1 / 14

HIPAA Compliance Checklist for Medical Practices | PACS Workshop - Amirkabir University

Learn about HIPAA compliance and the necessary steps for medical practices in this PACS workshop at Amirkabir University. Understand the definition, regulations, and best practices for maintaining patient data security. Dr. Afshin Niakan will guide you through the HIPAA administrative simplification requirements and provide practical tips for compliance.

demko
Télécharger la présentation

HIPAA Compliance Checklist for Medical Practices | PACS Workshop - Amirkabir University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PACS Workshop -Amirkabir University. Medical Software Introduction to the PACS Security Dr. Afshin Niakan,

  2. PACS Workshop -Amirkabir University. Security • Definition • HIPPA: (Health Insurance Portability and Accountability Act • ISMS (Information security management system) • ISO 27000 (27000-27008) • 27003 (Implementation of ISMS) • 27005 (Security Risk Management) • 27004 (Measurement) • 27006 (Organization offering ISMS Certification) • Health Information Technology for Economic and Clinical Health (HITECH) • protected health information (PHI) Dr. Afshin Niakan

  3. PACS Workshop -Amirkabir University. • The Health Insurance Portability and Accountability Act (HIPAA) passed by Congress in 1996 is a comprehensive law that addresses a number of health care issues including data • transmission and protection, fraud and abuse, and insurance portability. • The components of HIPAA Administrative Simplification include the following • Electronic Transactions and Code Sets; • Privacy Standards • Security Standards • Unique Identifiers • Electronic Digital Signature; and • Enforcement Dr. Afshin Niakan

  4. PACS Workshop -Amirkabir University. Compliance with the Administrative Simplification portion of HIPAA will require significant changes to a physician’s medical practice. Maintaining the confidentiality of patient information, both electronic and written, is a critical aspect of patient care. Dr. Afshin Niakan

  5. PACS Workshop -Amirkabir University. Short HIPAA Compliant Checklist 1.     Have you formally designated a person or position as your organization’s privacy and security officer? 2.    Do you have documented privacy and information security policies and procedures? 3.    Have they been reviewed and updated, where appropriate, in the last six months? 4.    Have the privacy and information security policies and procedures been communicated to all personnel, and made available for them to review at any time? 5.    Do you provide regular training and ongoing awareness communications for information security and privacy for all your workers? Dr. Afshin Niakan

  6. PACS Workshop -Amirkabir University. 6.    Have you done a formal information security risk assessment in the last 12 months? 7.     Do you regularly make backups of business information, and have documented disaster recovery and business continuity plans? 8.    Do you require all types of sensitive information, including personal information and health information, to be encrypted when it is sent through public networks and when it is stored on mobile computers and mobile storage devices? 9.    Do you require information, in all forms, to be disposed of using secure methods? 10.Do you have a documented breach response and notification plan, and a team to support the plan? Dr. Afshin Niakan

  7. PACS Workshop -Amirkabir University. • If you answered no to any of these questions you have gaps in your security fence.  If you answered no to more than three you don’t have a security fence. Dr. Afshin Niakan

  8. PACS Workshop -Amirkabir University. 10 Best Practices for the Small Healthcare Environment • 1: Use strong passwords and change them regularly • Strong passwords should: • • Be at least 8 characters in length • • Include a combination of upper case and lower case letters, at least one number and at least one special character, such as a punctuation mark • 2: Install and Maintain Anti-Virus Software • 3: Use a Firewall • Control Access to Protected Health Information • access control • only to people with a need to know it. • access logs Dr. Afshin Niakan

  9. PACS Workshop -Amirkabir University. 10 Best Practices for the Small Healthcare Environment • 1: Use strong passwords and change them regularly • Strong passwords should: • • Be at least 8 characters in length • • Include a combination of upper case and lower case letters, at least one number and at least one special character, such as a punctuation mark • 2: Install and Maintain Anti-Virus Software • 3: Use a Firewall • 4: Control Access to Protected Health Information • access control • only to people with a need to know it. • access logs Dr. Afshin Niakan

  10. PACS Workshop -Amirkabir University. 10 Best Practices for the Small Healthcare Environment • 5: Control Physical Access • flash drives, CD or DVD disks, laptops, handhelds, desktop computers, and even hard drives ripped out of machines, lost and stolen backup tapes, and entire network servers • 6: Limit Network Access • Wireless routing • A good policy is to prohibit staff from installing software without prior approval • 7: Plan for the Unexpected • 8: Maintain Good Computer Habits • Configuration Management • Software Maintenance • Operating Maintenance Dr. Afshin Niakan

  11. PACS Workshop -Amirkabir University. 10 Best Practices for the Small Healthcare Environment • 9: Protect Mobile Devices • 10: Establish a Security Culture • the weakest link in any computer system is the user. • Security practices must be built in, not bolted on. Dr. Afshin Niakan

  12. PACS Workshop -Amirkabir University. • Section 164.530 of the HIPAA privacy rule states • (b) 1. Standard: training. • (b) 2. Implementation specifications: training. • (j) 1. Standard: documentation. • (j) 2. Implementation specification: retention period. • AHIMA Summary on Privacy Training: A covered entity must train the entire workforce on HIPAA-directed privacy policies and procedures necessary to comply with the rule. Workforce training should be executed through normal or existing organizational educational operations. All covered entities must provide ongoing updates and document evidence of compliance in written or electronic form and retain it for a minimum of six years from the implementation date. Dr. Afshin Niakan

  13. PACS Workshop -Amirkabir University. • HIPAA's security standard 164.308(a)(5)(i) states: • ...Implement a security awareness and training program for all members of its work force (including management). • (ii) Implementation specifications. Implement: • Security reminders • Protection from malicious software • Log in monitoring • Password management • AHIMA Summary on Security Training: Covered entities should train the entire workforce, including management, on security issues respective of organizational uniqueness. In addition, the covered entity periodically should provide security training updates based on technology and security risks. Dr. Afshin Niakan

  14. PACS Workshop -Amirkabir University. اجرای عملیاتی پیاده سازی امنیت در مراکز درمانی و سیستم PACS Dr. Afshin Niakan

More Related