1 / 11

3.04 Comparisons of Risk Assessments from Across the Country

3.04 Comparisons of Risk Assessments from Across the Country. Presenter:. Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation Sacaton, Arizona. Tenth National HIPAA Summit: April 7, 2005. To those who chose not to take action….

moriah
Download Presentation

3.04 Comparisons of Risk Assessments from Across the Country

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 3.04 Comparisons of Risk Assessments from Across the Country Presenter: Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation Sacaton, Arizona Tenth National HIPAA Summit: April 7, 2005

  2. To those who chose not to take action…. “There are risks and costs to a program of action. But they are far less than the long-range risks and costs of comfortable inaction.” - John F. Kennedy (1917 – 1963) Tenth National HIPAA Summit: April 7, 2005

  3. General Observation #1: Risk levels tended to be relatively consistent by organization. Tenth National HIPAA Summit: April 7, 2005

  4. General Observation #2: Risk mitigation levels the playing field. 1 4 2 3 5 6 Tenth National HIPAA Summit: April 7, 2005

  5. General Observation #3: Three level rating system most popular. Tenth National HIPAA Summit: April 7, 2005

  6. Risk assessment feedback considerations • Anonymity • Assumption of respondent knowledge • Non-scientific or statistically valid • Questions presented “as is” no other details Tenth National HIPAA Summit: April 7, 2005

  7. List of identified risks: • Over 120 were identified • Subsets were sent out • Common responses were grouped • Ranking system was used • Final 14 were used in the survey Tenth National HIPAA Summit: April 7, 2005

  8. The 14 finalists are: • Identifying user activity inconsistent with privileges • Emailing of ePHI • Unauthorized copying of ePHI on transportable media • Introduction of malicious software • Accessing ePHI by using another’s password • Disruption of service due to power outage a • Takeover of an authorized session by another Tenth National HIPAA Summit: April 7, 2005

  9. The 14 finalists are: • Unauthorized viewing of ePHI on display devices • Theft of devices where ePHI may reside • Access of ePHI through remove access • Use of dial up or internet access by authorized users • Retrieval of ePHI from decommissioned media • Access to computer rooms or similar locations • Use of wireless devices to access ePHI Tenth National HIPAA Summit: April 7, 2005

  10. The wireless techno headache 58% of the respondents said “no” to wireless. The remainder were looking at either a limited or phased in approach. Tenth National HIPAA Summit: April 7, 2005

  11. Summary: • Decision ownership raised awareness • Ongoing assessments due to techno adoption • Trust can only take you so far • Surveillance and response are key elements Email: fruelas@grhc.org Tenth National HIPAA Summit: April 7, 2005

More Related