Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
DisclaimerThis webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that there is not a “one size fits
all” solution for the ideas expressed in this webinar; we invite you to follow up directly with us for more personalized information as it pertains
to your specific practice and issues.
Thank you, and enjoy the webinar.
About Us
Our passion is to provide solutions for our healthcare provider partners which help them improve patient care, enhance the patient experience and maintain a financially healthy practice.
Since 2003 we have specialized in NextGen®
Healthcare services including:
• Consulting
• Hosting
• Customization
• And productivity tools such as ChartGuard® and RefundManager®
Upcoming Webinars
Today’s Electronic Data Interchange… So Much More than Claims
• Wednesday, March 15, 2017
Also, keep your eyes peeled for any other webinar invites dependent on future regulatory changes
NOT another HIPAA Compliance Webinar!
Lowering
the
Cost of
Compliance
Introductions
Christ Floros
Managing Consultant, Security and Compliance
Itentive Healthcare Solutions
Chelsea Grover
Marketing Communications Coordinator
Itentive Healthcare Solutions
NOT another HIPAA Compliance Webinar!
Lowering
the
Cost of
Compliance
Lowering the cost of compliance
HIPAA compliance is on the minds of most of today’s healthcare leaders. Reports of breaches, fines and clarifications of responsibilities flood in through emails and articles. Although most understand the requirements, many are faced with the problem of implementation and the burden of the costs.
In this webinar we will review what is at risk and present solutions that help in the adoption of a HIPAA compliant security program.
HIPAA Security Rule
• The purpose of the Security Rule is to ensure that every covered entity has implemented safeguards to protect the confidentiality, integrity and availability of electronic protected health information.
• Check the box mentality
• Risk = Threat ∗ Vulnerability ∗ Impact
Value of Information
Credit Card Data
(Worth $.25 to $1)
Patient Data
(Worth $10 to $50)
Vs.
ePHI Breaches
• 2015
113 million patients affected (Anthem breach 80 million)
270 reported breaches
• 2016 (through October)
14.3 million patients affected
252 reported breaches
HIPAA Fines
• 2015
$ 6.1 Million
• 2016
$ 22.84 Million
What does a Data Breach Cost?
• $221 per record in Financial Sector
• $355 per record in Healthcare Sector
• In US probability of having a breach has risen to 24%
• 50% of breaches caused by criminal or malicious attack
Ponemon Institue 2016 report sponsored by IBM
Doing the math
• 10,000 records ∗ $355 per record = $ 3.5 million
• 25,000 records ∗ $355 per record = $ 8.9 million
• 50,000 records ∗ $355 per record = $ 17.8 million
How do we protect ourselves?
• Perform comprehensive HIPAA Security Risk Analysis
• Develop remediation plan to address gaps in compliance
• Identify and maintain evidence of compliance
• Monitor for changes that may present new vulnerabilities
• Rinse and repeat
Challenges to managing the risk
• Regulations provide the What without the How
• Monitoring the volume of information generated through audit logs
• Identifying changes or additions affecting risks and opening vulnerability
• Our day jobs!
How do I effectively manage my HIPAA compliance?
How can we help
Streamline the SRA process
• Providing comprehensive Security Risk Analysis
• Our analysts walk you through the process of identifying and documenting risks through simple questions and interview
• The entire process is documented in the cloud for reference
How can we help
Action planning after the SRA
• Develop remediation plan addressing gaps in compliance
• Online Action Plan to record individual remediation efforts leading to the final remediation of gap including documentation and evidence.
How can we help
Tools that bring it all together
• The aforementioned cloud based Risk Assessment tool
• Organizes SRA through role based interviews
• Acts as repository for documentation
• Tracks and drives remediation plan
How can we help
Reporting
• Customized reports providing relevant information
• Users who have not accessed systems
• User accounts violating security policy
• Security level changes
• Domain security settings
How can we help
Alerting
• Appearance of ePHI in unauthorized locations
• Security changes to sensitive systems
• Network device config changes
• Scanning devices to ensure compliance enabled
• Detect unauthorized devices
How can we help
Demonstrable evidence of compliance
• Security Risk Assessment and documentation
• Reports provide documentation of reviews
• Alerts provide proof of active compliance with security policies
This process is not about living
in fear of an audit.
• Due diligence
Have we carefully considered the threats and
vulnerabilities in our environment?
• Due care
Have we implemented and verified all that is
reasonably required to avoid a breach?
It is about avoiding a breach.
Questions
Christ Floros
• Managing Consultant, Security and Compliance At Itentive Healthcare Solutions
• 224-220-5533
Thank you
Chicago | Columbus | Itentive.com