60 likes | 70 Views
This project focuses on implementing a comprehensive privacy program based on the HIPAA regulations. It emphasizes the coordination of privacy and security efforts, compliance through good faith efforts and documentation, and integration into existing organizational structures. The approach recognizes the growing importance of information protection beyond regulatory requirements.
E N D
Privacy Project Framework & Structure HIPAA Summit Brent Saunders 202-414-1031 brenton.saunders@us.pwcglobal.com
Philosophy and Approach to Privacy • Six key concepts drive the project philosophy: • Primary focus on business drivers, secondary on regulatory drivers • Privacy and security programs should be well coordinated (information protection) • Good faith efforts and documentation are essential to demonstrate compliance • Approach privacy as a series of manageable implementation projects • Integrate privacy and security programs into existing organizational structure and reporting realities • Partner compliance and business resources • The approach recognizes that, beyond legal and regulatory requirements, information protection is an emerging business imperative, whether it’s employee, patients, members, clinical and/or corporate information
An Approach – Implementing a Privacy Program • Assessment vs. Implementation • Projects should be developed by teams and refined with the business people/department to meet your organization’s business needs, processes and environment • An “implementation” approach can be broken down into the following phases: • Project Organization and Impact • Program and Project Structure Refinement • Detail Planning/Rollout • Implementation
The 4 Phases Phase II – Programand Project Structure Refinement Phase III – Detail Planning and Rollout Phase I –Project Organization Phase IV – Implementation Set Expectations, Objectives, Approach Build Detailed Project Plans Project Management Goals & Strategic Direction Ongoing Oversight (as needed) Document Review Develop Integrated Project Plan Organizational and Legal Analysis Specific Project Assistance (as needed) Information Flow Analysis Assign Project Accountability Project Management Setup and Initiation Finalize Project Management Structure Progress Validation (as needed) Needs Assessment Privacy Laws and Regulations - Impact Analysis Launch Privacy & related Security Projects Compliance Maintenance Project Identification Awareness Training (as needed) Project Management and Quality Assurance
Steering Committee • V.P.-level members from Compliance, Legal, and Functional areas • Establish mission • Obtain support from senior management Oversight Oversight Strategy • Work Groups • Work Groups established for each functional area, e.g., medical records, finance Report findings • Project Management • Privacy Office • Develop and coordinate risk-management and compliance activities Strategy Data mapping Gap analysis Monitor compliance Implementation Develop and oversee training • Business Processes • Maintain compliance Assist and support business units
Ongoing Program Organization • Compliance Model • Hub and Spoke Model • Privacy Committee Model • Legal Model • IT Model