BOS HIPAA BootCamp - Module 0 - Welcome-Introduction …clearwatercompliance.com/wp-content/uploads/2014/07/BOS... · 2020. 3. 16. · 7/28/2014 © Clearwater Compliance LLC | All

7/28/2014

© Clearwater Compliance LLC | All Rights Reserved | 1

© Clearwater Compliance LLC | All Rights Reserved

Copyright Notice

1

Copyright Notice. All materials contained within this document are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior, express written permission of Clearwater Compliance LLC. You may not alter or remove any copyright or other notice from copies of this content.

For reprint permission and information, please direct your inquiry to [email protected]


Legal Disclaimer

2

Legal Disclaimer. This information does not constitute legal advice and is for educational purposes only. This information is based on current federal law and subject to change based on changes in federal law or subsequent interpretative guidance. Since this information is based on federal law, it must be modified to reflect state law where that state law is more stringent than the federal law or other state law exceptions apply. This information is intended to be a general information resource regarding the matters covered, and may not be tailored to your specific circumstance. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND ADVICE PROVIDED HEREIN IN CONSULTATION WITH YOUR LEGAL OR OTHER ADVISOR, AS APPROPRIATE. The existence of a link or organizational reference in any of the following materials should not be assumed as an endorsement by Clearwater Compliance LLC.

7/28/2014


© Clearwater Compliance LLC | All Rights Reserved3


HIPAA Compliance BootCamp™

Bob Chaput615‐656‐4299 or 800‐704‐[email protected] Compliance LLC

4

7/28/2014



Welcome and Overview

5


Welcome and Overview

6

1. Faculty

2. Objectives & Agenda

3. Logistics

7/28/2014



About HIPAA‐HITECH Compliance

1. We are not practicing law!

2. The Omnibus has arrived!

3. Lots of different interpretations!

7


Yes No

HIPAA‐HITECH 101

Pause & Quick Poll

• Were you able to attend our HIPAA-HITECH 101 session?

7/28/2014



Gregory J. Ehardt, JD, LL.M.HIPAA/Assistant Compliance Officer - HCA Adjunct Professor Office of General CounselIdaho State University

Bob Chaput, CISSP, HCISPP, CIPP/US CEOClearwater Compliance

Expert Instructors

Elizabeth Warren, Esq.PartnerBass, Berry & Sims, PLC

Mary Chaput, MBA, HCISPP, CIPP/US, CHPCFO & Chief Compliance OfficerClearwater Compliance

Meredith Phillips, MHSA, CHC, CHPC Chief Information Privacy & Security Officer Henry Ford Health System

David Finn, CISA, CISM, CRISCHealth IT Officer Symantec Corporation


Learning Objectives

Attendees Will Be Able To:1. Demonstrate a working knowledge of HIPAA

Privacy and Security Rules and HITECH Breach Notification Interim Final Rule

2. Teach colleagues key components of the OCR audits

10

3. Describe key sources and magnitude of liability and risk

4. Explain a step‐by‐step strategy for preparing for an OCR audit or investigation

5. Understand and use Privacy and Security regulatory terminology

6. Differentiate between HIPAA civil and criminal penalties, including the new Civil Monetary Penalty System

7. Explain the difference between a HIPAA Security Evaluation and a HIPAA Security Risk Analysis

8. Select or develop appropriate policies and procedures for HIPAA compliance

9. Prioritize compliance gaps in your HIPAA‐HITECH compliance program

10.Build your Compliance Remediation Plan

Help You Become Compliant and Avoid an OCR Enforcement

Action

Help Us All Improve Access to Care,

Timely Care & Higher Quality Care

7/28/2014



Please Reference Agenda

Action‐Packed | Collaborative |

Practical, Actionable Info| Current 11

Lots of Tools

Provided!


Logistics and Other Items

12

1. Breaks and Lunch

2. Rest Rooms

3. Cell Phones

4. Questions / Comments / Concerns

5. Basecamp

6. Course Evaluation

7. Your Objectives

8. Orientation to Student WorkBook

9. Supplemental Materials

10.Keep Your “Punch List”

7/28/2014



Student Materials On Password‐Protected Web Page

13

1. Program Agenda / Syllabus

2. Presentation Slides

3. White Papers

4. ClearwaterCompliance.com website

5. Course Evaluation

6. Supplemental Resources

7. Continuing Education Units

8. Etc.


• 30 Day Access, from today!

