SlideShare a Scribd company logo

HIPAA Security Assesment Toolkit

J
jatabq
Technology
1 of 12
Download to read offline
HIPAA Security Assessment ToolKit™ Introduction and Overview Bob Chaput 615-656-4299 or 800-704-3394 bob.chaput@HIPAASecurityAssessment.com HITECH Security Advisors, LLC 1
Disclaimers 1. We are not attorneys! Consult with your own legal counsel or advisors. 2. Information about and around HIPAA and HITECH continues to evolve. 3. HIPAA and HITECH rules and regulations are subject to lots of different interpretations. 4. Every effort has been made to insure that the information presented is correct, but we can cannot offer such assurances. 5. You should not rely on this information for legal purposes, but simply use it as a tool to raise your awareness.
Why You Should Care! 1. “Ensuring adequate privacy and security protections for personal health information” is a key part of Meaningful Use 2. HITECH Act has raised the ante for HIPAA Security compliance significantly 3. Compliance is the smart thing to do for your business and the right thing to do for your patients or your customers’ patients 4. It’s the law! 3
Meaningful Use Stage 1 Policy Goals It’s about health outcomes improvement in the US… 1. Improving quality, safety, efficiency, and reducing health disparities. 2. Engaging patients and families in their healthcare 3. Improving care coordination 4. Improving population and public health 5. Ensuring adequate privacy and security protections for personal health information 4
The HITECH Act – Major Changes From a Privacy and Security perspective, here are five absolute “game changers” under HITECH: 1) Mandatory audits (Subtitle D, Part 1, Section 13411) 2) HHS non-compliance fines return to HHS’ coffers and within a few years (by law) individuals will participate in sharing the proceeds 3) State AGs can now bring civil actions on behalf of their citizens 4) Business Associates are now statutorily obligated 5) Data Breach Notification requirements 5
Meet the HHS Data Breach ‘Wall of Shame’ http://www.hhs.gov/ocr/privacy/hi paa/administrative/breachnotific ationrule/postedbreaches.html 6
HIPAA Security-HITECH Compliance Roadmap HIPAA HIPAA Remediation Security is Plan NOT a Focus of HSA ToolKit™ (HRP) “techie” project Preliminary HIPAA Remediation Security Plan Strategy HIPAA HIPAA HIPAA (PRP) (HSS) Security Compliance Security Assessment Manual Evaluation (HSA) HIPAA (HCM) (HSE) HIPAA Security Risk Training Analysis (HST) (HRA) … A journey, not a HIPAA Security destination ! Policies (HSP) 7
Purpose of the HSA ToolKit™ 1. Jump Start Your HIPAA Security Compliance Program 2. Establish A Progress / Benchmark Monitor 3. Quickly Identify “Low Hanging” Remediation Items 4. Develop a Solid Foundation for HIPAA Risk Analysis 5. Build Deep Understanding At The Onset 6. Get out in front of Meaningful Use requirements on ePHI security 8
Contents of the HSA ToolKit™ 1. HIPAA Security Assessment ToolKit™ Contents document 2. How to Use the HIPAA Security Assessment ToolKit™ 3. Comprehensive HIPAA Security Assessment (HSA) Excel Tool™, including Instructions, Glossary of Terms, included with HSA Excel Tool, Policies Checklist, Resources & References 4. HIPAA Security – HITECH Compliance Roadmap™ 5. Preliminary Remediation Plan Candidate Items template 6. Data Mountain HIPAA-HITECH Security Rule FAQ 7. Iron Mountain HIPAA Primer – What You Should Know About the New Regulations 8. 2009 CMS' HIPAA Compliance Review Analysis And Summary of Results 9. Office of Civil Rights (OCR) HIPAA Security Standards: Guidance on Risk Analysis 10. Centers for Medicare & Medicaid Services (CMS) Security Standards: Implementation for the Small Provider 11. Complete copy of HIPAA Security Final Rule (45 CFR Parts 160, 162, and 164) 9
Heart of the HSA ToolKit™
Features and Benefits of the HSA ToolKit™ HSA ToolKit™ Features HSA ToolKit™ Benefits • Low Risk • Easily derived immediate remediation steps Low Price and High Value • Fast Track to HIPAA Security Rule Compliance • Comprehensive tool and resources • Low Impact on Client Staff and Operations Short Duration • Fast, Immediate Results • Proven Quality • Developed by Senior, Experienced Professionals Development Team • Health Care Expertise • HIPAA – HITECH Focused • Comprehensive, Complete Data Gathering • Based on Proven Best Practices Sound Methodology • High-Quality, Credible Outcomes • Process View, No-Fault Appraisal • Baseline for Compliance Program 11
Contact Bob Chaput www.HIPAASecurityAssessment.com bob.chaput@HIPAASecurityAssessment.com Connect: www.linkedin.com/in/bobchaput Follow me: Twitter.com/bobchaput HITECH Security Advisors, LLC 12

