logging in or signing up HIPAA & HITECH 40fs Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 201 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: February 22, 2011 This Presentation is Public Favorites: 1 Presentation Description The HITECH Act of 2009 has changed the game. The old paper tiger HIPAA which was hardly enforced has gotten teeth and claws - This presentation gives you a first insight what HITECH means for HIPAA covered entities. Comments Posting comment... Premium member Presentation Transcript Slide 1: And it’s Impact on the Healthcare Industry HIPAA and HITECH Copyrighted © 2011 by 40FS Software Services, LLCSlide 2: This is not a legal advice! In the following I will draw out a landscape of the subject to give you a a first rough picture. You will need advice! And not only legal advice, but also about technology, security, risk management and many more... ...and I'm also not a doctor. IANAL – I am not a lawyerSlide 3: The Timeline 1996 – HIPAA The Clinton Administration introduces the Health Insurance Portability and Accounting Act 2009 – ARRA, American Recovery & Reinvestment Act Includes the HITECH Act: Health Information Technology for Economic and Clinical Health. (Part of the Stimulus Act) 2010 – HIPAA/HITECH details mostley defined 2011 – Active Enforcement starts now! 2012 – HHS to publish Public Reports of EnforcementSlide 4: The Problem: HIPAA was a Paper Tiger – nothing really happend. Lip Service and some paper work was enough During ARRA we were looking at tax payer money and bankrupt banks and car industry During Healthcare Reform we were looking at „Obamacare“ and the public dispute ...no one saw the Tsunami coming!Slide 5: Start to feel uncomfortable if you recognize some of them. 4 Strategies that will guarantee to fail: This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. 1) It's legal stuff - the lawyers know They are vital, but complience is now a wicked problem that contains legal, technology, policy, organizational and generational complexity. 2) Ostrich Approach - Head deep in the Sand „Do the bare minumum“ made some sense for the last 15 years. This days are gone! Being clueless has become a lethal risk.Slide 6: Your own footer Your Logo Start to feel uncomfortable if you recognize some of them. 4 Strategies that will guarantee to fail: This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. 3) The doctors know best They might be the „best and brightest“ of us, but HITECH is not on their radar and most of it's issues are outside their comfort zone. 4) We and our staff are on top of this You are? - We'll get back to that in a moment.Slide 7: Don't be nervous – be scared and terrified! So what, if we are not HIPAA/HITECH complient? State Attorny General can file civil law suites HHS has 50 new high profile enforcers (for free!) Most State laws are more stringent then HIPPA/HITECH. First „historic“ law suite already happend in 2010! State Law HIPAA / HITECH Violations A part from fines, civil law suites and criminal charges you risk: Your reputation! Business losses Being published on the HHS Website („Hall of shame“) Being published on local or national Media Impact on your business Fines up to $250.000 – or even $1.5 mln Crminal charges with up to 10 years prison. HHS will audit you! HHS has now supoena power!Slide 8: The PAPER TIGER has TEETH and CLAWS!Slide 9: The Structure of HIPAA/HITECH HIPAA – Health Insurance Portability and Accountability Act 45 CFR => §160, §162, §164 => Titel II „Administrative Simplifications“ (AS) 5 Rules: => Unique Identifier Rule => Privacy Rule (PR) => Transaction Code Sets Rule => Security Rule (PR) => Enforcement RuleSlide 10: The Structure of HIPAA/HITECH HITECH – Health Information Technology for Economic and Clinical Health Act, Sec. 13410 Improved Enforcement. ARRA => Part of the 2009 American Recovery and Reinvestment Act Goals => massive expansion of ePHI => Incentives for EHR ($44.000 for meaningful use) => Increased Privacy and SecuritySlide 11: HITECH - What is new? Enforcement Notification of Breach Electronic Health Record Access Business Assiociates Other RequierementsSlide 12: The matter is not if you will be audited – they matter is when ... On the day the HHS knocks on your door: This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. Being „clueless“ is now „willful neglect“ And willful neglect ist „no story“ - you will be fined. No lawyer in the world will be able to help you. You need an Affirmative Defense Do the right thing and Have a good story Install the safeguards Have visible demonstrable evidence (documentation!)Slide 13: There are no cook book solutions and no checklists. You have to start analyzing, addressing and managing risks, develope policies and implement procedures. The deeper you are in this continum the better is your story. Fully compliant does not mean there are no risks anymore. It means you are aware of them and have the right safeguards, procedures and plans in place. We lower the risk - permanently. In Security we never solve the problem. 2 Fully Compliant Good Story No Story!Slide 14: You are clueless if... ...your organization is simply unaware. Dusting off old HIPPA documentations doesnt help! ...you don't have processes in place to support, control and enforce your policies and procedures. Well written papers don't help – you need a process that enforces it. ...you are not sure who is Workforce and who is BA and have old agreements in place. If you havent reviewed your BA Agreements within teh last 12 months you are clueless ...you think you can solve the problem by outsourcing You are (partly) responsible for your BAs and you may have to eat the liability Bottom Line: If you can't show visible demonstrable evidence that you are in compliance – then you are clueless !Slide 15: THANK YOU! You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
