1 / 7

Comprehensive 4-Step Program for HIPAA Compliance

This program outlines essential steps for achieving HIPAA compliance, focusing on awareness and practical actions. Begin by understanding the new HIPAA rules and conducting a thorough gap analysis to identify areas needing improvement. Review in-house policies, develop an acceptable computer use policy, and establish grounds for employee termination related to breaches. Prioritize privacy and security initiatives, and implement administrative, technical, and physical controls. Regularly update your practices and ensure ongoing education with resources from experts, such as SANS.org, to stay compliant and protect sensitive information.

torin
Télécharger la présentation

Comprehensive 4-Step Program for HIPAA Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 4-Step Program to HIPAA Compliance Brothers, hawn & coughlin, LLP

  2. Awareness • Understand the new rules. • Perform a “HIPAA gap” analysis • Look at in-house policies • Do an acceptable-use policy of computers in your organization • What are grounds for termination? • Prioritize actions to achieve compliance • Got to’s, needs to’sand nice to’s

  3. Awareness • Implement privacy & security initiatives • Administrative, technical and physical controls • Physical safeguard: Is anybody at the front, asking who they are, why they are there • Keeping physical log of who’s there, and why • Administrative controls • Acceptable use policy of computers • SANS.org has education and material about HIPPA rules, templates, sharing group for best practices on privacy and security development • Technical controls • Meeting with network administrator, listen to them about why they see and fee feel is going on • Social networking sites are often griped about as a time • Review/update annually • Look at polices and work with consultant to see if they’re up to date or if new rules have been established

  4. preparation • Perform a PHI data risk analysis • Hire out if you don’t know how to, lawyers, consultants • Look at state government for example security plans • Update BA Agreements • Explore cyber liability insurance • Transfer the cost of remediating a data breach • Major insurers have cyber liability coverage • AIG, Zurich (A-Z) • Legal defense, breach notification costs, credit monitoring (things you offer people who have been victims) • Benefit: they’ll do a HIPPA privacy and security assessment for you! • Can give discount if you have a response plan in place

  5. Preparation • Develop/test an incident response plan • Document which pulls together the actions the organization will take when breach is caught • Who is on the response team (IT, HR, PR, account management)? Who calls the lawyer, and when? • Goes through scenarios (what happens if someone’s laptop gets stolen?) to anticipate before a breach happens

  6. Resources and websites

  7. Response to breach • Anatomy of a data breach • Roles • Who will take various roles? • Communication to patient • Communication to OCR • Communication to technology staff/consultant • Communication to attorneys • Best practices

More Related