From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits

Size: px
Start display at page:

Download "From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits"

Transcription

1 View the Replay From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits June 16, 2016 Executive Series Webinar

2 Today s Speakers Carla Wagner, HCISPP Privacy Officer Beacon Health System Trish A. Markus, Esq. Attorney Nelson Mullins Riley & Scarborough LLP Chuck Burbank Director of Managed Privacy Services & CISO FairWarning, Inc.

3 Agenda Beacon Health System - Organizational and Operational Shifts - Privacy and Compliance Challenges - Reactive to Proactive - OCR Audit Pre-screening Questionnaire Latest Information on OCR Phase 2 HIPAA Audits Areas of Focus for Phase 2 Audits How to Prepare for Phase 2 HIPAA Audits Fill the Gaps FairWarning Phase 2 Audit Protocol Mapping

4 Beacon Health System Trust. Respect. Integrity. Compassion. Operating facilities in Elkhart, St. Joseph, and La Porte counties in Indiana Employs 7,000+ associates and volunteers Maintains 1,000+ hospital beds and is staffed by nearly 1,000 physicians Beacon also has over 50 medical practices, compromised of 230+ caregivers Research and education oriented Beacon health System guides clinical research trials for various illness and trains medical residents in family medicine and hospital pharmacy Recently announced plans for a $4.5 million 13,500 square ft. expansion of one of their facilities

5 Organizational and Operational Shifts Consolidation of policies and procedures across 5 entities Reduction of Electronic Health Information Systems Considering seeking HITRUST Certification to meet payee requests

6 Privacy and Compliance Challenges A one person privacy office Privacy Officer and Director of Corporate Compliance divided into two distinct positions Privacy incorporated into Information Systems reporting to the CIO Corporate Compliance as its own department

7 Reactive to Proactive One associate inappropriate accesses and we could have caught it sooner Adjusting access capabilities to better suit associates roles Monitoring for accesses even after termination Keeping an eye on abnormalities Creating a central repository for privacy and security investigations and governance activities Actively monitoring audit and compliance dashboards of privacy activities

8 OCR Audit Pre-screening Questionnaire The contact verification letter came first Basic organizational information - What type of organization we are - Affiliations Questions pertaining to healthcare providers, such as: - Size - How many beds - Revenue - Clinicians on staff What else we are doing to prepare for audit selection View the audit pre-screening questionnaire, here.

9 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED.

10 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. OCR Phase 2 HIPAA Audits In August 2015, HHS signed $769K contract with FCi Federal, effective through December 2016 Up to 1,200 survey letters have been issued to covered entities in Spring 2016 From this pool, business associates to be identified for audits Failure to respond to letter does not prevent entity from being audited and may lead to compliance review

11 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. OCR Phase 2 HIPAA Audits About 300 entities will be chosen for audits, many of them smaller entities Entities currently undergoing OCR complaint investigation or compliance review will not be audited Mostly desk audits; limited number of onsite audits Desk audits to begin in late summer 2016, starting with covered entities and then moving to business associates A few onsite audits in 2017 Some overlap of audited entities is possible Onsite audits will review broader scope of HIPAA rules

12 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. OCR Phase 2 HIPAA Audits Auditees to be notified of subject(s) of their audit in document request letter Entities will have 10 business days to submit information responding to audit, and another 10 business days to respond to auditor s draft findings Have documentation in electronic form (pdf, MS Word, or Excel) to upload to OCR portal Send only documents requested, as auditors will not review compendiums for specific policies requested If no documentation is available, say so

13 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. OCR Phase 2 HIPAA Audits Timely response to requests with current documents is key OCR says audits are primarily a compliance improvement activity It intends to use audit findings to develop targeted technical assistance and tools to prevent breaches However, if audit reveals serious compliance issues, OCR may initiate compliance review

14 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. Areas of Focus for Phase 2 Audits Areas of focus, as identified in late 2015: Breach notification compliance Patients access to ephi Individual rights under HIPAA

15 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. Areas of Focus for Phase 2 Audits Business Associates Possible Focus Areas Risk analysis and risk management Breach reporting to covered entities Covered Entities Possible Focus Areas Notice of privacy practices, individual access, timeliness of breach notifications Risk analysis and risk management Training on policies and procedures Device and media controls Transmission security Cybersecurity

16 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. Possible Areas of Focus for Later Audits Possible Future Focus Areas for Covered Entities Encryption and decryption Facility access controls Breach notification reports and complaints HIPAA policies

