HIPAA Privacy and Security Breaches 10 Things To Know

Similar documents
503 SURVIVING A HIPAA BREACH INVESTIGATION

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

ARE YOU HIP WITH HIPAA?

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

HIPAA: Impact on Corporate Compliance

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA Data Breach ITPC

HIPAA Breach Notification Case Studies on What to Do and When to Report

HIPAA Compliance Under the Magnifying Glass

Disclaimer LEGAL ISSUES IN PHYSICAL THERAPY

Nancy Davis, Ministry Health Care Peg Schmidt, Aurora Health Care Teresa Smithrud, Mercy Health System

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Future of Healthcare in Washington April 2, Christiansen IT Law

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

AFTER THE OMNIBUS RULE

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

HIPAA Training for Small Providers

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

AMA Practice Management Center, What you need to know about the new health privacy and security requirements

Determining Whether You Are a Business Associate

Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style

HIPAA & The Medical Practice

HIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc.

HEALTHCARE BREACH TRIAGE

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

4/15/2016. What we strive for. Reality

BREACH NOTIFICATION POLICY

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

HIPAA and Lawyers: Your stakes have just been raised

8/30/2016 HIPAA: WHAT S CHANGED?

HIPAA Privacy and Security Rules

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

HIPAA Security How secure and compliant are you from this 5 letter word?

Effective Date: 4/3/17

LEGAL ISSUES IN HEALTH IT SECURITY

HIPAA Business Associate Agreement

HIPAA Privacy & Security. Transportation Providers 2017

Meaningful Use Requirement for HIPAA Security Risk Assessment

RIGHT TO ACCESS AND SECURITY RISK ANALYSIS. K a t h r y n A y e r s W i c k e n h a u s e r, M B A, C H P C, C H T S

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

1 Security 101 for Covered Entities

Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

HIPAA OMNIBUS FINAL RULE

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

H E A L T H C A R E L A W U P D A T E

HIPAA COMPLIANCE. for Small & Mid-Size Practices

The HIPAA Omnibus Rule and the Enhanced Civil Fine and Criminal Penalty Regime

LIMITED DATA SET REQUEST AND DATA USE AGREEMENT

HIPAA Privacy and Security Rules: Overview and Update HIPAA. Health Insurance Portability and Accountability Act ( HIPAA )

HIPAA Omnibus Rule Compliance

Industry leading Education. Certified Partner Program. Please ask questions Todays slides are available group.

HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

2. HIPAA was introduced in There are many facets to the law. Which includes the facets of HIPAA that have been implemented?

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

Business Associate Risk

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

HIPAA Final Omnibus Rule Playbook

A Significant Increase in The Risk for Exposure Of Health Information In The United States. Result from Analysing the US Data Breach Registry

HIPAA Privacy and Security: Surviving Heightened Enforcement Crafting and Implementing Data Security Policies and Responding to Breaches

Health Care Fraud for Physicians

New HIPAA Rules Meeting Requirements for New Patient Rights and New Restrictions on Disclosures

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

Changes to HIPAA Privacy and Security Rules

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC

HIPAA Basic Training for Health & Welfare Plan Administrators

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

HIPAA PRIVACY AND SECURITY AWARENESS

Priciest HIPAA Incidents of 2015

2016 Business Associate Workforce Member HIPAA Training Handbook

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

American Bar Association. Technical Session Between the Department of Health and Human Services and the Joint Committee on Employee Benefits

HIPAA Redux 2013 Kim Cavitt, AuD Audiology Resources, Inc. Expert e-seminar 4/29/2013. HIPAA Redux Presented by: Kim Cavitt, AuD

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

ALERT. November 20, 2009

ICAHN Presentation. Final Omnibus Rule and Security Risk Analysis. July 26, David Ginsberg

The Privacy Rule. Health insurance Portability & Accountability Act

HIPAA BUSINESS ASSOCIATE AGREEMENT BEST PRACTICES KURTIN PLLC COMPLIANCE SOLUTION: UPDATE January 3, I. Executive Summary.

