HIPAA Security Assessment ToolKit™ Introduction and Overview Bob Chaput 615-656-4299 or 800-704-3394 [email protected] HITECH Security Advisors, LLC 1
HIPAA Security Assessment ToolKit™ Introduction and Overview
Bob Chaput615-656-4299 or [email protected] Security Advisors, LLC
1
Disclaimers1. We are not attorneys! Consult with your own legal
counsel or advisors.2. Information about and around HIPAA and HITECH
continues to evolve. 3. HIPAA and HITECH rules and regulations are subject to
lots of different interpretations. 4. Every effort has been made to insure that the
information presented is correct, but we can cannot offer such assurances.
5. You should not rely on this information for legal purposes, but simply use it as a tool to raise your awareness.
Why You Should Care!
1. “Ensuring adequate privacy and security protections for personal health information” is a key part of Meaningful Use
2. HITECH Act has raised the ante for HIPAA Security compliance significantly
3. Compliance is the smart thing to do for your business and the right thing to do for your patients or your customers’ patients
4. It’s the law!
3
Meaningful Use Stage 1 Policy Goals
It’s about health outcomes improvement in the US…
1. Improving quality, safety, efficiency, and reducing health disparities.
2. Engaging patients and families in their healthcare
3. Improving care coordination
4. Improving population and public health
5. Ensuring adequate privacy and security protections for personal health information
4
The HITECH Act – Major Changes From a Privacy and Security perspective, here are five absolute “game changers” under HITECH:
1) Mandatory audits (Subtitle D, Part 1, Section 13411)
2) HHS non-compliance fines return to HHS’ coffers and within a few years (by law) individuals will participate in sharing the proceeds
3) State AGs can now bring civil actions on behalf of their citizens
4) Business Associates are now statutorily obligated5) Data Breach Notification requirements
5
Meet the HHS Data Breach ‘Wall of Shame’
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html
6
HIPAA Security-HITECH Compliance Roadmap
HIPAA Security
Assessment(HSA)
Preliminary Remediation
Plan(PRP)
HIPAA Risk
Analysis(HRA)
HIPAASecurity Training(HST)
HIPAA SecurityPolicies(HSP)
HIPAA Compliance
Manual(HCM)
HIPAA Security
Evaluation(HSE)
HIPAARemediation
Plan(HRP)
HIPAASecurity Strategy
(HSS)
7
HIPAA Security is
NOT a “techie” project
… A journey, not a
destination !
Focus of HSA ToolKit™
Purpose of the HSA ToolKit™
1. Jump Start Your HIPAA Security Compliance Program
2. Establish A Progress / Benchmark Monitor
3. Quickly Identify “Low Hanging” Remediation Items
4. Develop a Solid Foundation for HIPAA Risk Analysis
5. Build Deep Understanding At The Onset
6. Get out in front of Meaningful Use requirements on ePHI security
8
Contents of the HSA ToolKit™1. HIPAA Security Assessment ToolKit™ Contents
document2. How to Use the HIPAA Security Assessment ToolKit™ 3. Comprehensive HIPAA Security Assessment (HSA)
Excel Tool™, including Instructions, Glossary of Terms, included with HSA Excel Tool, Policies Checklist, Resources & References
4. HIPAA Security – HITECH Compliance Roadmap™5. Preliminary Remediation Plan Candidate Items template6. Data Mountain HIPAA-HITECH Security Rule FAQ 7. Iron Mountain HIPAA Primer – What You Should Know
About the New Regulations 8. 2009 CMS' HIPAA Compliance Review Analysis And
Summary of Results9. Office of Civil Rights (OCR) HIPAA Security Standards:
Guidance on Risk Analysis10. Centers for Medicare & Medicaid Services (CMS)
Security Standards: Implementation for the Small Provider
11. Complete copy of HIPAA Security Final Rule (45 CFR Parts 160, 162, and 164)
9
Heart of the HSA ToolKit™
Features and Benefits of the HSA ToolKit™
11
HSA ToolKit™ Features HSA ToolKit™ Benefits
Low Price and High Value• Low Risk • Easily derived immediate remediation steps • Fast Track to HIPAA Security Rule Compliance • Comprehensive tool and resources
Short Duration• Low Impact on Client Staff and Operations • Fast, Immediate Results • Proven Quality
Development Team • Developed by Senior, Experienced Professionals • Health Care Expertise • HIPAA – HITECH Focused
Sound Methodology
• Comprehensive, Complete Data Gathering • Based on Proven Best Practices • High-Quality, Credible Outcomes • Process View, No-Fault Appraisal • Baseline for Compliance Program
Bob Chaput
www.HIPAASecurityAssessment.com
Connect: www.linkedin.com/in/bobchaput
Follow me: Twitter.com/bobchaput
HITECH Security Advisors, LLC
12
Contact