the must have tools to address your hipaa compliance challenge
DESCRIPTION
A panel of experts from the companies that were chosen as “5 Key tools to help your organization achieve HIPAA compliance” In this webinar we will highlight ways for you and your organization to use tools to help make the task of HIPAA compliance easier and more effective. Panelist: Bob Grant ex HIPAA auditor and CCO of Compliancy Group LLC Andy Nieto, Health IT Strategist at DataMotion April Sage Director of Healthcare IT at Online Tech Asaf Cidon CEO and co-founder of Sookasa Daryl Glover Exec VP Strategic Initiatives of qliqSOFTTRANSCRIPT
The Must Have Tools To Address Your Compliance Challenge
855.85HIPAA www.compliancygroup.com
Industry leading Education
Certified Partner Program For Today
• Please ask questions! (We are going to)
• Today’s Slides http://compliancy-group.com/slides023/
• Upcoming & past webinars:http://compliancy-group.com/webinar/
Get Involved
#cgwebinar
• October 21 - Top 5 tools to help you achieve HIPAA compliance
• November 11 - Saving time and money through web-based benefits administration and consolidated billing
The Must Have Tools To Address Your Compliance Challenge
Question What best describes your organization’s view of HIPAA compliance?
The Must Have Tools to Address Your HIPAA Compliance Challenge - Email Encryption Andy Nieto, Health IT Strategist
Agenda
■ Introductions? ■ Has anybody not heard of HIPAA? ■ Three keys for successful email encryption
5
First…
■ Utilize existing workflow » Easier for sender and
receiver » Increased user
acceptance » Often more efficient
6
It’s not just technology
■ Cultivate a culture of compliance » Endorsed and
practiced from the top down
» Becomes a way of working
7
Go beyond your own walls
■ Develop security risk awareness » Business Associates » Patients » Providers
8
The Must Have Tools To Address Your Compliance Challenge
Question Do you think Meaningful Use attestation makes you HIPAA compliant?
Why a Risk Assessment is NOT enough!
Step 1. Assess where you are against the regulation (GAP) • The key to a risk analysis is auditing yourself against
the administrative, technical, and physical aspects of HIPAA • A risk analysis will help you attest to Meaningful Use Stage 1
Core Requirement 15
Step 2. Remediation Plan • Prove that you remediated the deficiencies identified in the risk analysis • For example, lack of Policies & Procedures, Training, Attestation, and IT deficiencies
What Do All Compliance Regulations Have In Common?
Step 3. How do you illustrate your compliance plan? • Administrative
• Policies & Procedures
• Technical • IT security including, servers, routers firewalls and Devices with PHI on them
• Physical
• Security within physical locations of your practice(s)
Step 4. Creating a culture of compliance • Maintaining your compliance • Auditing your sites regularly • Refreshing your staffs training
Beyond a Risk Analysis
***Only 11% of Covered Entities passed the audit,
70% of Covered Entities are not compliant*** "OCR determined that the most common cause of findings or observations was that the CE was entirely unaware of the requirement.” “Pleading ignorance will not be a defense when OCR comes to call.”*
* http://www.govhealthit.com/news/steps-prep-phase-2-ocr-audits
What CMS, HHS & OCR is Saying
The Must Have Tools To Address Your Compliance Challenge
Question Have your Business Associates signed a BAA and provided the necessary documentation?
www.onlinetech.com Copyright 2014 Online Tech. All rights reserved. CONFIDENTIAL 734.213.2020
HIPAA COMPLIANT CLOUDS Should be: • Independently HIPAA audited to the OCR Audit Protocol Guidelines • Include encryption out of the box
– FIPS 140-2 requires AES 256 bit encryption – End-to-end: All the way to the backup
• Within high-availability data center with rigorous physical and network security safeguards
• Give you options: – Not all private clouds can scale – Not all clouds provide compliant offsite backup & recovery
www.onlinetech.com Copyright 2014 Online Tech. All rights reserved. CONFIDENTIAL 734.213.2020
CLOUD BACKUP & RECOVERY
• Get offsite • Ask yourself, would Mr. FIPS approve? • What are your recovery opPons? • Can you fly/drive/walk/point to where your offsite backup data lives?
www.onlinetech.com Copyright 2014 Online Tech. All rights reserved. CONFIDENTIAL 734.213.2020
CULTURE OF COMPLIANCE
• “HIPAA Certified” = Healthcare’s unicorn
• Ask for and read the independent audit report
• Experience the culture for yourself
• Partner or liability?
– Ask yourself, “will I sleep better here?”
The Must Have Tools To Address Your Compliance Challenge
Question When it comes to HIPAA non-compliance, what do you think is worse?
46.01%
13.04%
12.96%
12.31%
9.43%
4.92% 1.31%
Portable Media Network Server Computer Laptop EMR Paper E-‐mail
HIPAA Breaches AffecPng 500+ Records 2006-‐2013 [Source: HHS]
Most breaches: lost/stolen devices
Top HIPAA File Sharing Risks
1. Device Loss with Unencrypted PHI
2. Accidental Sharing of PHI
3. Unencrypted PHI on Cloud?
Solved by BAA
Not Solved by BAA
Dropbox Box Google Drive Sookasa + Dropbox
Signed BAA
On-‐device EncrypPon
Prevent Accidental Sharing
Access Control for On-‐device Data
End User Experience and
Sync
Popularity (Network Effect)
Sookasa: Top 5 Tools
The Must Have Tools To Address Your Compliance Challenge
Question Generally speaking, how expensive do you think it is to encrypt?
qliqSOFT,Inc. www.qliqsoD.com
qliqCONNECT Secure, HIPAA-‐Compliant
Mobile Messaging SoluNons
Risks to Healthcare CIO • Smartphones & BYOD -‐ More healthcare providers
are using their own smartphones.
• SMS TexNng -‐ Physicians and nurses have discovered the effec8veness of tex8ng.
• HIPAA ViolaNons -‐ Increasing audits and financial penal8es for HIPAA viola8ons.
Must haves for HIPAA compliant messaging
• Full HIPAA-‐compliance • No PHI Stored on 3rd Party Vendor System • Public/Private Key EncrypPon • Increase in producPvity and happiness of healthcare providers
Security and Compliance
• User authenPcaPon (Supports acPve directory) • Remote lock and data wipe • Configure message retenPon • Ability to audit user acPvity • Configurable password segngs
855.85HIPAA www.compliancygroup.com
Certified Partner Program
Q&A • Please ask questions! (We are going to)
• Today’s Slides: http://compliancy-group.com/slides023/
• Upcoming & Past webinars: http://compliancy-group.com/webinar/
• October 21 - Top 5 Compliance Tools • November 11 - Saving time and money through Web-based
Benefits administration and consolidated billing
Daryl Glover Executive VP Strategic Initiatives [email protected] 866-295-0451 Ext 103
Our Panelists
Marc Haskelson President/CEO of Compliancy Group [email protected] 855-854-4722 Ext 507 April Sage Director Healthcare IT [email protected] 734-213-2020 Ext 113
Andy Nieto Healthcare IT Strategist [email protected] 973-455-1245 Ext 240
Asaf Cidon CEO and Co-founder of Sookasa [email protected] 888-675-4998