Recommended

Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHostway|HOSTING
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurancemindleaftechnologies
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceHostway|HOSTING
 
HIPAA: security risk analysis
HIPAA: security risk analysisHIPAA: security risk analysis
HIPAA: security risk analysisJoAnna Cheshire
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Armor
 
Hipaa random audit
Hipaa random auditHipaa random audit
Hipaa random auditsupportc2go
 

Recommended

Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHostway|HOSTING
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurancemindleaftechnologies
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceHostway|HOSTING
 
HIPAA: security risk analysis
HIPAA: security risk analysisHIPAA: security risk analysis
HIPAA: security risk analysisJoAnna Cheshire
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Armor
 
Hipaa random audit
Hipaa random auditHipaa random audit
Hipaa random auditsupportc2go
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityPolsinelli PC
 
Common Security Framework Summary
Common Security Framework SummaryCommon Security Framework Summary
Common Security Framework SummaryJason Rusch - CISSP CGEIT CISM CISA GNSA
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1GuardEra Access Solutions, Inc.
 
Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Vitor Lundberg
 
Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalajcob123
 
Ecfirstbiz
EcfirstbizEcfirstbiz
Ecfirstbizshailu devi
 
HIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryHIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryJim Shingler
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0profit10
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA AuditSecurityMetrics
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...HPCC Systems
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA Security & Privacy Official
HIPAA Security & Privacy Official HIPAA Security & Privacy Official
HIPAA Security & Privacy Official GlobalCompliancePanel
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Traininghimalya sharma
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
What Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageWhat Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageTexas Medical Liability Trust
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Traininghimalya sharma
 
Compliance & hipaa regulations
Compliance & hipaa regulationsCompliance & hipaa regulations
Compliance & hipaa regulationsrcpopp2002
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
Simple Steps to HIPAA Compliance
Simple Steps to HIPAA ComplianceSimple Steps to HIPAA Compliance
Simple Steps to HIPAA ComplianceAtMyDeskTraining
 

More Related Content

What's hot

The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityPolsinelli PC
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Vitor Lundberg
 
Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalajcob123
 
HIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryHIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryJim Shingler
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0profit10
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA AuditSecurityMetrics
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...HPCC Systems
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Traininghimalya sharma
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
What Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageWhat Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageTexas Medical Liability Trust
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Traininghimalya sharma
 
Compliance & hipaa regulations
Compliance & hipaa regulationsCompliance & hipaa regulations
Compliance & hipaa regulationsrcpopp2002
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTKimberly Simon MBA
 

What's hot (19)

The Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & SecurityThe Intersection of OCR Enforcement and Health Care Data Privacy & Security
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
 
Common Security Framework Summary
Common Security Framework SummaryCommon Security Framework Summary
Common Security Framework Summary
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
 
Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake
 
Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-final
 
Ecfirstbiz
EcfirstbizEcfirstbiz
Ecfirstbiz
 
HIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud FoundryHIPAA Solutions on Cloud Foundry
HIPAA Solutions on Cloud Foundry
 