17 How Not to Prepare for Phase 2 Audits 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED.

18 How to Prepare for Phase 2 Audits 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED.

19 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. How to Prepare for Phase 2 Audits Have a Current Documented Risk Analysis Includes having a risk management plan identifying deficiencies and ranking them in order of priority, along with timeline for completion Document corrective actions taken Maintain and Follow Comprehensive Written Policies Address privacy, security, and breach notification requirements Make sure they ve been updated since HITECH Act

20 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. How to Prepare for Phase 2 Audits Know Your Business Associates Maintain list of current business associates Ensure that you have updated (post-hitech) BA Agreements signed with all of them Maintain a HIPAA Compliance File Include policies and procedures, evidence of training, risk analysis reports, risk management plans, evidence of monitoring e-phi, information about potential breaches and resolutions of same

21 2016 Nelson Mullins Riley & Scarborough LLP. ALL RIGHTS RESERVED. How to Prepare for Phase 2 Audits Training Have and follow policies on training all workforce members on all HIPAA policies Update training to focus on information security matters, including protection of information on mobile devices, remote access, and social engineering resistance Review OCR s Resources Resolution Agreements showing prior enforcement, Phase 2 Audit Protocol Note: Audit Protocol digs very deeply; suggests review of policies and procedures which many entities are unlikely to have

22 Fill the Gaps Identify security gaps through Risk Analysis 45 C.F.R (a)(1)(ii)(A) Manage the Identified Risks: 45 C.F.R (a)(1)(ii)(B) - Criticality of the gap - Risk Control Area - Recommendations - Plan of Action - Responsible Parties - Target Resolution Date

23 FairWarning Phase 2 HIPAA Audit Protocol Mapping Patient Privacy Monitoring Investigations Management Governance Reporting Identity Intelligence Cloud Application Monitoring Real-Time Threat Response Download this document at

24 The next generation of Patient Privacy Monitoring Servicing 350 enterprise customers Auditing over 325 Billion rows of data Compatible with 350+ applications Monitoring 7,500+ medical facilities worldwide Safeguarding 1,700 hospitals Meets 45 C.F.R (b) for implementation of audit mechanisms.

25 Questions? For more information, please visit: Contact Trish Markus directly:

Preparing for an OCR Audit: What is Expected of You

Preparing for an OCR Audit: What is Expected of You Preparing for an OCR Audit: What is Expected of You Speakers Chuck Burbank CISO and Director of Managed Privacy Services FairWarning Robert Mireles, CIPM Sr. Healthcare Privacy Specialist for Managed Privacy

More information

They re Back! Phase 2 OCR Audits Are Underway

They re Back! Phase 2 OCR Audits Are Underway They re Back! Phase 2 OCR Audits Are Underway Adam Greene, JD, MPH Partner, Davis Wright Tremaine LLP How You Get to Meet OCR 1. Complaint 2. Compliance Review 3. Breach Report 4. Audit 2 Background on

More information

Text. What the Heck is a HIPAA AUDIT? Presented by Sue Miller

Text. What the Heck is a HIPAA AUDIT? Presented by Sue Miller Text What the Heck is a HIPAA AUDIT? Presented by Sue Miller What to do before you are Audited? What to do after you are Audited? AGENDA Types of Enforcement Review 2016 OCR HIPAA Audits, Phase 2 Effective

More information

Update on Audits of Entity Compliance with the HIPAA Rules

Update on Audits of Entity Compliance with the HIPAA Rules Update on Audits of Entity Compliance with the HIPAA Rules Linda Sanches Office for Civil Rights (OCR) U.S. Department of Health and Human Services September, 2017 Presentation Topics Purpose Phase 2 Audit

More information

Navigating the New Health Economy

Navigating the New Health Economy Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA

More information

OCR Audits: 2012 Results Overview

OCR Audits: 2012 Results Overview April 4 th, 2013 OCR Audits: 2012 Results Overview Presented by: Mac McMillan FHIMSS, CISM Name of Presentation CEO, CynergisTek www.cynergistek.com Advancing the Standard of Care Through Healthcare IT

More information

View the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc.

View the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update November 17 th, 2011 View the Recording Learning objectives Enforcement update and lessons learned from past HIPAA audits Accounting

More information

You Might Have a HIPAA Breach. Now What?

You Might Have a HIPAA Breach. Now What? You Might Have a HIPAA Breach. Now What? Ann M. Curran O Connor & Thomas, PC Phuong D. Nguyen Compliance Manager HealthTexas Provider Network Introductions Phuong D. Nguyen Compliance Manager, HealthTexas

More information

You Might Have a HIPAA Breach. Now What?