Last Approval Date: April 2017

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

The Revolution Will Be Worn on Your Wrist (Part 2) Deven McGraw Deputy Director, Health Information Privacy HHS Office for Civil Rights

HIPAA Compliance Guide

Highlights of the Omnibus HIPAA/HITECH Final Rule

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

HIPAA STUDENT ASSOCIATE AGREEMENT

HIPAA. What s New & What Do I Have To Do? Presented by Leslie Canham, CDA, RDA, CSP (Certified Speaking Professional)

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

Transcription:

HEALTHCON 2016 HIPAA Privacy and Security Breaches 10 Things To Know Orlando April 11, 2016 Presented by Paul R. Hales, J.D. April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 2 Lost medical records complicate Joplin hospital's tornado recovery April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 3 1

1. What is a Breach? 2. Locations and Types of PHI Major Breaches 3. Penalties 4. Breach Prevention 5. 6. Cyber Crime Intentional Human Threats 7. Unintentional Human Threats 8. Contingency Planning 9. Workforce Training 10. HIPAA Compliance Program April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 4 1. What is a Breach? Breach means 45 CFR 164.402 the acquisition, access, use, or disclosure of protected health information in a manner not permitted by the Privacy Rule which compromises the security or privacy of the protected health information. April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 5 1. What is a Breach? compromises the security or privacy of the protected health information? Breach is presumed unless low probability protected health information has been compromised based on a risk assessment of four factors? April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 6 2

April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 7 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 8 2. Locations and Types of PHI Major Breaches April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 9 3

BREACH HIGHLIGHTS September 2009 through August 28, 2015 Approximately 1,310 reports involving a breach of PHI affecting 500 or more individuals Theft and Loss are 57% of large breaches Laptops and other portable storage devices account for 30% of large breaches Paper records are 22% of large breaches Approximately 179,000+ reports of breaches of PHI affecting fewer than 500 individuals OCR NIST 2015 10 500+ Breaches by Location as of 8/28/2015 EMR 4% Other 11% Email 8% Paper Records 22% Network Server 13% Desktop Computer 12% Laptop 20% Portable Electronic Device 10% OCR NIST 2015 11 500+ Breaches by Type of Breach as of 8/28/2015 Improper Disposal 4% Unknown 1% Other 8% Hacking/IT 10% Theft 48% Unauthorized Access/Disclosure 21% Loss 9% OCR NIST 2015 12 4

March 13, 2015 Breach Portal Wall of Shame 78,800,000 Individuals April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 13 3. Penalties Civil Criminal April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 14 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 15 5

4. Breach Prevention Lessons Learned HHS/OCR Enforcement Activities HHS/OCR Resolution Agreements HHS/OCR Guidance April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 16 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 17 HHS HIPAA Pilot Audits 2012 80% of Audited Providers Failed to Do A Risk Analysis We found deficiencies among a wide variety of entities in risk analysis one of the most fundamental privacy and security elements conduct a thorough and complete risk analysis take action based on the findings of that risk analysis April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 18 6

Why have so many failed to do a Risk Analysis? April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 19 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 20 We note that some of the content contained in this guidance is based on recommendations of the National Institute of Standards and Technology (NIST). NIST, a federal agency, publishes freely available material in the public domain, including guidelines. 4 4 The 800 Series of Special Publications (SP) are available on the Office for Civil Rights website specifically, SP 800-30 - Risk Management Guide for Information Technology Systems. April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 21 7

SPECIAL PUBLICATIONS (800 SERIES) Special Publications in the 800 series (established in 1990) are of general interest to the computer security community. April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 22 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 23 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 24 8

April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 25 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 26 5. Cyber Criminals April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 27 9

March 13, 2015 Breach Portal Wall of Shame 78,800,000 Individuals April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 28 7. Unintentional Human Threats April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 29 Patient Attraction Patient Engagement April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 30 10

April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 31 Jocelyn Samuels Director, Office for Civil Rights All covered entities, including physical therapy providers, must ensure that they have adequate policies and procedures to obtain an individual s authorization for such purposes, including for posting on a website and/or social media pages, and a valid authorization form. April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 32 Baby Pictures at the Doctor s? Cute, Sure, but Illegal Why Illegal? April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 33 11

No Valid HIPAA Authorization April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 34 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 35 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 36 12

April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 37 8. Contingency Planning April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 38 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 39 13

April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 40 9. Workforce Training April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 41 March 13, 2015 Breach Portal Wall of Shame 78,800,000 Individuals April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 42 14

April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 43 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 44 10.HIPAA Compliance Program Culture of Compliance Quality of Care April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 45 15

I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know. Physician Patient Privilege Law of Evidence April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 46 April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 47 Discussion and Questions April 11, 2016 HIPAA Breaches 10 Things To Know presented by Paul R. Hales, J.D. 48 16

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback