, Venous Return, and Their RegulationCardiac Output, Venous Return, and Their Regulation
Cardiac Output, Venous Return, and Their Regulation
MedicoseAcademics
 
💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...
💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...
💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...
Sheetaleventcompany
 
Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...
Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...
Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...
Sheetaleventcompany
 
💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...
💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...
💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...
Sheetaleventcompany
 
Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...
Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...
Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...
gragneelam30
 
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Sheetaleventcompany
 
💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...
💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...
💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...
gragneelam30
 
Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...
Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...
Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...
Sheetaleventcompany
 
Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Namrata Singh
 
❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...
❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...
❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...
Sheetaleventcompany
 
Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...
Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...
Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...
Janvi Singh
 
Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...
Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...
Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...
Sheetaleventcompany
 
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
perfect solution
 
Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...
Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...
Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...
Dipal Arora
 
Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...
Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...
Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...
Namrata Singh
 

Recently uploaded (20)

❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
❤️Call Girl Service In Chandigarh☎️9814379184☎️ Call Girl in Chandigarh☎️ Cha...
 
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
Low Cost Call Girls Bangalore {9179660964} ❤️VVIP NISHA Call Girls in Bangalo...
 
Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...
Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...
Call girls Service Phullen / 9332606886 Genuine Call girls with real Photos a...
 
Cardiac Output, Venous Return, and Their Regulation
Cardiac Output, Venous Return, and Their RegulationCardiac Output, Venous Return, and Their Regulation
Cardiac Output, Venous Return, and Their Regulation
 
💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...
💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...
💚Reliable Call Girls Chandigarh 💯Niamh 📲🔝8868886958🔝Call Girl In Chandigarh N...
 
Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...
Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...
Kolkata Call Girls Service ❤️🍑 9xx000xx09 👄🫦 Independent Escort Service Kolka...
 
ANATOMY AND PHYSIOLOGY OF RESPIRATORY SYSTEM.pptx
ANATOMY AND PHYSIOLOGY OF RESPIRATORY SYSTEM.pptxANATOMY AND PHYSIOLOGY OF RESPIRATORY SYSTEM.pptx
ANATOMY AND PHYSIOLOGY OF RESPIRATORY SYSTEM.pptx
 
💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...
💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...
💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...
 
Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...
Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...
Call Girls Bangalore - 450+ Call Girl Cash Payment 💯Call Us 🔝 6378878445 🔝 💃 ...
 
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
Dehradun Call Girls Service {8854095900} ❤️VVIP ROCKY Call Girl in Dehradun U...
 
💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...
💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...
💰Call Girl In Bangalore☎️63788-78445💰 Call Girl service in Bangalore☎️Bangalo...
 
Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...
Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...
Independent Bangalore Call Girls (Adult Only) 💯Call Us 🔝 7304373326 🔝 💃 Escor...
 
Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
Kolkata Call Girls Naktala 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl Se...
 
❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...
❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...
❤️Amritsar Escorts Service☎️9815674956☎️ Call Girl service in Amritsar☎️ Amri...
 
Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...
Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...
Call Girls in Lucknow Just Call 👉👉 8875999948 Top Class Call Girl Service Ava...
 
Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...
Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...
Goa Call Girl Service 📞9xx000xx09📞Just Call Divya📲 Call Girl In Goa No💰Advanc...
 
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 9667172968 Top Class Call Girl Service Available
 
Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...
Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...
Bhawanipatna Call Girls 📞9332606886 Call Girls in Bhawanipatna Escorts servic...
 
tongue disease lecture Dr Assadawy legacy
tongue disease lecture Dr Assadawy legacytongue disease lecture Dr Assadawy legacy
tongue disease lecture Dr Assadawy legacy
 
Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...
Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...
Kolkata Call Girls Shobhabazar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Gir...
 

