Manas Deep, profile picture
Uploaded byManas Deep
PPTX, PDF613 views

Understanding HIPAA

This document discusses the importance of HIPAA compliance for information security. It begins with an introduction of the author and agenda. It then explains what HIPAA is, why it was implemented, and who are covered entities and business associates. The three pillars of HIPAA compliance are described as the Privacy Rule, Security Rule, and Breach Notification Rule. Covered entities are defined as healthcare organizations that store, process or transmit personal health information. Business associates provide services to covered entities and must also comply with HIPAA. The document outlines key aspects of each HIPAA component and requirements for breach notification. It emphasizes the critical need for organizations to understand and follow HIPAA regulations to protect private health information and reduce liability

Healthcare
Related topics:
Information Security

Embed presentation

Downloaded 19 times
Understanding HIPAA Impact and Importance in Information Security…. Manasdeep (manasdeeps@gmail.com)
#aboutme • Information Security Consultant • Interested in Compliance and Penetration Testing • Have a flair in writing for Information Security • Like to learn and demonstrate latest security attack vectors and technologies
Agenda • What is HIPAA? • Why HIPAA was needed? • Who are the covered entities (CE) and Business Associates (BA) ? • Three Pillars of HIPAA Compliance • Critical success factor for achieving HIPAA compliance • Actions to Reduce Liability & Risks • Q&A
Structure of HIPAA
HIPAA Components in Focus HIPAA is the Federal Health Insurance Portability and Accountability Act of 1996. Administered by the U.S. Department of Health and Human Services (HHS). Implementation and civil enforcement are overseen by the HHS Office for Civil Rights (OCR). HIPAA Privacy Rule, protects the privacy of individually identifiable health information; HIPAA Security Rule sets national standards for the security of electronic protected health information; HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information
Why HIPAA was needed? 1. Insurance companies denied coverage to employees that had a pre-existing condition, even if employees were previously covered by another employer. 2. No standardization for billing formats and codes used to file claims 3. No standardization for billing formats and codes used to file claims Basic information, such as patient name and treatment date, was formatted differently by each payer 4. Insurance coding was very complex, there were many errors Companies often rejected many claims and delayed payments to providers High cost for administration HL7, ICD-10
HIPAA Protects…… Individuals‘ personally identifiable health information.  Health conditions – diagnosis, test results  Demographic information – name, address, gender  Clinical data – vital signs, lab results, etc.  Treatments & procedures  Billing and payment information Protected health information (PHI) which is:  Transmitted by electronic media;  Maintained in electronic media; or  Transmitted or maintained in any other form or medium.
Pillars of HIPAA Privacy Rule  Notice of privacy practices  Rights over PHI  Access to PHI  Uses and disclosures  Accounting of disclosures Security Rule  Administrative  Physical  Technical Breach notification requirements for:  Covered Entities (CE) and  Business Associates (BA) Breach Notification Rule
Extent of HIPAA Applicabilty Covered Entities Any healthcare organization that stores, processes, or transmits personal health information Entity that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Business Associates Business associate services can be in : legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial. Covered Entities can be: Health Plan Health Care Provider Health Care Clearinghouse
Breach Notification What to do? • Risk Assessment of Breach • Notification to Individuals impacted by breach • within 60 days of discovery of a breach • It depends by State law, too Focus on: • Content of Notification • Notification to the media • Notification to the Secretary • Notification by a business associate • Law enforcement delay • Burden of Proof HHS – “Wall of Shame” https://ocrportal.hhs.gov/ocr/breach/breach_r eport.jsf
THANK YOU !! - Manasdeephttp://reflect-infosec.blogspot.in/ https://twitter.com/manasdeep https://in.linkedin.com/in/manasdeep

More Related Content

PPTX
Disaster management act.pptx
byMonishaReddy31
 
PPTX
INCIDENT RESPONSE SYSTEM (IRS)
byudit dixit
 
PPTX
Early warning System Disaster Management
byVraj Pandya
 
PPTX
Early warning systems
byRahul5110
 
PPT
Hippa
bycameonicole
 
PPT
Hitech Act
byDeborah Obasogie
 
PDF
Introduction to Digital Health (EN)
byAdriano Fontanari
 
PPTX
Privacy and confidentiality
byjohnzinn
 
Disaster management act.pptx
byMonishaReddy31
 
INCIDENT RESPONSE SYSTEM (IRS)
byudit dixit
 
Early warning System Disaster Management
byVraj Pandya
 
Early warning systems
byRahul5110
 
Hippa
bycameonicole
 
Hitech Act
byDeborah Obasogie
 
Introduction to Digital Health (EN)
byAdriano Fontanari
 
Privacy and confidentiality
byjohnzinn
 

What's hot

PPT
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
PPTX
Conflict of interest, Confidentiality, Informedconsent
byAman Ullah
 
PPTX
Information Security Governance and Strategy - 3
byDam Frank
 
PPTX
Disaster vulnerability, risk and capacity
byMd. Inzamul Haque
 
PDF
Keys To HIPAA Compliance
byCBIZ, Inc.
 
