Upload
imogen-horn
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
© Clearwater Compliance LLC | All Rights Reserved
Copyright NoticeCopyright Notice. All materials contained within this document are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior, express written permission of Clearwater Compliance LLC. You may not alter or remove any copyright or other notice from copies of this content. For reprint permission and information, please direct your inquiry to [email protected]
© Clearwater Compliance LLC | All Rights Reserved
Legal DisclaimerLegal Disclaimer. This information does not constitute legal advice and is for educational purposes only. This information is based on current federal law and subject to change based on changes in federal law or subsequent interpretative guidance. Since this information is based on federal law, it must be modified to reflect state law where that state law is more stringent than the federal law or other state law exceptions apply. This information is intended to be a general information resource regarding the matters covered, and may not be tailored to your specific circumstance. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND ADVICE PROVIDED HEREIN IN CONSULTATION WITH YOUR LEGAL OR OTHER ADVISOR, AS APPROPRIATE. The existence of a link or organizational reference in any of the following materials should not be assumed as an endorsement by Clearwater Compliance LLC.
© Clearwater Compliance LLC | All Rights Reserved
Clearwater HIPAA Privacy and Breach Notification Assessment™
Guided Tour
(800)[email protected]
© Clearwater Compliance LLC | All Rights Reserved
Passion: Implementing Privacy and Security by design; aiding others in achieving
and maintaining compliance
Jon Stone, MPA, PMP
• 25+ years in Healthcare in the provider, payer and healthcare quality improvement fields
• Innovator | Strategic Program Manager | Consultant | Executive
• 15+ years of strategic leadership for compliance and Healthcare information technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix.
• PMP, MPA - Healthcare Policy and Administration
Jon Stone, MPA, PMP615-210-9612
© Clearwater Compliance LLC | All Rights Reserved
Wes Morris, CHPS
• 25+ years in Healthcare• 20 years in Clinical Care• 10+ years specific experience in HIPAA Privacy and
Security• Experienced Hospital Privacy and Security Officer,
Team Lead and Subject Matter Expert• Certified in Healthcare Privacy and Security (CHPS)• Examination Development Committee Member for
CHPS Exam• Mentor HIM students and candidates Wes Morris, CHPS
© Clearwater Compliance LLC | All Rights Reserved
Lee Painter, CISSP, C|EH
• 15+ years in Information Assurance and Computer Network Defense
• 15+ years training customers on the need to understand and adopt best practices
• Experience as an Information Systems Security Officer for the Department of Homeland Security
• Passionate Security Professional with a drive to provide not just knowledge but understanding
• Certified Information Systems Security Professional(CISSP)
• Certified Ethical Hacker(C|EH) Lee Painter, CISSP, C│[email protected]
© Clearwater Compliance LLC | All Rights Reserved
ObjectiveLearn how to use the Clearwater HIPAA Privacy Breach Notification Assessment™ Software as a Service
Agenda
• Regulatory Background• Features• Software walkthrough• Product Benefits
© Clearwater Compliance LLC | All Rights Reserved
Frame
Monitor
RespondAssess
HIPAA Business Risk Management Life CyclePrivacy
AssessmentSecurity
Assessment
Risk Analysis
ePHI Discovery
Risk Response
Remediation
Risk StrategyGovernance
AuditingTechnical Testing
WorkforceTraining
© Clearwater Compliance LLC | All Rights Reserved
Three Pillars of HIPAA-HITECH Compliance…
Privacy
Security
Breach
Notification
……
HITECH
HIPAA
Breach Notification IFR• 6 pages / 2K words• 4 Standards• 9 Implementation Specs
Privacy Final Rule• 75 pages / 27K words• 56 Standards• ~ 54 “dense”
Implementation Specs
Security Final Rule• 18 pages / 4.5K words• 22 Standards• ~50 Implementation
Specs
OMNIBUS FINAL RULE
© Clearwater Compliance LLC | All Rights Reserved
What’s New?
© Clearwater Compliance LLC | All Rights Reserved
What’s New?