You Might Have a HIPAA Breach. Now What? You Might Have a HIPAA Breach. Now What? Ann M. Curran O Connor & Thomas, PC Phuong D. Nguyen Compliance Manager HealthTexas Provider Network Introductions Phuong D. Nguyen Compliance Manager, HealthTexas

More information

2012 HIPAA Privacy and Security OCR Audits

2012 HIPAA Privacy and Security OCR Audits 2012 HIPAA Privacy and Security OCR Audits Mark M. Johnson National HIPAA Security Director Overview of HIPAA Compliance High Interest Areas 1 Program Objectives The objectives for the audit program are

More information

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management Leveraging Internal Audit and Corporate Compliance for Effective Risk Management April 18, 2016 Don Sinko Chief Integrity Officer Cleveland Clinic Agenda Cleveland Clinic Integrity Office Model The 3 Lines

More information

Welcome to today s Live Event we will begin shortly. Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance

Welcome to today s Live Event we will begin shortly. Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance Welcome to today s Live Event we will begin shortly Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance 1 Welcome to How to Develop Your HIPAA Security Policies

More information

HIPAA Compliance. Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant!

HIPAA Compliance. Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant! 1 HIPAA compliance Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant! HITECH/EHR incentive requires: Stage 1. Risk Assessment for Meaningful Use

More information

Managing the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016

Managing the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016 Managing the Business Associate Relationship: From Onboarding to Breaches March 27, 2016 HCCA s 21 st Annual Compliance Institute National Harbor, MD Today s Agenda Onboarding: Health care providers and

More information

Big Data, Security and Privacy: The EHR Vendor View

Big Data, Security and Privacy: The EHR Vendor View Taking a step towards Big Data, Security and Privacy: proactive health + care The EHR Vendor View Bob Harmon, MD Physician Executive, Cerner Corporation Presented to Preventive Medicine 2016 Washington,

More information

Clearwater and Encompass Case Study Creating an OCR-Quality Risk Management Plan

Clearwater and Encompass Case Study Creating an OCR-Quality Risk Management Plan Clearwater and Encompass Case Study Creating an OCR-Quality Risk Management Plan Shane Eaker Director, Information Security Encompass Health Rich Curtiss Managing Consultant Clearwater June 12, 2018 About

More information

ADDING VALUE BY AUDITING HEALTH INFORMATION IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA

ADDING VALUE BY AUDITING HEALTH INFORMATION IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA 1 ADDING VALUE BY AUDITING HEALTH INFORMATION EXCHANGE IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA PROTIVITI AHIA 31 st Annual Conference August 26-29, 2012 Philadelphia PA www.ahia.org Speakers Alex Robison

More information

Privacy Officer s Guide to Evaluating Cloud Vendors

Privacy Officer s Guide to Evaluating Cloud Vendors Privacy Officer s Guide to Evaluating Cloud Vendors Andrew Rodriguez, MSHI, HCISSP, CHPC, CHPS, CDP Corporate Privacy and Information Security Officer Shriners Hospitals for Children Adjunct Instructor

More information

THE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM

THE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM WHITEPAPER THE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM ANDREW HICKS MBA, CISA, CCM, CRISC, HCISSP, HITRUST CSF PRACTITIONER PRINCIPAL, HEALTHCARE AND LIFE SCIENCES TABLE OF CONTENTS

More information

Unified SaaS Solution for Cybersecurity and Risk. Curran Data Technologies

Unified SaaS Solution for Cybersecurity and Risk. Curran Data Technologies Unified SaaS Solution for Cybersecurity and Risk Curran Data Technologies 317-974-1009 www.currandata.com Solution Discover the effective simplicity of a unified RSC solution Discover Solution Diagnose

More information

Effects of GDPR and NY DFS on your Third Party Risk Management Program

Effects of GDPR and NY DFS on your Third Party Risk Management Program Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders

More information

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS :

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS : THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve

More information

Walter E. Johnson Director of Compliance & Ethics Kforce Government Solutions

Walter E. Johnson Director of Compliance & Ethics Kforce Government Solutions GAMING THE SYSTEM! 2016 HCCA Compliance Institute Walter E. Johnson Cindy Hart Adam Weinstein Dawn Lambert Panelists Walter E. Johnson Director of Compliance & Ethics Kforce Government Solutions Email:

