1 / 23

Strategic Approaches to HIPAA Access & Audit

Strategic Approaches to HIPAA Access & Audit. HIPAA Summit West II March 15, 2002 San Francisco, CA. Mariann Yeager 561.234.9876 tel 561.913.1588 cel myeager@emersonsg.com www.emersonsg.com. Background. HIPAA Expertise Industry Leader National speaker Technology & HIPAA. Agenda.

fayola
Download Presentation

Strategic Approaches to HIPAA Access & Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Strategic Approaches to HIPAA Access & Audit • HIPAA Summit West II • March 15, 2002 • San Francisco, CA • Mariann Yeager • 561.234.9876 tel561.913.1588 cel • myeager@emersonsg.com • www.emersonsg.com

  2. Background • HIPAA Expertise • Industry Leader • National speaker • Technology & HIPAA

  3. Agenda • Role of technology • Access & Audit • Implementation considerations • Practical, Vendor & Standards • Case Study • Discussion

  4. Strategic Benefit Privacy & Security Strategic Benefit Technical • Access • Audit Efficiencies – automation, cost savings Administrative • Policies & Procedures • Training Trust – consumers, partners

  5. Intersection of Security & PrivacyRole of Technology Access • Minimum Necessary • Access Controls – Need-to-know Audit • Accounting of Disclosures • Audit Controls WEDI SNIP Security & Privacy White Paper: http://snip.wedi.org

  6. Implementation Decisions • Access • Reinforce with technology • Mitigate risk • Audit • Usage, detail, storage • Separate vs. centralized

  7. Implementation Considerations Practical • Infrastructure: • Enterprise-wide • Disparate systems • Data: • Amount & type • Link users to patient • Compliance: • Ease of use • Universal

  8. Implementation ConsiderationsVendors • Multiple approaches? • Separate systems? • Core competency? • Ability to meet needs? You are still accountable

  9. Implementation Considerations Standards • Infrastructure: • Context Management - CCOW • National Health Information Infrastructure Others – Process & Policies: • Accreditation programs • Best practices • ASTM • NIST

  10. The Role of CCOW Context Management Industry Standard Architecture Result: Streamlined use of applications Uptake Accepted standard Healthcare-specific

  11. CCOW Architecture

  12. HIPAA Case Study

  13. The Environment • Largest hospital in Maine: • 606-bed tertiary care and teaching hospital • 30,000 inpatient stays • 140,000 outpatient visits • 22,000 surgeries • 3,200 users, 2,100 desktops, 660 systems • Major systems: • Medical records –100% electronic/imaged • PACS and departmental • CCOW Architecture

  14. The Philosophy • Broad approach • Reasonable • Leverage technology • Existing investments • Keep it simple • Seek synergies • Support vision

  15. The Vision “… CPR is not a single system. It is several systems seamlessly integrated in the eyes of the user, so that it appears to be one system.” –Jerry Edson, CIO • HIPAA Vision • Process • Systematic • Enterprise-wide • Leverage for greater good

  16. The Approach • Centralized oversight • Gap analysis: • IT Dept. • Compliance office • HIPAA IT team: • Lead Analyst • Two Technical Analysts • Compliance Analyst

  17. The Need: Access & Audit • Strategy: • Address access & audit • Reasonable approach • Requirements: • Enterprise-wide • Meaningful data • Flexible reporting • Drivers: • Mitigate risk • Focus on highest priority

  18. Implementation Considerations • Vendor: • Multiple approaches? • Separate systems? • Core competency? • Ability to meet needs? We are still accountable • Practical: • Infrastructure • Compliance • Data • Standards-based

  19. The Solution • Vergence Privacy Auditor Sentillion: • Standards-based • Enterprise-wide • Vendor-neutral • Supports vision of integrated desktop: • Single implementation • Centralized management • User-friendly / Vendor-friendly • Flexible reports

  20. Vergence Privacy Auditor

  21. The Rationale • Fundamental HIPAA requirement • Mitigates high risk • Simplifies analysis, implementation • Minimizes development • Supports IT vision

  22. The Results • Cost-effective • Reasonable approach • Single, centralized solution • Rapidly deployed • Flexible

  23. Strategic Approaches to HIPAA Access & Audit • Discussion • Mariann Yeager • 561.913.1588 cel • myeager@emersonsg.com • www.emersonsg.com

More Related