PDF
Chapter 3-hygo-framework
byMahendra Poudel
 
PPTX
The role of real world data and evidence in building a sustainable & efficien...
byOffice of Health Economics
 
PPT
HIPAA Privacy & Security
byNational Pharmacy Technician Association
 
PPTX
Use of data analytics in health care
byAkanshabhushan
 
PPTX
HIPAA
byAlanoud Alqoufi
 
PPTX
Informatics
byAamirlone47
 
PPTX
Logic observation identifiers names & codes
bymythilybme
 
PPS
Counter Disaster Planning, Response And Recovery
byFe Angela Verzosa
 
PPTX
Privacy & confedentiality
byHemang Patel
 
PPTX
Good Clinical Practice (GCP) .
byDr Anubhav Agrawal
 
PPTX
How to Comply with NIST 800-171
byCorserva
 
PPTX
Sendai framework 2015 2030
byMahendra Poudel
 
PPTX
Ems tool-implementation
byDr Madhu Aman Sharma
 
PPTX
Healthcare information technology
byDr.Vijay Talla
 
PPTX
Regulatory agencies
byUrmila Aswar
 
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
Conflict of interest, Confidentiality, Informedconsent
byAman Ullah
 
Information Security Governance and Strategy - 3
byDam Frank
 
Disaster vulnerability, risk and capacity
byMd. Inzamul Haque
 
Keys To HIPAA Compliance
byCBIZ, Inc.
 
Chapter 3-hygo-framework
byMahendra Poudel
 
The role of real world data and evidence in building a sustainable & efficien...
byOffice of Health Economics
 
HIPAA Privacy & Security
byNational Pharmacy Technician Association
 
Use of data analytics in health care
byAkanshabhushan
 
HIPAA
byAlanoud Alqoufi
 
Informatics
byAamirlone47
 
Logic observation identifiers names & codes
bymythilybme
 
Counter Disaster Planning, Response And Recovery
byFe Angela Verzosa
 
Privacy & confedentiality
byHemang Patel
 
Good Clinical Practice (GCP) .
byDr Anubhav Agrawal
 
How to Comply with NIST 800-171
byCorserva
 
Sendai framework 2015 2030
byMahendra Poudel
 
Ems tool-implementation
byDr Madhu Aman Sharma
 
Healthcare information technology
byDr.Vijay Talla
 
Regulatory agencies
byUrmila Aswar
 

Viewers also liked

PPTX
Hipaa risk analysis_1.4
bySISA Information Security Pvt.Ltd
 
PDF
New trends in Payments Security: NFC & Mobile
bySISA Information Security Pvt.Ltd
 
PDF
HIPAA HiTech Security Assessment
bydata brackets
 
PPT
Sujobinterview 090508185333 Phpapp01
byWlovelady
 
PPTX
Hipaa and him security brunelle
bysjbusnpa
 
PPTX
Skapa värden med kundmötet
byMartin Moström
 
PPT
SISA Collaboration without boundaries
bySitra / Hyvinvointi
 
PDF
Selling Data Security Technology
byFlaskdata.io
 
PPT
HIPAA security risk assessments
byJose Ivan Delgado, Ph.D.
 
PPTX
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
Hipaa risk analysis_1.4
bySISA Information Security Pvt.Ltd
 
New trends in Payments Security: NFC & Mobile
bySISA Information Security Pvt.Ltd
 
HIPAA HiTech Security Assessment
bydata brackets
 
Sujobinterview 090508185333 Phpapp01
byWlovelady
 
Hipaa and him security brunelle
bysjbusnpa
 
Skapa värden med kundmötet
byMartin Moström
 
SISA Collaboration without boundaries
bySitra / Hyvinvointi
 
Selling Data Security Technology
byFlaskdata.io
 
HIPAA security risk assessments
byJose Ivan Delgado, Ph.D.
 
