1 / 30

IT S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy

2. Objectives. Provide a Brief Overview of the HIPAA Security Rule and Key StandardsDescribe the Oversight and Audit Process for Security Rule Compliance and EnforcementReview the Questions that the Government May Ask During an AuditDiscuss Strategies and Tools Designed to Demonstrate Compliance

lesley
Download Presentation

IT S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. IT’S OFFICIAL: GOVERNMENT AUDITING OF SECURITY RULE COMPLIANCE Nancy Davis, MS, RHIA Director of Privacy/Security Officer, Ministry Health Care & Catherine Boerner, JD, CHC President, Boerner Consulting, LLC

    2. 2 Objectives Provide a Brief Overview of the HIPAA Security Rule and Key Standards Describe the Oversight and Audit Process for Security Rule Compliance and Enforcement Review the Questions that the Government May Ask During an Audit Discuss Strategies and Tools Designed to Demonstrate Compliance

    3. 3 OVERVIEW OF HIPAA SECURITY RULE

    4. 4 SECURITY RULE STANDARDS

    5. 5 RELATIONSHIP TO PRIVACY RULE

    6. 6 OVERSIGHT & ENFORCEMENT - CMS

    7. 7 CMS ANNOUNCEMENT – FEBRUARY 2008

    8. 8 CMS INTERVIEW & DOCUMENT REQUEST

    9. 9 INTERVIEW & DOCUMENT REQUEST – (Continued)

    10. 10 CMS & OCR – REPORTED SECURITY & PRIVACY RELATED

    11. 11 CMS & OCR – REPORTED SECURITY & PRIVACY RELATED

    12. 12 CMS CONTRACT - PRICEWATERHOUSECOOPERS

    13. 13 OVERSIGHT AND ENFORCEMENT - OIG

    14. 14 “REQUIRED” VS. “ADDRESSABLE”

    15. 15 KEY STANDARDS

    16. 16 KEY STANDARDS - CONTINUED

    17. 17 COMPLIANCE CHALLENGES

    18. 18 COMPLIANCE STRATEGIES

    19. 19 RECOMMENDED SUPPORT DOCUMENTATION Policies & Procedures Authentication Standards Workstation Use & Security Security Incident Response Data Back E-Mail Communications & Retention Remote Access Auditing of Access Data Center Security Portable Devices Other Risk Analysis/Assessment Educational Tools Computer Access Agreements Security Incident Form Business Associate Agreement IT Disaster/Contingency Plan

    20. 20 CURRENT OVERSIGHT ACTIVITIES

    21. 21 GENERAL PROBLEMATIC AREAS - AUDITS

    22. 22 HIPAA AUDIT: THE 42 QUESTIONS HHS MIGHT ASK

    23. REVIEW OF 42 QUESTIONS HANDOUT

    24. 24 COMPLIANCE TOOLS Risk Assessment – Initial and Ongoing   Policies and Procedures Up-to-Date Communicated Available Enforced HIPAA Security Rule Matrix Security Rounds/Walk-Through (combine w/ Privacy)

    25. 25 HIPAA SECURITY RULE MATRIX Develop Work Plan Based on Matrix Standard/Section Implementation Specifications Required/Addressable Assigned Team or Person Responsible Implementation Solution Status

    26. 26 HANDOUTS OIG Audit Questions: Listing of “42 Requested Items” by the Office of Inspector General Sample Work Plan Summary Based on Security Rule Matrix – Ministry Health Care Sample Work Plan – Boerner Consulting, LLC Sample Assessment (Privacy & Security Rounds)

    27. 27 RESOURCES CMS HIPAA Security Guidance at: www.cms.hhs.gov/SecurityStandard/ HIPAA Security Guidance for Remote Use of and Access to Electronic Protected Health Information HIPAA Security Educational Paper Series Security 101 for Covered Entities Security Standards Administrative Safeguards Security Standards Physical Safeguards Security Standards Technical Safeguards Security Standards Organizational, Policies and Procedures and Documentation Requirements Basic of Risk Analysis and Risk Management

    28. 28 RESOURCES - CONTINUED National Institute of Standards and Technology (NIST) An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule NIST Special Publication 800-66, March 2005 http://csrc.nist.gov/publications/nistpubs/800-66/SP800-66.pdf HIPAA Collaborative of Wisconsin

    29. 29 Contact Information

    30. 30 Questions

More Related