HIPAA Security: What Everyone Should HIPAA Structure HIPAA P.L. 104-191 HIPAA Title I: Insurance Portability

  • View
    1

  • Download
    0

Embed Size (px)

Text of HIPAA Security: What Everyone Should HIPAA Structure HIPAA P.L. 104-191 HIPAA Title I: Insurance...

  • © Copyright 2008 American Health Information Management Association. All rights reserved.

    HIPAA Security: What Everyone Should Know

    Webinar January 17, 2008

    Practical Tools for Seminar Learning

  • Disclaimer

    AHIMA 2008 HIM Webinar Series i

    The American Health Information Management Association makes no representation or guarantee with respect to the contents herein and specifically disclaims any implied guarantee of suitability for any specific purpose. AHIMA has no liability or responsibility to any person or entity with respect to any loss or damage caused by the use of this audio seminar, including but not limited to any loss of revenue, interruption of service, loss of business, or indirect damages resulting from the use of this program. AHIMA makes no guarantee that the use of this program will prevent differences of opinion or disputes with Medicare or other third party payers as to the amount that will be paid to providers of service. As a provider of continuing education the American Health Information Management Association (AHIMA) must assure balance, independence, objectivity and scientific rigor in all of its endeavors. AHIMA is solely responsible for control of program objectives and content and the selection of presenters. All speakers and planning committee members are expected to disclose to the audience: (1) any significant financial interest or other relationships with the manufacturer(s) or provider(s) of any commercial product(s) or services(s) discussed in an educational presentation; (2) any significant financial interest or other relationship with any companies providing commercial support for the activity; and (3) if the presentation will include discussion of investigational or unlabeled uses of a product. The intent of this requirement is not to prevent a speaker with commercial affiliations from presenting, but rather to provide the participants with information from which they may make their own judgments. This seminar's faculty have made no such disclosures.

  • Faculty

    AHIMA 2008 HIM Webinar Series ii

    Angela Dinh, MHA, RHIA

    Angel Dinh is a manager of professional practice resource at AHIMA, where she provides professional expertise to develop AHIMA products and services aimed at furthering HIM, with a focus on HIPAA security. Prior to joining AHIMA, Ms. Dinh was a consultant with Precyse Solutions, Inc., and worked in various HIM roles including management in a healthcare software company. In addition, she is an adjunct instructor for the St. Petersburg College HIT program in St. Petersburg, Florida.

    Tom Walsh, CISSP

    Tom Walsh is president of Tom Walsh Consulting, LLC, in Overland Park, Kansas, conducting security training, risk analysis, and remediation activities for healthcare clients. He is a nationally recognized speaker and author on health information security topics. Prior to launching his own firm, Mr. Walsh held consulting positions with other firms, was an information security manager for a healthcare system, and worked as a contractor in the Department of Energy’s nuclear weapons program.

  • Table of Contents

    AHIMA 2008 HIM Webinar Series

    Disclaimer ..................................................................................................................... i Faculty .........................................................................................................................ii Objectives ..................................................................................................................... 1 Polling Question #1........................................................................................................ 2 HIPAA Structure.......................................................................................................... 2-3 The Security Rule........................................................................................................... 3 Security Overview ....................................................................................................... 4-5 Required vs. Addressaable .............................................................................................. 5 Organizational Requirements........................................................................................... 6 Documentation Requirements ......................................................................................... 6 Administrative Safeguards............................................................................................ 7-8 Physical Safeguards..................................................................................................... 8-9 Technical Safeguards..................................................................................................9-10 Policies and Procedures ............................................................................................10-11 Polling Question #2.......................................................................................................12 Q&A Session.................................................................................................................12 Consider: How will you know if your info security program is compliant .............................13 #1 Assign Responsibility ................................................................................................14 #2 Set Standards ..........................................................................................................14 #3 Awareness and Training ...........................................................................................15 #4 Incident Reporting ...................................................................................................15 #5 Incident Response ...................................................................................................16 #6 Auditing and Monitoring............................................................................................16 #7 Corrective Actions ....................................................................................................17 Polling Question #3.......................................................................................................17 Other Thoughts.............................................................................................................18 Auditing – Key Concepts ...........................................................................................18-19 What to Audit?..............................................................................................................20 Reviewing Audit Data ....................................................................................................20 Summary......................................................................................................................21 Resource/Reference List ...........................................................................................21-22 Audience Questions.......................................................................................................23 Audio Seminar Discussion and Audio Seminar/Webinar Information Online.........................24 Upcoming Audio Seminars and Webinars ........................................................................25 AHIMA Distance Education online courses .......................................................................25 Thank You/Evaluation Form and CE Certificate (Web Address) ..........................................26 Appendix ..................................................................................................................27 Resource/Reference List .......................................................................................28 Sample Information Security Incident Report Form Sample Audit Data Management Requirements CE Certificate Instructions

  • HIPAA Security: What Everyone Should Know

    AHIMA 2008 HIM Webinar Series 1

    Notes/Comments/Questions

    Objectives

    1. Learn what's addressable vs. what's required as defined by the HIPAA Security standards

    2. Understand what policies and procedures must be in place for compliance

    1

    Objectives

    3. Learn the integral parts to ensuring a successful HIPAA Security Compliance Plan

    4. Learn how to create and maintain an audit program for verification and validation of security control

    2

  • HIPAA Security: What Everyone Should Know

    AHIMA 2008 HIM Webinar Series 2

    Notes/Comments/Questions

    Polling Question #1

    How many of you have: a) Read the entire Security Rule b) Read portions of it c) Heard of it d) Asked, “What is it?”

    3

    HIPAA Structure

    HIPAA P.L. 104-191 HIPAA

    P.L. 104-191

    Title I: Insurance Portability

    Title I: Insurance Portability

    Title II: Administrative Simplification

    Title II: Administrative Simplification

    Title III: Medical Savings and Tax Deduction

    Title III: Medical Savings and Tax Deduction

    Title IV: Group Health Plan Provisions

    Title IV: Group Health Plan Provisions

    Title V: Revenue Offset Provisions

    Title V: Revenue Offset Provisions

    EnforcementEnforcementTransactionsTransactions IdentifiersIdentifiers SecuritySecurity PrivacyPrivacy

    Title II: Administrative Simplification

    Title II: Administrative Simplification

    4

  • HIPAA Security: What Everyone Should Know

    AHIMA 2008 HIM We