Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Leading your HIPAA Compliance Culture in 2016

522 visualizaciones

Publicado el

http://hcsiinc.com
Breaches happen every day! Why not prevent having a breach turn into a 90 day audit? This presentation helps you develop your HIPAA Privacy and HIPAA Security program.

If interested in help, many companies are a hit and run operation. From day one and every quarter of the year, HCSI guides the compliance representative through the HIPAA process of preparing for an audit. The practice will have everything an auditor would need, resulting in the audit taking minutes instead of days.

Publicado en: Atención sanitaria
  • Inicia sesión para ver los comentarios

Leading your HIPAA Compliance Culture in 2016

  1. 1. Leading Your HIPAA Culture in 2016
  2. 2. Finished files are the re- sult of years of scientif- ic study combined with the experience of many years.
  3. 3. Lance King Vice President, Sales Healthcare Compliance Solutions Phone (801) 947-0183 lking@hcsiinc.com
  4. 4. What to expect Lead Your Culture, Select Your Team, and Learn ✓ Create a Culture of Privacy, Security, and Safety ✓ HIPAA Breach – Identifying a Breach, Exceptions to a Breach ✓ HIPAA Protections – Security Risk Analysis, Social Media ✓ Compliance Training Document Your Process, Your Findings, and Actions ✓ Documentation ✓ Policies and Procedures ✓ HIPAA Privacy & Security Develop an Action Plan ✓ Audit Preparation Mitigating Risk ✓ Ongoing Training & Culture Maintenance
  5. 5. Lead Your Culture
  6. 6. FUNSTAFF ACCOUNTING COMPLIANCEPATIENTS FRONT DESK
  7. 7. Healthcare Compliance (HIPAA, OSHA…) Insurance HR Accounting Front Desk Patient Care Staff Training
  8. 8. PHI
  9. 9. Day 1 Day 10 Day 30/90 Dependent on Completion of Fieldwork AUDIT TIMELINE
  10. 10. 5 COMMON CIRCUMSTANCES FOR AN AUDIT 1. Disgruntled ex-employee 2. A self-reported breach 3. Employee activists 4. Patient’s fear of breach 5. Random OCR visit
  11. 11. 1) 2) 3)
  12. 12. 1) 2) 3)
  13. 13. 1) 2) 3)
  14. 14. CREATE A CULTURE OF PRIVACY & SECURITY • Communicate • Guide • Remind
  15. 15. IDENTIFYING A BREACH 1. Nature and extent of the PHI involved 2. The unauthorized person who used the PHI, or to whom it was disclosed 3. Whether the PHI was actually viewed or acquired 4. The extent to which the risk to protect the PHI has been mitigated “…unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors”:
  16. 16. HIPAA BREACH • Does your staff know who to go to for leadership when there is a HIPAA breach? • Does your designated HIPAA compliance officer know all of the necessary steps to take in breach notification? • Does your HIPAA compliance officer know where to receive guidance?
  17. 17. EXCEPTIONS TO A BREACH 1.Unintentional 2.Inadvertent 3.Good faith 3 Exceptions to the definition of “breach”
  18. 18. HIPAA PROTECTIONS • Ensure privacy • Give patients more access • Establish safeguards • Hold violators accountable • Strike a balance • Enable patients • Limit release of information • Give patients the right to examine and obtain a copy • Empower individuals to control certain uses and disclosures Key Components of the HIPAA Privacy Rule:
  19. 19. HIPAA RISK PROTECTIONS • Physical, Technical, and Administrative measures • Internal and External Security threats • Assessment of and preparations for security risks
  20. 20. 7 STEPS TO HIPAA COMPLIANCE 1. Understand the rules 2. Assign Responsibility 3. List your PHI systems 4. Conduct a Risk Analysis 5. Implement Policies and Procedures 6. Training program 7. Ongoing HIPAA progress and compliance
  21. 21. SECURITY RISK • Identify where PHI exists • Identify potential threats and vulnerabilities to PHI • Identify risks and their associated levels of high, medium, or low
  22. 22. • Educate staff about process • Make security a high priority • Have an action plan • Involve your EHR developer • Specific to your practice TIPS FOR A BETTER SECURITY RISK ANALYSIS
  23. 23. 10 HIPAA SECURITY TIPS 1. Have A Written Security Policy 2. Encrypt Everything 3. Protect Your Website 4. Data Backups 5. Avoid Consumer Grade 6. Know Your Risks 7. Plan For BYOD 8. Who Is Guarding The Sheep 9. Physical Security Is Information Security 10. Know When To Call For Help
  24. 24. SECURITY RISK PRECAUTIONS • Staff requests • Hard drives • Email • Server • Passwords • Monitoring office staff • Fire extinguishers • Viruses and malware Low-Cost Highly Effective Safeguards:
