4/26/2016 1 Healthicity HIPAA Manager Presented by Paul R. Hales, J.D. HIPAA Privacy and Security Breaches 10 Things To Know HEALTHCON 2016 Orlando April 11, 2016 Healthicity HIPAA Manager April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 2 Healthicity HIPAA Manager April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 3 Lost medical records complicate Joplin hospital's tornado recovery
16
Embed
HEALTHCON 2016 HIPAA Privacy and Security Breaches 10 ... · which compromises the security or privacy of the protected health information. April 11, 2016 HIPAA Breaches –10 Things
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
4/26/2016
1
Healthicity HIPAA Manager
Presented by
Paul R. Hales, J.D.
HIPAA
Privacy and Security Breaches
10 Things To Know
HEALTHCON 2016
Orlando
April 11, 2016
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 2
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 3
Lost medical records complicate Joplin hospital's tornado recovery
4/26/2016
2
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 4
1. What is a Breach?
2. Locations and Types of PHI – Major Breaches
3. Penalties
4. Breach Prevention
5. Vital Importance of Risk Analysis
6. Cyber Crime – Intentional Human Threats
7. Unintentional Human Threats
8. Contingency Planning
9. Workforce Training
10. HIPAA Compliance Program
Healthicity HIPAA Manager
1. What is a Breach?
45 CFR §164.402
Breach means
the acquisition, access, use, or disclosure
of protected health information
in a manner not permitted by the Privacy Rule
which compromises the security or privacy of the protected health information.
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 5
Healthicity HIPAA Manager
1. What is a Breach?
compromises the security or privacy of the protected health information ?
Breach is presumed unless
low probability protected health information has been compromised
based on a risk assessment of four factors
?April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 6
4/26/2016
3
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 7
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 8
Healthicity HIPAA Manager
2. Locations and Types of PHI – Major Breaches
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 9
4/26/2016
4
BREACH HIGHLIGHTS
OCR NIST 2015 10
September 2009 through August 28, 2015
• Approximately 1,310 reports involving a breach of PHI
affecting 500 or more individuals
–Theft and Loss are 57% of large breaches
–Laptops and other portable storage devices account for
30% of large breaches
–Paper records are 22% of large breaches
• Approximately 179,000+ reports of breaches of PHIaffecting fewer than 500 individuals
500+ Breaches by Location
as of 8/28/2015
Paper Records
22%
OCR NIST 2015 11
Desktop Computer
12%
Laptop
20%
Portable Electronic
Device10%
Network Server
13%
Email
8%
EMR
4%
Other
11%
500+ Breaches by Type of Breach
as of 8/28/2015
Theft
48%
OCR NIST 2015 12
Loss
9%
Unauthorized
Access/Disclosure
21%
Hacking/IT
10%
Improper Disposal
4%
Other
8%
Unknown
1%
4/26/2016
5
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 13
78,800,000 Individuals
Breach Portal
“Wall of Shame”
March 13, 2015
Healthicity HIPAA Manager
3. Penalties
Civil
Criminal
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 14
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 15
4/26/2016
6
Healthicity HIPAA Manager
4. Breach Prevention
Lessons Learned
HHS/OCR Enforcement Activities
HHS/OCR Resolution AgreementsHHS/OCR Guidance
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 16
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 17
Vital Importance of Risk Analysis
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 18
Vital Importance of Risk AnalysisHHS HIPAA Pilot Audits – 2012 80% of Audited Providers Failed to Do A Risk Analysis
We found deficiencies among a wide variety of
entities in risk analysis – one of themost fundamental privacy and security elements
conduct a thorough and complete risk analysis
take action based on the findings of that risk analysis
4/26/2016
7
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 19
Vital Importance of Risk Analysis
Why have so many failedto do a Risk Analysis?
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 20
Vital Importance of Risk Analysis
Healthicity HIPAA Manager
April 11, 2016 HIPAA Breaches – 10 Things To Know presented by Paul R. Hales, J.D. 21
Vital Importance of Risk AnalysisWe note that some of the content contained in this
guidance is based on recommendations of the National
Institute of Standards and Technology (NIST). NIST, a
federal agency, publishes freely available material in
the public domain, including guidelines.4
4 The 800 Series of Special Publications (SP) are available on the