More information

Healthcare Cybersecurity Transformation for your Organization: Looking to the Future Session #CS5, February 19, 2017 Mitchell Parker, Executive

Healthcare Cybersecurity Transformation for your Organization: Looking to the Future Session #CS5, February 19, 2017 Mitchell Parker, Executive Healthcare Cybersecurity Transformation for your Organization: Looking to the Future Session #CS5, February 19, 2017 Mitchell Parker, Executive Director, Information Security & Compliance, Indiana University

More information

HIPAA Demystified: Strategies to Bullet Proof Your Compliance Plan. Chris Apgar, CISSP Ron Moser, CISA, CRISC

HIPAA Demystified: Strategies to Bullet Proof Your Compliance Plan. Chris Apgar, CISSP Ron Moser, CISA, CRISC HIPAA Demystified: Strategies to Bullet Proof Your Compliance Plan Chris Apgar, CISSP Ron Moser, CISA, CRISC Overview The Culture of Compliance First Steps What are the risks? Making a plan Whatever You

More information

Interoperability & Secure, Compliant Communications in Healthcare

Interoperability & Secure, Compliant Communications in Healthcare Interoperability & Secure, Compliant Communications in Healthcare What s Inside 2 Repea t Offenders 3 HIP AA Compliance Issues 4 Business Associat e Agreement 6 Risks For Non- ompliance? 7 Abou 9 2 Risk

More information

Top 5 Must Do IT Audits

Top 5 Must Do IT Audits Top 5 Must Do IT Audits Mike Fabrizius, Sharp HealthCare, VP, Internal Audit DJ Wilkins, KPMG, Partner, IT Advisory 2011 AHIA Annual Conference www.ahia.org Background on Sharp HealthCare Sharp s Co-sourcing

More information

2017 Healthcare Compliance Benchmark Study

2017 Healthcare Compliance Benchmark Study 2017 Healthcare Compliance Benchmark Study Executive Summary and Results EXECUTIVE SUMMARY This report represents SAI Global s eighth annual survey gathering insights from compliance professionals in the

More information

table of contents INTRODUCTION...3 CHAPTER 1: WHAT IS HITRUST?...4 CHAPTER 2: THE BENEFITS OF USING HITRUST...6

table of contents INTRODUCTION...3 CHAPTER 1: WHAT IS HITRUST?...4 CHAPTER 2: THE BENEFITS OF USING HITRUST...6 HITRUST guide table of contents INTRODUCTION...3 CHAPTER 1: WHAT IS HITRUST?...4 CHAPTER 2: THE BENEFITS OF USING HITRUST...6 CHAPTER 3: THE CHALLENGES OF DEPLOYING THE HI- TRUST CSF...10 CHAPTER 4: THE

More information

On the Alert: Incident Response Plan for Healthcare 111/13/2017

On the Alert: Incident Response Plan for Healthcare 111/13/2017 On the Alert: Incident Response Plan for Healthcare 111/13/2017 Presenter Introductions Nadia Fahim-Koster Managing Director, IT Risk Management Meditology Services Kevin Henry Senior Associate, IT Risk

More information

Privacy Assessment: Beginning the Process

Privacy Assessment: Beginning the Process Privacy Assessment: Beginning the Process Debbie Troklus, Manager (502) 585-7723 debbie.troklus@us.pwcglobal.com Chuck Self ΠωΧ HIPAA Privacy Provisions IIHI vs. PHI Uses and Disclosures Minimum Necessary

More information

Capability Statement

Capability Statement Simple. Automated. Affordable. Capability Statement 14 February 2013 Contact: Steven Marco 801-770-1199 Office smarco@hipaaone.com Contents COMPANY BACKGROUND... 3 HEALTHCARE COMPLIANCE CAPABILITIES...

More information

Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES

Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services 1 OBJECTIVES What should be done before you sign a contract with a vendor Your responsibilities throughout the

More information

How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment

How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment Caroline Hamilton caroline.r.hamilton@gmail.com Risk & Security LLC As channeled by Dr. HIPAA Meaningful Use was the Hottest

More information

W207: How should you leverage internal audit? October 26, 2016

W207: How should you leverage internal audit? October 26, 2016 W207: How should you leverage internal audit? October 26, 2016 Agenda Internal Audit Framework 3 Lines of Defense Value Enhancement Work Internal Audit vs. Compliance Areas of Focus Key takeaways 2 What

More information

HIPAA Compliance and Mistakes:

HIPAA Compliance and Mistakes: HIPAA Compliance and Mistakes: Let s just say what everyone is thinking: Trying to be compliant with the Health Insurance Portability and Accountability Act (HIPAA) is tough! At HIPAAgps, we get that.