Iadmdhipmkt1.0
Iadmdhipmkt1.0Iadmdhipmkt1.0
Iadmdhipmkt1.0
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
HIPAA Security & Privacy Official
HIPAA Security & Privacy Official HIPAA Security & Privacy Official
HIPAA Security & Privacy Official
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
What Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageWhat Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud Storage
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
Compliance & hipaa regulations
Compliance & hipaa regulationsCompliance & hipaa regulations
Compliance & hipaa regulations
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 

Similar to HIPAA Security Assesment Toolkit

HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
Simple Steps to HIPAA Compliance
Simple Steps to HIPAA ComplianceSimple Steps to HIPAA Compliance
Simple Steps to HIPAA ComplianceAtMyDeskTraining
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin, Inc.
 
Final Project Presentation requirementSelect your final project .docx
Final Project Presentation requirementSelect your final project .docxFinal Project Presentation requirementSelect your final project .docx
Final Project Presentation requirementSelect your final project .docxlmelaine
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarCompliancy Group
 
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docx
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docxBarbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docx
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docxwilcockiris
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Explain the security implications of HIPPA requirements for hospital.pdf
Explain the security implications of HIPPA requirements for hospital.pdfExplain the security implications of HIPPA requirements for hospital.pdf
Explain the security implications of HIPPA requirements for hospital.pdfarjunenterprises1978
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAAManas Deep
 
An Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdfAn Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdfSeasiaInfotech2
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesCMDLMS
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...Learn2Prevent
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliancePrince George
 
How to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHow to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHanna Global
 
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...Colington Consulting
 
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...Ben Rothke
 
Hipaa compliance for small healthcare providers
Hipaa compliance for small healthcare providersHipaa compliance for small healthcare providers
Hipaa compliance for small healthcare providersGlobalCompliancePanel
 

Similar to HIPAA Security Assesment Toolkit (20)

HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
 
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel AvivHIPAA Workloads on AWS - Pop-up Loft Tel Aviv
HIPAA Workloads on AWS - Pop-up Loft Tel Aviv
 
Simple Steps to HIPAA Compliance
Simple Steps to HIPAA ComplianceSimple Steps to HIPAA Compliance
Simple Steps to HIPAA Compliance
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 
Final Project Presentation requirementSelect your final project .docx
Final Project Presentation requirementSelect your final project .docxFinal Project Presentation requirementSelect your final project .docx
Final Project Presentation requirementSelect your final project .docx
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
 
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docx
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docxBarbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docx
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docx
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Explain the security implications of HIPPA requirements for hospital.pdf
Explain the security implications of HIPPA requirements for hospital.pdfExplain the security implications of HIPPA requirements for hospital.pdf
Explain the security implications of HIPPA requirements for hospital.pdf
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 
An Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdfAn Overview of HIPAA Laws and Regulations.pdf
An Overview of HIPAA Laws and Regulations.pdf
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
 
How to Ensure HIPPA Compliance
How to Ensure HIPPA ComplianceHow to Ensure HIPPA Compliance
How to Ensure HIPPA Compliance
 
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...
 
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...
 
Hipaa compliance for small healthcare providers
Hipaa compliance for small healthcare providersHipaa compliance for small healthcare providers
Hipaa compliance for small healthcare providers
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