  25. 25. SOCIAL MEDIA • Access Controls • Personal • Connecting with patients • Patient waiver forms • Training To ensure your office remains in HIPAA compliance, create policies such as:
  26. 26. COMPLIANCE TRAINING •Online •In-office •Outsourced
  27. 27. WORKFORCE EDUCATION & TRAINING • Hired or contracted • Yearly retraining • Changes in policies or procedures • Changes in systems, location, or infrastructure • Responding to breach or disclosure Educate and train your staff:
  28. 28. Documenting the Process, the Findings & the Actions
  29. 29. DOCUMENTATION • Policies and procedures • Security Risk Analysis • Training materials, and certificates of completion • Current Business Associate Agreements • EHR audit logs • Risk management action plan • Security incident and breach information Examples of records to retain:
  30. 30. POLICIES AND PROCEDURES • Establish protocols • Training program • Instruct your workforce • Sanction policy for violations • Detail enforcement • Business Associates
  31. 31. Employee HIPAA Privacy & Security • Name/ID badges • Quiet Communication • PHI access Guidelines for employees:
  32. 32. Workstation HIPAA Privacy & Security • Viewing PHI Documents • Disposing of PHI • Workstations • Protect user ID’s and passwords • Computers not in use Guidelines for workstations:
  33. 33. Access HIPAA Privacy & Security •Computer room access •PHI Back-ups •Limited office equipment •Unoccupied Office equipment Guidelines for access:
  34. 34. Environmental HIPAA Privacy & Security •Smoke detectors and fire extinguishers •Computer equipment •Cyber security •Emergency Action plan Guidelines for environment:
  35. 35. Developing an Action Plan
  36. 36. • All shapes and sizes • Across-the-board compliance • Document in advance AUDIT PREPARATION
  37. 37. • Risk management plan • Policies and procedures • Business Associate agreements • PHI inventory • Mobile devices • Documentation • Compliance training records • Evidence of encryption capabilities Some of the areas the OCR audits will cover include: AUDIT PREPARATION
  38. 38. Mitigating Risk
  39. 39. ONGOING TRAINING & CULTURE MAINTENANCE • Patient-provider relationship • Training on PHI safeguards • Easy reference of Policies and Procedures • Addressing staff • Re-assessing job functions
  40. 40. SECURITY RISK ANALYSIS
  41. 41. Options Consultant In-house Online _____________________________(-)(+)
  42. 42. What to Expect with HCSI 1. Membership Website Portal 2. Compliance Binders 3. Ongoing Support
  43. 43. Training (New Employee & Retraining) • HIPAA Privacy • HIPAA Security • OSHA • Medicare • Employment Law
  44. 44. Manuals • Reference Guide • Compliance Plans • Certificate Binder
  45. 45. Consultation and Support • Weekly and Monthly Updates • Quarterly Newsletter • Phone and E-mail Support • Quarterly Assessment
  46. 46. Customizable Forms • Notice of Privacy Practices • Business Associate Agreement • All HIPAA Privacy • All HIPAA Security • Gap/Risk Analysis • HIPAA HITECH Breach Notification • All OSHA • All Medicare • Employment Law • RAC • Posters
  47. 47. “Our HIPAA/OSHA compliance was a huge concern in our office, especially after one of our employees filed a complaint with OSHA. We started using HCSI 4 years ago and couldn't be happier with the program. It's simple to set up and easier to use. Do yourself a favor and sign up, it will make your life easier!” -Dr. Kody Krause, DDS Comfort Dental Thompson Valley, CO Customer Testimonial
  48. 48. “HCSI kept my fanny out of the hoosekow with a cranky (bit weirdo/psycho) patient who thought we had been naughty in multiple ways. Our association with you all made the difference. We passed the inspection with flying colors and OCR told the "patient" to bug off!! Loved It!” -Lee Mecham Thrall, Clinic Administrator Old Farm Obstetrics & Gynecology, L.L.C Customer Testimonial
  49. 49. 30 Day Money Back Guarantee!
  50. 50. Price Breakdown • Compliance Officer Training ($250) • Employee Training ($500) • Risk Analysis ($250) • Customized Compliance Plans ($1250) • Customizable Forms ($100) • Posters ($100) • Compliance Updates: E-mail & Newsletters ($50) • Phone & E-mail Support ($500)
  51. 51. $3500 Value HCSIINC.COM
  52. 52. Early Bird Discount: $200 OFF
  53. 53. Compliance Officer Training “Compliance Officer”
  54. 54. Customized Policies & Procedures
  55. 55. Quarterly Assessment Support Calls
  56. 56. Lance King Vice President, Sales Healthcare Compliance Solutions Phone (801) 947-0183 lking@hcsiinc.com
  57. 57. Leading Your HIPAA Culture in 2016

×