Embed Size (px)
DESCRIPTION
HIPAA
Citation preview
HIPAA SecurityHIPAA SecurityPutting the Pieces TogetherPutting the Pieces Together
People’s Hospital
Confidentiality-preventing disclosure of private information
Integrity- ensuring health data has not been altered or misplaced
Availability- ensures information is accessible by authorized users
Security Rules ensure C.I.A
3 Safeguards of the HIPAA Security Rules
3 Safeguards of the HIPAA Security Rules
TechnicalPhysicalAdministrative
TechnicalTechnical
Access- granted based on job level and a “need to know”, password protected access, monitor logins, audit access, and mandate locking of computers. Use auto logoffs, Mandate no sharing of passwords and changing passwords every 3 months
Electronic transmission of ePHI must be encrypted and decrypted
Access- granted based on job level and a “need to know”, password protected access, monitor logins, audit access, and mandate locking of computers. Use auto logoffs, Mandate no sharing of passwords and changing passwords every 3 months
Electronic transmission of ePHI must be encrypted and decrypted
Technical cont.Technical cont.
Terminate access immediately should employee leave
Educate staff on strong password use
Mandate passwords be changed when compromised
Educate staff on the consequence of inappropriate password use
Terminate access immediately should employee leave
Educate staff on strong password use
Mandate passwords be changed when compromised
Educate staff on the consequence of inappropriate password use
PhysicalPhysical
•Protect hardware from theft and destruction•Monitor access of staff and visitors into the hospital•Restrict access to areas based on job roles•Protect servers from physical damage and store in an access controlled area•Prohibit network alterations•Ensure disposal of paper data in shred boxes and electronic data must be destroyed prior to shredding
AdministrativeAdministrative
• Risk Analysis- perform an assessment of the risk to determine necessary activities•Policies and procedures to prevent, detect, contain and correct security violations•Risk Management- measures to reduce risk such as using virus protection and firewall’s
Administrative cont.Administrative cont.
• Sanctions- Ensure staff are educated on the “0 tolerance” policy regarding infractions
• Information System Activity Review- run audits and reports regularly
• Security Awareness-ensure all staff are trained on security
Back Up data plans and disaster recovery plans will be implemented
• Sanctions- Ensure staff are educated on the “0 tolerance” policy regarding infractions
• Information System Activity Review- run audits and reports regularly
• Security Awareness-ensure all staff are trained on security
Back Up data plans and disaster recovery plans will be implemented
Administrative cont.Administrative cont.
Mr. Joe Smith, the Information Security officer responsible for policies and procedures
Security Incident Reporting- identify violations and corrective actions
Instruct staff aware if an unauthorized disclosure occurs, they should report it promptly
Mr. Joe Smith, the Information Security officer responsible for policies and procedures
Security Incident Reporting- identify violations and corrective actions
Instruct staff aware if an unauthorized disclosure occurs, they should report it promptly
•HIPAA is mandated by law•All health care providers and their associates must comply•All health care providers and their associates must be aware of the laws and consequences of violations
Ensure ComplianceEnsure Compliance
ReferencesReferences
Wager, K. A., Lee, F. W., & Glaser, J. (2009). Introduction to Health Care Information. Health care information systems: a practical approach for health care management (2nd ed., p. 5). San Francisco, CA: Jossey-Bass.
Summary of the HIPAA Security Rule. (n.d.). United States Department of Health and Human Services. Retrieved June 20, 2011, from http://www.hhs.gov/ocr/privacy/hipaa
Wager, K. A., Lee, F. W., & Glaser, J. (2009). Introduction to Health Care Information. Health care information systems: a practical approach for health care management (2nd ed., p. 5). San Francisco, CA: Jossey-Bass.
Summary of the HIPAA Security Rule. (n.d.). United States Department of Health and Human Services. Retrieved June 20, 2011, from http://www.hhs.gov/ocr/privacy/hipaa
