HIPAA Security Assessment ToolKit™ Introduction and Overview

Bob Chaput615-656-4299 or 800-704-3394bob.chaput@HIPAASecurityAssessment.comHITECH Security Advisors, LLC

1

Disclaimers1. We are not attorneys! Consult with your own legal

counsel or advisors.2. Information about and around HIPAA and HITECH

continues to evolve. 3. HIPAA and HITECH rules and regulations are subject to

lots of different interpretations. 4. Every effort has been made to insure that the

information presented is correct, but we can cannot offer such assurances.

5. You should not rely on this information for legal purposes, but simply use it as a tool to raise your awareness.

Why You Should Care!

1. “Ensuring adequate privacy and security protections for personal health information” is a key part of Meaningful Use

2. HITECH Act has raised the ante for HIPAA Security compliance significantly

3. Compliance is the smart thing to do for your business and the right thing to do for your patients or your customers’ patients

4. It’s the law!

3

Meaningful Use Stage 1 Policy Goals

It’s about health outcomes improvement in the US…

1. Improving quality, safety, efficiency, and reducing health disparities.

2. Engaging patients and families in their healthcare

3. Improving care coordination

4. Improving population and public health

5. Ensuring adequate privacy and security protections for personal health information

4

The HITECH Act – Major Changes From a Privacy and Security perspective, here are five absolute “game changers” under HITECH:

1) Mandatory audits (Subtitle D, Part 1, Section 13411)

2) HHS non-compliance fines return to HHS’ coffers and within a few years (by law) individuals will participate in sharing the proceeds

3) State AGs can now bring civil actions on behalf of their citizens

4) Business Associates are now statutorily obligated5) Data Breach Notification requirements

5

Meet the HHS Data Breach ‘Wall of Shame’

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

6

HIPAA Security-HITECH Compliance Roadmap

HIPAA Security

Assessment(HSA)

Preliminary Remediation

Plan(PRP)

HIPAA Risk

Analysis(HRA)

HIPAASecurity Training(HST)

HIPAA SecurityPolicies(HSP)

HIPAA Compliance

Manual(HCM)

HIPAA Security

Evaluation(HSE)

HIPAARemediation

Plan(HRP)

HIPAASecurity Strategy

(HSS)

7

HIPAA Security is

NOT a “techie” project

… A journey, not a

destination !

Focus of HSA ToolKit™

Purpose of the HSA ToolKit™

1. Jump Start Your HIPAA Security Compliance Program

2. Establish A Progress / Benchmark Monitor

3. Quickly Identify “Low Hanging” Remediation Items

4. Develop a Solid Foundation for HIPAA Risk Analysis

5. Build Deep Understanding At The Onset

6. Get out in front of Meaningful Use requirements on ePHI security

8

Contents of the HSA ToolKit™1. HIPAA Security Assessment ToolKit™ Contents

document2. How to Use the HIPAA Security Assessment ToolKit™ 3. Comprehensive HIPAA Security Assessment (HSA)

Excel Tool™, including Instructions, Glossary of Terms, included with HSA Excel Tool, Policies Checklist, Resources & References

4. HIPAA Security – HITECH Compliance Roadmap™5. Preliminary Remediation Plan Candidate Items template6. Data Mountain HIPAA-HITECH Security Rule FAQ 7. Iron Mountain HIPAA Primer – What You Should Know

About the New Regulations 8. 2009 CMS' HIPAA Compliance Review Analysis And

Summary of Results9. Office of Civil Rights (OCR) HIPAA Security Standards:

Guidance on Risk Analysis10. Centers for Medicare & Medicaid Services (CMS)

Security Standards: Implementation for the Small Provider

11. Complete copy of HIPAA Security Final Rule (45 CFR Parts 160, 162, and 164)

9

Heart of the HSA ToolKit™

Features and Benefits of the HSA ToolKit™

11

HSA ToolKit™ Features HSA ToolKit™ Benefits

Low Price and High Value• Low Risk • Easily derived immediate remediation steps • Fast Track to HIPAA Security Rule Compliance • Comprehensive tool and resources

Short Duration• Low Impact on Client Staff and Operations • Fast, Immediate Results • Proven Quality

Development Team • Developed by Senior, Experienced Professionals • Health Care Expertise • HIPAA – HITECH Focused

Sound Methodology

• Comprehensive, Complete Data Gathering • Based on Proven Best Practices • High-Quality, Credible Outcomes • Process View, No-Fault Appraisal • Baseline for Compliance Program

Bob Chaput

www.HIPAASecurityAssessment.com

bob.chaput@HIPAASecurityAssessment.com

Connect: www.linkedin.com/in/bobchaput

Follow me: Twitter.com/bobchaput

HITECH Security Advisors, LLC

12

Contact