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 

Similar to Understanding HIPAA

PPTX
What is HIPAA and How it is important to all
byNatashaDanielleHudso
 
PPTX
The Basics of HIPAA
byDamianKnowles1
 
PPTX
HITECH-Changes-to-HIPAA
byGurvinder Singh, CISSP, CISA, ITIL v3
 
PPTX
Presentation hippa
bymaggie_Platt
 
PPTX
Hitech changes-to-hipaa
bygeeksikh
 
PPTX
HIPAA Training - 2011
bydarichardson
 
PDF
Hipaa journal com - HIPAA compliance guide
byFelipe Prado
 
PPTX
Patient privacy 2.0 slides
byandibear
 
PPT
HNI U: HIPAA Essentials
byHNI Risk Services
 
PPT
Knowing confidentiality
byjessie66
 
PPTX
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
bysusmitaghosh93
 
PDF
Hipaa basics
byMichaelRodriguesdosS1
 
PDF
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
bySkoda Minotti
 
PDF
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
byEnvision Technology Advisors
 
PDF
A brief introduction to hipaa compliance
byPrince George
 
PPTX
HIPAA Complaince
byFarhatParveen10
 
PPTX
HIPAA presentation GAHU v7
byJason Karn
 
PPTX
2017 HIPAA Clinical Research Training
byCynthia Holland
 
PPTX
Hipaa overview 073118
byrobint2125
 
PPTX
Hipaa in the era of ehr mo dept hss
bylearfield
 
What is HIPAA and How it is important to all
byNatashaDanielleHudso
 
The Basics of HIPAA
byDamianKnowles1
 
HITECH-Changes-to-HIPAA
byGurvinder Singh, CISSP, CISA, ITIL v3
 
Presentation hippa
bymaggie_Platt
 
Hitech changes-to-hipaa
bygeeksikh
 
HIPAA Training - 2011
bydarichardson
 
Hipaa journal com - HIPAA compliance guide
byFelipe Prado
 
Patient privacy 2.0 slides
byandibear
 
HNI U: HIPAA Essentials
byHNI Risk Services
 
Knowing confidentiality
byjessie66
 
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
bysusmitaghosh93
 
Hipaa basics
byMichaelRodriguesdosS1
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
bySkoda Minotti
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
byEnvision Technology Advisors
 
A brief introduction to hipaa compliance
byPrince George
 
HIPAA Complaince
byFarhatParveen10
 
HIPAA presentation GAHU v7
byJason Karn
 
2017 HIPAA Clinical Research Training
byCynthia Holland
 
Hipaa overview 073118
byrobint2125
 
Hipaa in the era of ehr mo dept hss
bylearfield
 

Recently uploaded

PPTX
Anti hyperensive Colo +Med Chem _4490128.pptx
byPankajMaskare
 
PDF
Dr. Gerald Buchoff - Treating Cancer in Dogs
byDr. Gerald Buchoff
 
PPTX
Birth Order Psychology: How Family Position Shapes Personality, and Behavior.
byemotionoflifeindia
 
PPTX
pharmacognosy b pharm aktu unit 4.pptx
byniyayel413
 
PPTX
826869392-LOADING-PROTOCOLS-IN-IMPLANTS-ppt.pptx
byRitwikBiswas12
 
PPTX
The Renal System Pathology and it’s relation
byahmedyassen619
 
PPTX
Anand Mehrotra: Himalayan Wisdom and the Path of Sattva Yoga
bysattvayogaacademy94
 
PDF
Interstitial Lung Disease Stem Cell Therapy.pdf
byriyamehra482
 
PPTX
Acute Liver Failure causes, pathology, treatment
byRashmitaDahal
 
PDF
Palliative Care vs. Curative Care | VITAS Healthcare
byVITASAuthor
 
PPTX
Clinical approach, differential diagnosis and management of pain.Bedside inve...
bysubedar1555
 
PPTX
How We Achieved FDA 510(k) Clearance for a Male Latex Condom – Case Study.pptx
byI3CGLOBAL
 
PPTX
COUGH causes, types , pathophysiology and more
byahmedyassen619
 
PDF
STD Essentials Panel (Chlamydia, Gonorrhea & Syphilis).pdf
byFind My Lab Test
 
PDF
Vision & Dyslexia -Purpose of Evaluation
bytylriii07
 
PPTX
7 Ways A Digital Health Platform Improves Clinical Efficiency.pptx
byPersivia Inc
 
PDF
Evidence based Ayurveda and Clinical Decision support system - AyurCDS
byAyurCDS
 
PPTX
IMNCI F.pptx child heath nursing paediatrics
byPooja Rani
 
PPTX
Dental Imaging Software IEC 62304 Certification – Real Case Study & Approach....
byI3CGLOBAL
 
PDF
Medical Billing Services in Pennsylvania.pdf
byProviders Care Billing
 
Anti hyperensive Colo +Med Chem _4490128.pptx
byPankajMaskare
 
Dr. Gerald Buchoff - Treating Cancer in Dogs
byDr. Gerald Buchoff
 
Birth Order Psychology: How Family Position Shapes Personality, and Behavior.
byemotionoflifeindia
 
pharmacognosy b pharm aktu unit 4.pptx
byniyayel413
 
826869392-LOADING-PROTOCOLS-IN-IMPLANTS-ppt.pptx
byRitwikBiswas12
 
The Renal System Pathology and it’s relation
byahmedyassen619
 
Anand Mehrotra: Himalayan Wisdom and the Path of Sattva Yoga
bysattvayogaacademy94
 
