• Home

  • Documents

  • What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in...
16
What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Tags:

Embed Size (px)

Citation preview

Page 1: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in

2015 and Beyond

Page 2: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond
Page 3: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond
Page 4: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond
Page 5: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

2014 Data breaches

Settlements & Resolution Agreements Approximately $5.5 million collected

Greatest number of HIPAA settlements

HIPAA Audits

Leadership changes

Complaints, compliance reviews & investigations

Page 6: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

“OCR’s strong enforcement of the HIPAA privacy, security, and breach

notification rules, remains very much on track.”

Page 7: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

2015

HIPAA Audits

Enforcement

Complaints, compliance reviews & investigations

Page 8: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

HIPAA Audits

Policies & procedures – daily activities

Staff knowledge & training

Cybersecurity – Risk assessments, breach notification & access controls

Privacy notice practices

Audit protocol

http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/protocol.html

Page 9: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Enforcement

6,000+ open investigations

Increased focus on negotiating settlements

Various methods for enforcement

Page 10: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Complaints & Investigations

Complaints volume increases each year

Record number expected for 2015

Inconsistency between regional offices

Request policies & procedures (mini audits)

Culture of compliance

Page 11: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

How to Prepare

1. Cybersecurity

2. Business Associate Agreements

Page 12: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Cybersecurity Gap analysis

Staff training

Inventory of systems & devices

Regular review of policies & procedures

Page 13: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Business Associate Agreements HITECH Act

Increased negotiation surrounding BAAs Indemnity

Which entity is responsible for breach notification & responding to patient requests

Subcontractor BAAs

Termination rights for material breach

Page 14: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Takeaways Audit first

Review and negotiate BAAs

Dust off Policies & Procedures Addressable Elements

Compliance Culture

Page 15: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Questions

?

Page 16: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond

Carrie S. GilbertDressman Benzinger LaVelle psc

[email protected]


Enforcement and Administration of Privacy Laws Privacy and Surveillance Graham Greenleaf Last revised September 2008

Enforcement and Administration of Privacy Laws Privacy and Surveillance Graham Greenleaf Last revised September 2008

Documents
REPORT ON FINANCIAL PRIVACY, LAW ENFORCEMENT AND …

REPORT ON FINANCIAL PRIVACY, LAW ENFORCEMENT AND …

Documents
HIPAA Privacy, Security, Enforcement, and Breach

HIPAA Privacy, Security, Enforcement, and Breach

Documents
Privacy Rights v. Anti-Money Laundering Enforcement

Privacy Rights v. Anti-Money Laundering Enforcement

Documents
CONNECTED THINKING - International Privacy … · GPEN Meeting CONNECTED THINKING Better enforcement outcomes through sharing methodologies and expertise in connected privacy networks

CONNECTED THINKING - International Privacy … · GPEN Meeting CONNECTED THINKING Better enforcement outcomes through sharing methodologies and expertise in connected privacy networks

Documents
1 CLASS 7 Privacy and Law Enforcement pt. 2; Education Privacy Privacy and Information Security Law Randy Canis

1 CLASS 7 Privacy and Law Enforcement pt. 2; Education Privacy Privacy and Information Security Law Randy Canis

Documents
A Global Survey of Privacy and Security Enforcement Actions

A Global Survey of Privacy and Security Enforcement Actions

Documents
PRIVACY, LAW ENFORCEMENT, AND NATIONAL SECURITY

PRIVACY, LAW ENFORCEMENT, AND NATIONAL SECURITY

Documents
Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley

Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley

Documents
Privacy and Security Enforcement Tracker 2015 · the natural community of privacy activists, security and privacy professionals, regulators, lawyers, judges and politicians whom we

Privacy and Security Enforcement Tracker 2015 · the natural community of privacy activists, security and privacy professionals, regulators, lawyers, judges and politicians whom we

Documents
Improving HIPAA Enforcement and Protecting Patient Privacy in a

Improving HIPAA Enforcement and Protecting Patient Privacy in a

Documents
Workshop 11 Privacy Enforcement and Accountability with ...The second role of Semantic Web research in this area is that privacy enforcement and accountability also apply to many emergent

Workshop 11 Privacy Enforcement and Accountability with ...The second role of Semantic Web research in this area is that privacy enforcement and accountability also apply to many emergent

Documents
Securing Compliance, Protecting Privacy The PIPEDA Enforcement

Securing Compliance, Protecting Privacy The PIPEDA Enforcement

Documents
HIPAA Privacy, Security, Enforcement, and Breach Notification Rules

HIPAA Privacy, Security, Enforcement, and Breach Notification Rules

Documents
Email, Privacy, and Law Enforcement

Email, Privacy, and Law Enforcement

Documents
End-to-End Privacy Policy Enforcement in Cloud Infrastructure

End-to-End Privacy Policy Enforcement in Cloud Infrastructure

Documents
Workshop 11 Privacy Enforcement and Accountability with Semantics

Workshop 11 Privacy Enforcement and Accountability with Semantics

Documents
Privacy and Security Enforcement: An In-Depth Exploration of Federal Civil Enforcement

Privacy and Security Enforcement: An In-Depth Exploration of Federal Civil Enforcement

Documents
Federal Civil Rights and Privacy Enforcement by HHS’s Office for Civil Rights

Federal Civil Rights and Privacy Enforcement by HHS’s Office for Civil Rights

Documents
International Enforcement Cooperation Working Group - Global Privacy … · 2020. 10. 23. · Executive Summary The International Enforcement Cooperation Working Group ... • an

International Enforcement Cooperation Working Group - Global Privacy … · 2020. 10. 23. · Executive Summary The International Enforcement Cooperation Working Group ... • an

Documents
Privacy-Preserving Data Mining - Yale University · •Policies for privacy-preserving data mining: languages, reconciliation, and enforcement. •Incentive-compatible privacy-preserving

Privacy-Preserving Data Mining - Yale University · •Policies for privacy-preserving data mining: languages, reconciliation, and enforcement. •Incentive-compatible privacy-preserving

Documents
Privacy and Law Enforcement in the European Union: the

Privacy and Law Enforcement in the European Union: the

Documents
DOJ Enforcement Trends: What to Expect and How to Respond Jacqueline Arango Shareholder

DOJ Enforcement Trends: What to Expect and How to Respond Jacqueline Arango Shareholder

Documents
Privacy Enforcement Actions - Fordham University

Privacy Enforcement Actions - Fordham University

Documents
Module 1 state attorneys general enforcement of federal health privacy law

Module 1 state attorneys general enforcement of federal health privacy law

Technology
Privacy Policy Enforcement in Enterprises with Identity … · 2018. 9. 13. · terms of privacy enforcement: these processes are prone to mistakes and hard to comply. Automation

Privacy Policy Enforcement in Enterprises with Identity … · 2018. 9. 13. · terms of privacy enforcement: these processes are prone to mistakes and hard to comply. Automation

Documents
IAPP Privacy Enforcement and New Business Case Presentation

IAPP Privacy Enforcement and New Business Case Presentation

Documents
[Privacy Webinar Slides] Global Enforcement Priorities

[Privacy Webinar Slides] Global Enforcement Priorities

Law
Enforcement and Administration of Privacy Laws

Enforcement and Administration of Privacy Laws

Documents
the future of drones in america: law enforcement and privacy

the future of drones in america: law enforcement and privacy

Documents