More information

Privacy and Information Security Sanction Policy

Privacy and Information Security Sanction Policy Effective Date: November 2018 Policy Statement Privacy and Information Security Sanction Policy All workforce members, including faculty, staff, and students, are expected to comply with the organization

More information

The Relationship Between HIPAA Compliance and Business Associates

The Relationship Between HIPAA Compliance and Business Associates The Relationship Between HIPAA Compliance and Business Associates 2007-2016 1 What is HIPAA? HIPAA / HITECH Protect patient confidentiality while furthering innovation and patient care Omnibus (September

More information

HIPAA and Electronic Information

HIPAA and Electronic Information HIPAA and Electronic Information Are you still acting like it s a paper world? Rebecca Wahler, MS, CHPC, CHC Compliance & Privacy Officer, NMHIC, LCF Research, Albuquerque, NM Overall Goal Develop basic

More information

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute

More information

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute

More information

HITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance

HITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance February 2017 Contents Background and Challenges.... 3 Improving Risk Management While Reducing Cost and Complexity...

More information

North Shore LIJ Health System, Inc.

North Shore LIJ Health System, Inc. North Shore LIJ Health System, Inc. POLICY TITLE: Information System Review and Audit Controls Policy POLICY #: 900.27 System Approval Date: 1/15/2015 ADMINISTRATIVE POLICY AND PROCEDURE MANUAL CATEGORY:

More information

Quality Insights Quality Innovation Network Security Risk Assessments: Meaningful Use and HIPAA Perspectives Webinar August 26, 2015

Quality Insights Quality Innovation Network Security Risk Assessments: Meaningful Use and HIPAA Perspectives Webinar August 26, 2015 Quality Insights Quality Innovation Network Security Risk Assessments: Meaningful Use and HIPAA Perspectives Webinar August 26, 2015 On behalf of the Quality Insights Innovation Team, I welcome you to

More information

Meaningful Use Audit Process: Focus on Outcomes and Security

Meaningful Use Audit Process: Focus on Outcomes and Security Meaningful Use Audit Process: Focus on Outcomes and Security Phyllis A. Patrick, MBA, FACHE, CHC The 22nd National HIPAA Summit February 6, 2014 Phyllis A. Patrick & Associates LLC Topics Meaningful Use

More information

SRISESHAA IN HEALTHCARE

SRISESHAA IN HEALTHCARE SRISESHAA IN HEALTHCARE www.sriseshaa.com www.mobilizeurapps.com www.seshdocmeet.com www.seshcliniq.com SRISESHAA IN HEALTHCARE Interface Mobility Collaboration SriSeshaa in Healthcare TECHNICAL IMPLEMENTATION

More information

a physicians guide to security risk assessment

a physicians guide to security risk assessment PAGE//1 a physicians guide to security risk assessment isalus healthcare isalus healthcare a physicians guide to security risk assessment table of contents INTRO 1 DO I NEED TO OUTSOURCE MY SECURITY RISK

More information

Auditing Community of Practice (CoP) Medicaid Electronic Health Record (EHR) Incentive Program

Auditing Community of Practice (CoP) Medicaid Electronic Health Record (EHR) Incentive Program This is an advanced copy of the Auditing presentation for your review only. This presentation is subject to change and should not be reproduced. The final version of the presentation will be posted to

More information

Webinar Series Physician Relations. Referral Development. Advancing the Physician Relations Program Structure

Webinar Series Physician Relations. Referral Development. Advancing the Physician Relations Program Structure Webinar Series 2017 Physician Relations Referral Development Advancing the Physician Relations Program Structure Webinar Series 2017 Physician Relations Today s Agenda You will Learn: What are the right

More information

Managing Legal and Operational Risk in IT Agreements

Managing Legal and Operational Risk in IT Agreements Managing Legal and Operational Risk in IT Agreements Presented by: Donna Pond, Senior Director, Lead Counsel, Shire Pharmaceuticals Evan J. Foster, Partner, Saul Ewing LLP Agenda: Special issues in: Conventional

More information

HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance

HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance www.hcltech.com HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance How can HCL help with your HITRUST initiatives? Why is HITRUST important? Healthcare faces a wide variety of data privacy

More information

Achieving Business Resilience in HEALTHCARE

Achieving Business Resilience in HEALTHCARE Case Study: Cerner 888.316.6747 resolver.com Achieving Business Resilience in HEALTHCARE With its software and IT services licensed to over 18,000+ healthcare facilities in the US, Cerner is the leading

More information

Do I Have to Attest? What Actions Are Required?