• Clearwater Expert

• Email | Phone | GoToMeeting

• All Clearwater HIPAA Compliance BootCamp™ Attendees

14

Clearwater HIPAA Mentor™

• Contact: Bob Chaput

– [email protected]

– I’ll assist you or connect you with an Expert

7/28/2014



Our Overarching Mission

15

1. Complaint2. Breach Notice3. SAG HITECH Action

4. FTC Action5. Whistleblower6. State Action (e.g., DHCS)

7. OCR Audithttp://www.hhs.gov/ocr/privacy/hipaa/enforcement/process/index.html

Avoid the following…


Policy defines an

organization’s values & expected behaviors; establishes “good faith” intent

Peoplemust include

talented privacy & security & technical staff, engaged and supportive

management and trained/aware colleagues

following PnPs.

Procedures or

processes – documented ‐provide the actions required to deliver on organization’s values.

Safeguards includes the various families of administrative, physical or

technical security controls (including “guards, guns, and gates”, encryption, firewalls, anti‐malware,

intrusion detection, incident management tools, etc.)

BalancedCompliance

Program

Four Critical Dimensions

Clearwater Compliance Compass™16

7/28/2014



9 Actions to Take Now

17

4. Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A))

5. Complete a HIPAA Security Evaluation (= compliance assessment) (45 CFR

§ 164.308(a)(8))

6. Complete Technical Testing of Your Environment (45 CFR § 164.308(a)(8))

7. Implement a Strong, Proactive Business Associate / Management Program (45 CFR §164.502(e) and 45 CFR §164.308(b))

8. Complete Privacy Rule and Breach Rule compliance assessments (45 CFR

§164.530 and 45 CFR §164.400)

9. Document and act upon a remediation plan

1. Set Privacy and Security Risk Management & Governance Program in place (45 CFR § 164.308(a)(1))

2. Develop & Implement comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530 and 45 CFR §164.316)

3. Train all Members of Your Workforce (45 CFR §164.530(b) and 45 CFR §164.308(a)(5))

Demonstrate Good Faith Effort!


Agenda – HOW TO…Welcome, Introductions and Overview

1. How to Set Up Your Privacy and Security Risk Management & Governance Program

2. How to Assess Your Increased Liability Risk Under the Omnibus Final Rule

3. How to Develop & Implement Comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (PnPs)

Networking Break

4. How to Prepare for and Manage an OCR Investigation

5. How to Train all Members of Your Workforce

Lunch and Networking Break

6. Panel Discussion – How to Implement a Strong, Proactive Business Associate Management Program

7. How to Assess and Monitor Your Compliance with the HIPAA Privacy Rule and HITECH Breach Notification Rule

Networking Break

8. Presentation and Panel Discussion: How to Create a “Culture of Compliance”

9. How to Complete the HIPAA Security Rule Risk Analysis and Technical Testing Requirements

Reception and Networking18

HOW TO…

7/28/2014



One last thing…

19


Questions?

20

7/28/2014



Accretive Health Case Study

21


Accretive Share Price & Story

22

July 2011 - Accretive employee’s laptop computer, containing 20 million pieces

of information on 23,000 patients, was stolen from

the passenger compartment of the employee’s car

7/31/2012 $2.5M MN SAG Settlement

1/19/2012 MN SAG Suit

12/31/2013FTC Settle.

6/13/2013Class

Action Suit

03/14/2014De-Listed

NYSE

4/2/2013CEO

Replaced

8/26/2013CFO

Replaced

9/27/2013$14M Class Settlement

01/2014170 Job

Cuts

4/13/2013COO

Replaced

Documents

BOS HIPAA BootCamp - Module 0 - Welcome-Introduction …clearwatercompliance.com/wp-content/uploads/2014/07/BOS... · 2020. 3. 16. · 7/28/2014 © Clearwater Compliance LLC | All