• The # of Data Breaches are Up• The Average Cost of a Data Breach is Up• The # of Complaints to HHS is Up• The # of Investigations by OCR is Up• State Privacy Laws are tightening
© Clearwater Compliance LLC | All Rights Reserved
What’s New?
• State AGs are flexing their muscles• The Courts are beginning to “widen their view”
of data breach damages• “Meaningful Use” Audits are underway• False Claim Act Violations• SEC requiring Disclosure
© Clearwater Compliance LLC | All Rights Reserved
The Intersection of Privacy & Security
ChoiceNoticeAccess
ControlsSafeguards
Privacy SecurityConfidentiality
IntegrityAvailability
© Clearwater Compliance LLC | All Rights Reserved
Why Do A Privacy Assessment?
• OCR Preliminary Observations: Weaknesses in Meeting Privacy Rule Requirements
• OCR Corrective Action Plans: Strengthen Privacy Administrative Requirements
• “Wall of Shame” and Industry Surveys: More Breaches Result from Insider Actions than Outsider Hackers
• Complaints to OCR: Highlight Privacy Concerns and Violations
© Clearwater Compliance LLC | All Rights Reserved
Categories of Regulatory Requirements
Administrative Requirements 12 10
Permitted Uses and Disclosures 23 24
Authorized Uses and Disclosures 8 3
Minimum Necessary 11 8
Notice of Privacy Practices 8 7
Other Individual Rights 10 16
Other Provisions 10 7
Organizational Requirements 3 3
Breach Notification 9 10
Total 94 88
# of Assessment Questions
# of OCR Audit Protocols
Clearwater HIPAA Privacy & Breach Notification Assessment™
© Clearwater Compliance LLC | All Rights Reserved
Three Key Compliance Questions
1. Is it documented?• Policies, Procedures and Documentation
3. Is it Reasonable and Appropriate?• Comply with the implementation
specification
2. Are you doing it?• Using, Applying, Practicing and Enforcing
© Clearwater Compliance LLC | All Rights Reserved
Features
© Clearwater Compliance LLC | All Rights Reserved
© Clearwater Compliance LLC | All Rights Reserved
Benefits of a Privacy Assessment
1. Prepare for Mandatory Audits or Investigations2. Build Solid Educational Foundation3. Re-energize Overall Compliance Program 4. Establish a Baseline for Progress Monitoring5. Understand Gaps in Compliance6. Develop/Execute on a Thoughtful Remediation Plan7. Receive an Independent, Objective 3rd Party Review8. Reduce the Risk of a Costly Data Breach
© Clearwater Compliance LLC | All Rights Reserved
Support Unlimited support during normal business hours Phone and email support
Training 60-90 minutes of live web based training Extensive free self-service training
User Provisioning Easy self service capabilities to add unlimited numbers of users Add additional business entities and perform multiple concurrent
assessments for an additional reasonable price
© Clearwater Compliance LLC | All Rights Reserved
Ease of Access Available 7x24 from an internet connection No software download required Supports all common browsers
Business Continuity Customer data is backed up every 15 minutes Returned to operations in under two hours
Protection Strong firewalls All data sent or received uses TLS 1.1 encryption Passwords are stored using strong encryption
© Clearwater Compliance LLC | All Rights Reserved
Need help with resources or expertise?
© Clearwater Compliance LLC | All Rights Reserved
Clearwater Customer Community• Where Clearwater customers go to get
additional value and benefits
Customer Council Meetings• Complimentary educational content• A place for customers interact and learn from
each other
Customer Forum• A place for software customers to privately post questions and
chat with peers
© Clearwater Compliance LLC | All Rights Reserved
Questions?
© Clearwater Compliance LLC | All Rights Reserved
Or Click Here
If you are interested in a Free Trial please contact us;
(800) 704 - [email protected]
© Clearwater Compliance LLC | All Rights Reserved
Register For Upcoming Live HIPAA-HITECH Webinars at:
http://clearwatercompliance.com/live-educational-webinars/
Get more info…
View pre-recorded Webinars like this one at:
http://clearwatercompliance.com/on-demand-webinars/