Covered Entities and Business Associates – take control of your HIPAA Security – HITECH Act compliance program starting today! Our HIPAA Security Assessment Tool™ is the easiest, fastest and most popular way to establish a baseline scorecard and track compliance progress.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
HIPAA Security Assessment Intro & Overview
1. HIPAA Security Assessment ToolKit™
Introduction and Overview
Bob Chaput
615-656-4299 or 800-704-3394
bob.chaput@HIPAASecurityAssessment.com
HITECH Security Advisors, LLC
1
2. Disclaimers
1. We are not attorneys! Consult with your own legal
counsel or advisors.
2. Information about and around HIPAA and HITECH
continues to evolve.
3. HIPAA and HITECH rules and regulations are subject to
lots of different interpretations.
4. Every effort has been made to insure that the
information presented is correct, but we can cannot offer
such assurances.
5. You should not rely on this information for legal
purposes, but simply use it as a tool to raise your
awareness.
3. Why You Should Care!
1. “Ensuring adequate privacy and security
protections for personal health information” is a key
part of Meaningful Use
2. HITECH Act has raised the ante for HIPAA Security
compliance significantly
3. Compliance is the smart thing to do for your
business and the right thing to do for your patients
or your customers’ patients
4. It’s the law!
3
4. Meaningful Use Stage 1 Policy Goals
It’s about health outcomes improvement
in the US…
1. Improving quality, safety, efficiency, and reducing
health disparities.
2. Engaging patients and families in their healthcare
3. Improving care coordination
4. Improving population and public health
5. Ensuring adequate privacy and security
protections for personal health information
4
5. The HITECH Act – Major Changes
From a Privacy and Security perspective, here are five absolute
“game changers” under HITECH:
1) Mandatory audits (Subtitle D, Part 1, Section 13411)
2) HHS non-compliance fines return to HHS’ coffers and
within a few years (by law) individuals will participate
in sharing the proceeds
3) State AGs can now bring civil actions on behalf of their
citizens
4) Business Associates are now statutorily obligated
5) Data Breach Notification requirements
5
6. Meet the HHS Data Breach ‘Wall of Shame’
http://www.hhs.gov/ocr/privacy/hi
paa/administrative/breachnotific
ationrule/postedbreaches.html
6
7. HIPAA Security-HITECH Compliance Roadmap
HIPAA
HIPAA
Remediation Security is
Plan NOT a
Focus of HSA ToolKit™ (HRP) “techie”
project
Preliminary HIPAA
Remediation Security
Plan Strategy
HIPAA HIPAA HIPAA
(PRP) (HSS)
Security Compliance Security
Assessment Manual Evaluation
(HSA) HIPAA (HCM) (HSE)
HIPAA Security
Risk Training
Analysis (HST)
(HRA) … A journey,
not a
HIPAA
Security destination !
Policies
(HSP)
7
8. Purpose of the HSA ToolKit™
1. Jump Start Your HIPAA Security
Compliance Program
2. Establish A Progress / Benchmark
Monitor
3. Quickly Identify “Low Hanging”
Remediation Items
4. Develop a Solid Foundation for
HIPAA Risk Analysis
5. Build Deep Understanding At The
Onset
6. Get out in front of Meaningful Use
requirements on ePHI security
8
9. Contents of the HSA ToolKit™
1. HIPAA Security Assessment ToolKit™ Contents
document
2. How to Use the HIPAA Security Assessment ToolKit™
3. Comprehensive HIPAA Security Assessment (HSA)
Excel Tool™, including Instructions, Glossary of
Terms, included with HSA Excel Tool, Policies
Checklist, Resources & References
4. HIPAA Security – HITECH Compliance Roadmap™
5. Preliminary Remediation Plan Candidate Items template
6. Data Mountain HIPAA-HITECH Security Rule FAQ
7. Iron Mountain HIPAA Primer – What You Should Know
About the New Regulations
8. 2009 CMS' HIPAA Compliance Review Analysis And
Summary of Results
9. Office of Civil Rights (OCR) HIPAA Security Standards:
Guidance on Risk Analysis
10. Centers for Medicare & Medicaid Services (CMS)
Security Standards: Implementation for the Small
Provider
11. Complete copy of HIPAA Security Final Rule (45 CFR
Parts 160, 162, and 164)
9
11. Features and Benefits
of the HSA ToolKit™
HSA ToolKit™ Features HSA ToolKit™ Benefits
• Low Risk
• Easily derived immediate remediation steps
Low Price and High Value • Fast Track to HIPAA Security Rule Compliance
• Comprehensive tool and resources
• Low Impact on Client Staff and Operations
Short Duration • Fast, Immediate Results
• Proven Quality
• Developed by Senior, Experienced Professionals
Development Team • Health Care Expertise
• HIPAA – HITECH Focused
• Comprehensive, Complete Data Gathering
• Based on Proven Best Practices
Sound Methodology • High-Quality, Credible Outcomes
• Process View, No-Fault Appraisal
• Baseline for Compliance Program
11