HIPAA Security Assesment Toolkit

  • 1. HIPAA Security Assessment ToolKit™ Introduction and Overview Bob Chaput 615-656-4299 or 800-704-3394 bob.chaput@HIPAASecurityAssessment.com HITECH Security Advisors, LLC 1
  • 2. Disclaimers 1. We are not attorneys! Consult with your own legal counsel or advisors. 2. Information about and around HIPAA and HITECH continues to evolve. 3. HIPAA and HITECH rules and regulations are subject to lots of different interpretations. 4. Every effort has been made to insure that the information presented is correct, but we can cannot offer such assurances. 5. You should not rely on this information for legal purposes, but simply use it as a tool to raise your awareness.
  • 3. Why You Should Care! 1. “Ensuring adequate privacy and security protections for personal health information” is a key part of Meaningful Use 2. HITECH Act has raised the ante for HIPAA Security compliance significantly 3. Compliance is the smart thing to do for your business and the right thing to do for your patients or your customers’ patients 4. It’s the law! 3
  • 4. Meaningful Use Stage 1 Policy Goals It’s about health outcomes improvement in the US… 1. Improving quality, safety, efficiency, and reducing health disparities. 2. Engaging patients and families in their healthcare 3. Improving care coordination 4. Improving population and public health 5. Ensuring adequate privacy and security protections for personal health information 4
  • 5. The HITECH Act – Major Changes From a Privacy and Security perspective, here are five absolute “game changers” under HITECH: 1) Mandatory audits (Subtitle D, Part 1, Section 13411) 2) HHS non-compliance fines return to HHS’ coffers and within a few years (by law) individuals will participate in sharing the proceeds 3) State AGs can now bring civil actions on behalf of their citizens 4) Business Associates are now statutorily obligated 5) Data Breach Notification requirements 5
  • 6. Meet the HHS Data Breach ‘Wall of Shame’ http://www.hhs.gov/ocr/privacy/hi paa/administrative/breachnotific ationrule/postedbreaches.html 6
  • 7. HIPAA Security-HITECH Compliance Roadmap HIPAA HIPAA Remediation Security is Plan NOT a Focus of HSA ToolKit™ (HRP) “techie” project Preliminary HIPAA Remediation Security Plan Strategy HIPAA HIPAA HIPAA (PRP) (HSS) Security Compliance Security Assessment Manual Evaluation (HSA) HIPAA (HCM) (HSE) HIPAA Security Risk Training Analysis (HST) (HRA) … A journey, not a HIPAA Security destination ! Policies (HSP) 7
  • 8. Purpose of the HSA ToolKit™ 1. Jump Start Your HIPAA Security Compliance Program 2. Establish A Progress / Benchmark Monitor 3. Quickly Identify “Low Hanging” Remediation Items 4. Develop a Solid Foundation for HIPAA Risk Analysis 5. Build Deep Understanding At The Onset 6. Get out in front of Meaningful Use requirements on ePHI security 8
  • 9. Contents of the HSA ToolKit™ 1. HIPAA Security Assessment ToolKit™ Contents document 2. How to Use the HIPAA Security Assessment ToolKit™ 3. Comprehensive HIPAA Security Assessment (HSA) Excel Tool™, including Instructions, Glossary of Terms, included with HSA Excel Tool, Policies Checklist, Resources & References 4. HIPAA Security – HITECH Compliance Roadmap™ 5. Preliminary Remediation Plan Candidate Items template 6. Data Mountain HIPAA-HITECH Security Rule FAQ 7. Iron Mountain HIPAA Primer – What You Should Know About the New Regulations 8. 2009 CMS' HIPAA Compliance Review Analysis And Summary of Results 9. Office of Civil Rights (OCR) HIPAA Security Standards: Guidance on Risk Analysis 10. Centers for Medicare & Medicaid Services (CMS) Security Standards: Implementation for the Small Provider 11. Complete copy of HIPAA Security Final Rule (45 CFR Parts 160, 162, and 164) 9
  • 10. Heart of the HSA ToolKit™
  • 11. Features and Benefits of the HSA ToolKit™ HSA ToolKit™ Features HSA ToolKit™ Benefits • Low Risk • Easily derived immediate remediation steps Low Price and High Value • Fast Track to HIPAA Security Rule Compliance • Comprehensive tool and resources • Low Impact on Client Staff and Operations Short Duration • Fast, Immediate Results • Proven Quality • Developed by Senior, Experienced Professionals Development Team • Health Care Expertise • HIPAA – HITECH Focused • Comprehensive, Complete Data Gathering • Based on Proven Best Practices Sound Methodology • High-Quality, Credible Outcomes • Process View, No-Fault Appraisal • Baseline for Compliance Program 11
  • 12. Contact Bob Chaput www.HIPAASecurityAssessment.com bob.chaput@HIPAASecurityAssessment.com Connect: www.linkedin.com/in/bobchaput Follow me: Twitter.com/bobchaput HITECH Security Advisors, LLC 12