Do I Have to Attest? What Actions Are Required? The Merit-based Incentive Payment System (MIPS) Promoting Interoperability Prevention of Information Blocking Attestation: Making Sure EHR Information is Shared 2018 Performance Year To prevent actions

More information

Company Name and Corporate Structure (LLC, B-Corp, C-Corp, etc.): Company Category: Company Size and Stage of Development:

Company Name and Corporate Structure (LLC, B-Corp, C-Corp, etc.): Company Category: Company Size and Stage of Development: Vendor Information Intake Form BUSINESS INFORMATION Company Name and Corporate Structure (LLC, B-Corp, C-Corp, etc.): Company Category: q Population Health q Clinical Decision Support q Medical Device

More information

LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY

LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork 2 February 20, 2018 2018 HITRUST Alliance

More information

Does your organization have a designated Compliance Officer? a. Yes b. No c. Don't know

Does your organization have a designated Compliance Officer? a. Yes b. No c. Don't know Developing a Compliance Workplan Uri Bilek Feldesman Tucker Leifer Fidell LLP Does your organization have a designated Compliance Officer? a. Yes b. No c. Don't know Does your organization have an established

More information

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace. Converge Platform The transition to value-based care is breaking down the barriers between the CNO, CMO, and Chief Legal Counsel in managing enterprise risk. It s time to take a proactive systems approach

More information

Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach

Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach WHITE PAPER Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach JULY 2009 Executive Summary The joiner/mover/leaver framework provides a useful mechanism for entitles to use as a basis

More information

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule BEST PRACTICES Iron Mountain Document Conversion Services HEALTHCARE HIPAA Omnibus and the Implications for Document Conversion Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule Contents

More information

3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit?

3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit? How and when should you leverage internal audit? March 28, 2017 Agenda Internal Audit foundation 3 lines of defense Trends in consultative & value enhancement work Why you should care Key takeaways 2 What

More information

HSCIC Audit of Data Sharing Activities:

HSCIC Audit of Data Sharing Activities: Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing

More information

Buying IoT Technology: How to Contract Securely. By Nicholas R. Merker, Partner, Ice Miller LLP

Buying IoT Technology: How to Contract Securely. By Nicholas R. Merker, Partner, Ice Miller LLP Buying IoT Technology: How to Contract Securely By Nicholas R. Merker, Partner, Ice Miller LLP More and more products are shipping with sensors and network connectivity to capitalize on the currency of

More information

Meaningful Use Audit

Meaningful Use Audit Preparing For (and Surviving) a Meaningful Use Audit A Complimentary Webinar From healthsystemcio.com Sponsored by Redspin Your Line Will Be Silent Until Our Event Begins Thank You! Housekeeping Moderator

More information

THERE S AN APP FOR THAT

THERE S AN APP FOR THAT PRIVACY + SECURITY FORUM DIGITAL HEALTH PRIVACY: THERE S AN APP FOR THAT October 6, 2017 2017 Morgan, Lewis & Bockius LLP A Note on Format The content of these slides was developed solely by Morgan Lewis,

More information

Environmental Scanning and Risk Assessment

Environmental Scanning and Risk Assessment Margaret Hambleton CHC-F, CHRC Vice President and Corporate Compliance Officer Dignity Health Environmental Scanning and Risk Assessment Health Care Compliance Association Orange County, CA Regional Conference

More information

3/16/2016. How to Implement a Monitoring Program Presented by: Kelly Nueske April 2016 OBJECTIVES AGENDA

3/16/2016. How to Implement a Monitoring Program Presented by: Kelly Nueske April 2016 OBJECTIVES AGENDA How to Implement a Monitoring Program Presented by: Kelly Nueske April 2016 OBJECTIVES Discuss strategies for implementing a monitoring program. For example, using the quality platform. A complete walkthrough

More information

File Sharing for the Healthcare and Life Sciences Industry

File Sharing for the Healthcare and Life Sciences Industry File Sharing for the Healthcare and Life Sciences Industry www.egnyte.com Phone: 877-734-6983 2018 by Egnyte Inc. All rights reserved. REV8 TABLE OF CONTENTS Content Collaboration for Healthcare and Life