Interstitial Lung Disease Stem Cell Therapy.pdf
byriyamehra482
 
Acute Liver Failure causes, pathology, treatment
byRashmitaDahal
 
Palliative Care vs. Curative Care | VITAS Healthcare
byVITASAuthor
 
Clinical approach, differential diagnosis and management of pain.Bedside inve...
bysubedar1555
 
How We Achieved FDA 510(k) Clearance for a Male Latex Condom – Case Study.pptx
byI3CGLOBAL
 
COUGH causes, types , pathophysiology and more
byahmedyassen619
 
STD Essentials Panel (Chlamydia, Gonorrhea & Syphilis).pdf
byFind My Lab Test
 
Vision & Dyslexia -Purpose of Evaluation
bytylriii07
 
7 Ways A Digital Health Platform Improves Clinical Efficiency.pptx
byPersivia Inc
 
Evidence based Ayurveda and Clinical Decision support system - AyurCDS
byAyurCDS
 
IMNCI F.pptx child heath nursing paediatrics
byPooja Rani
 
Dental Imaging Software IEC 62304 Certification – Real Case Study & Approach....
byI3CGLOBAL
 
Medical Billing Services in Pennsylvania.pdf
byProviders Care Billing
 

Understanding HIPAA

  • 1.
    Understanding HIPAA Impact and Importancein Information Security…. Manasdeep (manasdeeps@gmail.com)
  • 2.
    #aboutme • Information SecurityConsultant • Interested in Compliance and Penetration Testing • Have a flair in writing for Information Security • Like to learn and demonstrate latest security attack vectors and technologies
  • 3.
    Agenda • What isHIPAA? • Why HIPAA was needed? • Who are the covered entities (CE) and Business Associates (BA) ? • Three Pillars of HIPAA Compliance • Critical success factor for achieving HIPAA compliance • Actions to Reduce Liability & Risks • Q&A
  • 4.
  • 5.
    HIPAA Components inFocus HIPAA is the Federal Health Insurance Portability and Accountability Act of 1996. Administered by the U.S. Department of Health and Human Services (HHS). Implementation and civil enforcement are overseen by the HHS Office for Civil Rights (OCR). HIPAA Privacy Rule, protects the privacy of individually identifiable health information; HIPAA Security Rule sets national standards for the security of electronic protected health information; HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information
  • 6.
    Why HIPAA wasneeded? 1. Insurance companies denied coverage to employees that had a pre-existing condition, even if employees were previously covered by another employer. 2. No standardization for billing formats and codes used to file claims 3. No standardization for billing formats and codes used to file claims Basic information, such as patient name and treatment date, was formatted differently by each payer 4. Insurance coding was very complex, there were many errors Companies often rejected many claims and delayed payments to providers High cost for administration HL7, ICD-10
  • 7.
    HIPAA Protects…… Individuals‘ personallyidentifiable health information.  Health conditions – diagnosis, test results  Demographic information – name, address, gender  Clinical data – vital signs, lab results, etc.  Treatments & procedures  Billing and payment information Protected health information (PHI) which is:  Transmitted by electronic media;  Maintained in electronic media; or  Transmitted or maintained in any other form or medium.
  • 8.
    Pillars of HIPAA PrivacyRule  Notice of privacy practices  Rights over PHI  Access to PHI  Uses and disclosures  Accounting of disclosures Security Rule  Administrative  Physical  Technical Breach notification requirements for:  Covered Entities (CE) and  Business Associates (BA) Breach Notification Rule
  • 9.
    Extent of HIPAAApplicabilty Covered Entities Any healthcare organization that stores, processes, or transmits personal health information Entity that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity. Business Associates Business associate services can be in : legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial. Covered Entities can be: Health Plan Health Care Provider Health Care Clearinghouse
  • 10.
    Breach Notification What todo? • Risk Assessment of Breach • Notification to Individuals impacted by breach • within 60 days of discovery of a breach • It depends by State law, too Focus on: • Content of Notification • Notification to the media • Notification to the Secretary • Notification by a business associate • Law enforcement delay • Burden of Proof HHS – “Wall of Shame” https://ocrportal.hhs.gov/ocr/breach/breach_r eport.jsf
  • 11.
    THANK YOU !! -Manasdeephttp://reflect-infosec.blogspot.in/ https://twitter.com/manasdeep https://in.linkedin.com/in/manasdeep