Safeguarding Health Information through HIPA.pptx

  • 1. Safeguarding Health Information: Building Assurance through HIPAA Security - 2018 OCR & ONC Security Risk Assessment (SRA) Tool Walk-Through: New Features and New Functionality October 18, 2018
  • 2. Happy Cybersecurity Month-Privacy and Security: A Shared Responsibility 2
  • 3. Security Risk Assessment (SRA) Tool 3 • The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have updated the popular Security Risk Assessment (SRA) Tool to make it easier to use and apply more broadly to the risks to health information. • The tool is designed for use by small to medium sized health care practices – covered entities, and business associates to help them identify risks and vulnerabilities to ePHI. • The updated tool provides enhanced functionality to document how such organizations can implement or plan to implement appropriate security measures to protect ePHI. • Windows operating system- Download the Windows version of the tool at http://www.HealthIT.gov/security-risk-assessment. • The iOS iPad version was not updated, but the previous version is available at the Apple App Store (search under “HHS SRA Tool”).
  • 4. SRA Tool Development Approach • ONC engaged the Technology Learning Community for Privacy and Security » User Stories>>> Testing>>>Feedback>>>Enhancement Requests • ONC and OCR conducted comprehensive usability testing of the SRA tool (version 2.0) with health care practice managers. • Analysis of the findings across the user base informed the development of the content and the requirements for the SRA Tool 3.0. • ONC and OCR then conducted testing of the SRA tool 3.0 to compare the user experience in completing the same tasks presented in the first round of testing. • Over the next year, ONC and OCR will continue to gather feedback on the tool to inform future SRA tool modifications and updates. You can give feedback or request help by emailing PrivacyAndSecurity@hhs.gov 4
  • 5. New Features and Functionality • Enhanced User Interface • Modular Workflow with Question Branching Logic • Custom Assessment Logic • Progress Tracker • Improved Threats & Vulnerabilities Rating • Detailed Reports • Business Associate and Asset Tracking • Overall Improvement of the User Experience 5
  • 6. Additional Features • Asset List/Vendor List import/export • Accommodates Multi-Location Practices • Document Tracking/Linking within Assessment Sections or within Documents Section [aggregates documents] • Audit Logging Across User Accounts • Dynamic Content within Assessment • Wizard-based Branching Logic within Assessment • Risk Guided Framework 6
  • 7. SRA Tool Brief Overview- Content • Section 1: Security Risk Assessment (SRA) Basics (security management process) • Section 2: Security Policies, Procedures, & Documentation (defining policies & procedures) • Section 3: Security & Your Workforce (defining/managing access to systems and workforce training) • Section 4: Security & Your Data (technical security procedures) • Section 5: Security & Your Practice (physical security procedures) • Section 6: Security & Your Vendors (business associate agreements and vendor access to PHI) • Section 7: Contingency Planning (backups and data recovery plans) 7
  • 8. Important Reminder! The SRA Tool runs on your computer. It does not transmit information to the Department of Health and Human Services, The Office of the National Coordinator for Health IT, or The Office for Civil Rights. 8
  • 9. Top 10 Myths of Security Risk Analysis 1. The security risk analysis is optional for small providers. 2. Simply installing a certified EHR fulfills the security risk analysis MU requirement. 3. My EHR vendor took care of everything I need to do about privacy and security. 4. I have to outsource the security risk analysis. 5. A checklist will suffice for the risk analysis requirement. 9
  • 10. Top 10 Myths of Security Risk Analysis 6. There is a specific risk analysis method that I must follow. 7. My security risk analysis only needs to look at my EHR. 8. I only need to do a risk analysis once. 9. Before I attest for an EHR incentive program, I must fully mitigate all risks. 10. Each year, I’ll have to completely redo my security risk analysis. 10
  • 11. Create New SRA: • Enter your name • Pick a place to save your SRA • Name your SRA • Review the Disclaimer • Begin your SRA 11
  • 12. Create New SRA: • Enter your name • Pick a place to save your SRA • Name your SRA • Review the Disclaimer • Begin your SRA 12
  • 13. Entering your Practice Info: • Practice Information » Track Asset Inventory » Track BAs » Track Documentation 13
  • 14. Asset Tracking: • Practice Information » Track Asset Inventory » Track BAs » Track Documentation 14
  • 15. Vendor/BAA Tracking: • Practice Information » Track Asset Inventory » Track BAs » Track Document ation 15
  • 16. Assessment: • Assessment Sections  Wizard-based Logic  Multiple Choice Question & Answer format  Dynamic Education content  Related Standard Language • Progress Indicators 16
  • 18. Rating Likelihood and Impact of Threats: • Likelihood & Impact Rating  Color coded rating system  Guided Risk Framework • Guidance within ToolTips 18
  • 19. Reviewing the Section Summary: • Section Summary » Areas of Success » Areas for Review » Score » Comments & Documents • Final SRA Summary » Dashboard » Detailed Report 19
  • 20. Understandin g your scores: • Section Summary » Areas of Success » Areas for Review » Score » Comments & Documents • Final SRA Summary » Dashboard » Detailed Report 20
  • 22. Final SRA Summary • Section Summary » Areas of Success » Areas for Review » Score » Comments & Documents • Final SRA Summary » Dashboard » Detailed Report 22
  • 23. Final SRA Summary • Summary Dashboard » Cumulative Risk score » Risk score by section » Total Areas for Review » Total # of Vulnerabilities 23
  • 24. Final SRA Summary • Detailed Report » Risk scores for each section » Audit Log » Comprehensiv e report of SRA results » Risk ratings for Threats & Vulnerabilities 24