More information

Visualize Your Compliance

Visualize Your Compliance Visualize Your Compliance Compliance is hard. Standards evolve, new regulations are introduced, and reputational and financial risks only escalate. Before you know it, resources that could otherwise be

More information

Improving Information Security by Automating Provisioning and Identity Management WHITE PAPER

Improving Information Security by Automating Provisioning and Identity Management WHITE PAPER Improving Information Security by Automating Provisioning and Identity Management WHITE PAPER INTRODUCTION Many healthcare security professionals understand the need to enhance their security and privacy

More information

Duke University Health System gets smarter for its patients

Duke University Health System gets smarter for its patients Duke University Health System gets smarter for its patients Smart is Delivering more personalized care, stimulating a deeper level of patient engagement in healthcare management The instinct to innovate

More information

Stacey Carr, Division Privacy Officer. Ram Ramadoss, Director, Privacy and Information Security oversight Catholic Health Initiatives

Stacey Carr, Division Privacy Officer. Ram Ramadoss, Director, Privacy and Information Security oversight Catholic Health Initiatives Stacey Carr, Division Privacy Officer Ram Ramadoss, Director, Privacy and Information Security oversight Catholic Health Initiatives 1 HIPAA & Healthcare Industry Overview Overview of Omnibus Rule Changes

More information

Nuance Power PDF is PDF uncompromised.

Nuance Power PDF is PDF uncompromised. is PDF uncompromised. Collaboration and productivity at a price that makes business sense. 2 is the next generation PDF solution that delivers performance, ease, and value as never before. PDF uncompromised.

More information

Nuance Power PDF is PDF uncompromised.

Nuance Power PDF is PDF uncompromised. is PDF uncompromised. Collaboration and productivity at a price that makes business sense. 2 is the next generation PDF solution that delivers performance, ease, and value as never before. PDF uncompromised.

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Common healthcare industry approach for assessing security and reporting compliance Background and challenges Compliance requirements for healthcare organizations and their

More information

Securing Access of Health Information Using Identity Management

Securing Access of Health Information Using Identity Management Securing Access of Health Information Using Identity Management Steve Whicker Manager Security Compliance HIPAA Security Officer AHIS Central Region St Vincent Health sawhicke@stvincent.org Chris Bidleman

More information

Background Verification. Request for Proposal Guide

Background Verification. Request for Proposal Guide Background Verification Request for Proposal Guide A Guide for Organizations to submit a Request for Proposal for Background Screening. This Guide was developed for employers and other organizations, such

More information

2018 Program Audit Process Overview

2018 Program Audit Process Overview 2018 Program Audit Process Overview Medicare Parts C and D Oversight and Enforcement Group Division of Audit Operations Updated December 2017 Page 1 of 8 Table of Contents I. Executive Summary 2018 Audit

More information

Meaningful Use Audits

Meaningful Use Audits Meaningful Use Audits Bruce Wacker Executive Director of Customer and Regulatory Services Adventist Health System Mike Hourigan Director, Regulatory Consulting Cerner Corporation 1 Copyright 2013. All

More information

Standard Statement and Purpose

Standard Statement and Purpose Personnel Security Standard Responsible Office: Technology Services Initial Standard Approved: 10/23/2017 Current Revision Approved: 10/23/2017 Standard Statement and Purpose Security of information relies

More information

Welcome to Northside Hospital s Annual / New Hire Compliance Training. 1 of 35

Welcome to Northside Hospital s Annual / New Hire Compliance Training. 1 of 35 2015-2016 Corporate Compliance Training Welcome to Northside Hospital s Annual / New Hire Compliance Training 1 of 35 Goals of Session 1. Review Northside s Compliance Program and Code of Conduct 2. Emphasize

More information

HIPAA: Overview and Impact On Revenue Cycle

HIPAA: Overview and Impact On Revenue Cycle HIPAA: Overview and Impact On Revenue Cycle Transaction Standards and Code Sets and Their Effect on the Revenue Cycle Lee Barrett, Director, Health Care Practice PricewaterhouseCoopers, LLP Lee.Barrett@us.pwcglobal.com

More information

Enabling Robust Information Accountability in E-healthcare Systems

Enabling Robust Information Accountability in E-healthcare Systems Enabling Robust Information Accountability in E-healthcare Systems USENIX HealthSec 12 Bellevue, WA 8/7/2012 Daisuke Mashima Mustaque Ahamad College of Computing Georgia Institute of Technology Atlanta,

More information

STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017

STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017 STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda

More information

imedicor: Secure Information Exchange Portal

imedicor: Secure Information Exchange Portal White Paper imedicor: Secure Information Exchange Portal by Patricia A. Trites, MPA, CHBC, CPC, CHCC, CHCO, CEMC, CHP, CMP(H), CHAP Vice President, Compliance Resources, LLC Disclaimer The information

More information

Mobile Technology Resources for the Field Based Employee. Kelly Aldridge Vice President of Sales and Marketing Home Solutions, Hammonton, NJ

Mobile Technology Resources for the Field Based Employee. Kelly Aldridge Vice President of Sales and Marketing Home Solutions, Hammonton, NJ Mobile Technology Resources for the Field Based Employee Kelly Aldridge Vice President of Sales and Marketing Home Solutions, Hammonton, NJ 1 CE Credit in Five Easy Steps! 1. Scan your badge as you enter

More information

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi Created for mike elfassi Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service

More information

Reimagine: Healthcare

Reimagine: Healthcare PROSPECTUS 2018 Reimagine: Healthcare OUR MISSION Redox exists to make healthcare data useful. We ve built the fastest and most cost-effective way to share health data between technologies, enabling dramatic

More information

IBM Clinical Trial Management System for Sites

IBM Clinical Trial Management System for Sites Service Description IBM Clinical Trial Management System for Sites This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized users

More information

Real solutions for real-world problems.

Real solutions for real-world problems. Digital Health Real solutions for real-world problems. Today, it costs around $2.6 billion and takes between 10 and 15 years to develop a new drug. 1 Despite the enormity of this investment, once the drug

More information

HIPAA Summit VII. Preconference III. Advanced Strategies to Achieve ROI in Implementing HIPAA

HIPAA Summit VII. Preconference III. Advanced Strategies to Achieve ROI in Implementing HIPAA HIPAA Summit VII Preconference III Advanced Strategies to Achieve ROI in Implementing HIPAA Case Study Report: The Health Reinsurance Association (HRA) and Pool Administrators Inc. (PAI) By Karl Ideman,

More information

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today? HCCA Institute 2018 708: Intersection of & April 17, 2018 Agenda Objectives Where are we today? Corporate Integrity: The intersection of, and Privacy Questions 2 Where are we today? 3 1 Regulatory change

More information

Streamlining IRB Procedures for Expanded Access

Streamlining IRB Procedures for Expanded Access Streamlining IRB Procedures for Expanded Access Marjorie A. Speers, Ph.D. Executive Director, WCG Foundation Richard Klein Director, FDA Patient Liaison Program Office of Health and Constituent Affairs

More information

Optimize New Product Development. Presenter s Name Presenter s Title

Optimize New Product Development. Presenter s Name Presenter s Title Optimize New Product Development Presenter s Name Presenter s Title Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Assessments for Certified and Non-Certified Vendors

Assessments for Certified and Non-Certified Vendors Assessments for Certified and Non-Certified Vendors 3rd party Vendors Security Risk Profile 63% of all 2016 data breaches resulted from third party vendor s risk Small companies are high risk - security

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

IT Due Diligence in an Era of Mergers and Acquisitions

IT Due Diligence in an Era of Mergers and Acquisitions IT Due Diligence in an Era of Mergers and Acquisitions Session 49, March 6, 2018 Charlie Jones, Director of Project Management, University of Vermont Health Network 1 Conflict of Interest Charlie Jones;

More information

Emerging Technology and Security Update

Emerging Technology and Security Update Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy

More information

BEST PRACTICES: DEPLOYING SPOK MOBILE WITH ENTERPRISE MOBILITY MANAGMENT. spok.com

BEST PRACTICES: DEPLOYING SPOK MOBILE WITH ENTERPRISE MOBILITY MANAGMENT. spok.com SM BEST PRACTICES: DEPLOYING SPOK MOBILE WITH ENTERPRISE MOBILITY MANAGMENT 1 DEPLOYING SPOK MOBILE WITH ENTEPRISE MOBILITY MANAGMENT Scalability and adoption are significant challenges that IT professionals

More information

Health Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES.

Health Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Health Solutions Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Expanding Insight. Ensuring Value. Improving Outcomes. Organizations look to experienced solutions

More information

Simple, Scalable, Real-time Protection

Simple, Scalable, Real-time Protection Data Sheet Simple, Scalable, Real-time Protection Practical Content Security With Egnyte Protect, companies can quickly find and safeguard the content that matters most. It is simple to use, requires almost

More information