HIPAA & HITECH 40fs Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 201 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: February 22, 2011 This Presentation is Public Favorites: 1 Presentation Description The HITECH Act of 2009 has changed the game. The old paper tiger HIPAA which was hardly enforced has gotten teeth and claws - This presentation gives you a first insight what HITECH means for HIPAA covered entities. Comments Posting comment... Premium member Presentation Transcript Slide 1: And it’s Impact on the Healthcare Industry HIPAA and HITECH Copyrighted © 2011 by 40FS Software Services, LLCSlide 2: This is not a legal advice! In the following I will draw out a landscape of the subject to give you a a first rough picture. You will need advice! And not only legal advice, but also about technology, security, risk management and many more... ...and I'm also not a doctor. IANAL – I am not a lawyerSlide 3: The Timeline 1996 – HIPAA The Clinton Administration introduces the Health Insurance Portability and Accounting Act 2009 – ARRA, American Recovery & Reinvestment Act Includes the HITECH Act: Health Information Technology for Economic and Clinical Health. (Part of the Stimulus Act) 2010 – HIPAA/HITECH details mostley defined 2011 – Active Enforcement starts now! 2012 – HHS to publish Public Reports of EnforcementSlide 4: The Problem: HIPAA was a Paper Tiger – nothing really happend. Lip Service and some paper work was enough During ARRA we were looking at tax payer money and bankrupt banks and car industry During Healthcare Reform we were looking at „Obamacare“ and the public dispute ...no one saw the Tsunami coming!Slide 5: Start to feel uncomfortable if you recognize some of them. 4 Strategies that will guarantee to fail: This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. 1) It's legal stuff - the lawyers know They are vital, but complience is now a wicked problem that contains legal, technology, policy, organizational and generational complexity. 2) Ostrich Approach - Head deep in the Sand „Do the bare minumum“ made some sense for the last 15 years. This days are gone! Being clueless has become a lethal risk.Slide 6: Your own footer Your Logo Start to feel uncomfortable if you recognize some of them. 4 Strategies that will guarantee to fail: This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. 3) The doctors know best They might be the „best and brightest“ of us, but HITECH is not on their radar and most of it's issues are outside their comfort zone. 4) We and our staff are on top of this You are? - We'll get back to that in a moment.Slide 7: Don't be nervous – be scared and terrified! So what, if we are not HIPAA/HITECH complient? State Attorny General can file civil law suites HHS has 50 new high profile enforcers (for free!) Most State laws are more stringent then HIPPA/HITECH. First „historic“ law suite already happend in 2010! State Law HIPAA / HITECH Violations A part from fines, civil law suites and criminal charges you risk: Your reputation! Business losses Being published on the HHS Website („Hall of shame“) Being published on local or national Media Impact on your business Fines up to $250.000 – or even $1.5 mln Crminal charges with up to 10 years prison. HHS will audit you! HHS has now supoena power!Slide 8: The PAPER TIGER has TEETH and CLAWS!Slide 9: The Structure of HIPAA/HITECH HIPAA – Health Insurance Portability and Accountability Act 45 CFR => §160, §162, §164 => Titel II „Administrative Simplifications“ (AS) 5 Rules: => Unique Identifier Rule => Privacy Rule (PR) => Transaction Code Sets Rule => Security Rule (PR) => Enforcement RuleSlide 10: The Structure of HIPAA/HITECH HITECH – Health Information Technology for Economic and Clinical Health Act, Sec. 13410 Improved Enforcement. ARRA => Part of the 2009 American Recovery and Reinvestment Act Goals => massive expansion of ePHI => Incentives for EHR ($44.000 for meaningful use) => Increased Privacy and SecuritySlide 11: HITECH - What is new? Enforcement Notification of Breach Electronic Health Record Access Business Assiociates Other RequierementsSlide 12: The matter is not if you will be audited – they matter is when ... On the day the HHS knocks on your door: This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. This is an example text. Go ahead and replace it with your own text. Being „clueless“ is now „willful neglect“ And willful neglect ist „no story“ - you will be fined. No lawyer in the world will be able to help you. You need an Affirmative Defense Do the right thing and Have a good story Install the safeguards Have visible demonstrable evidence (documentation!)Slide 13: There are no cook book solutions and no checklists. You have to start analyzing, addressing and managing risks, develope policies and implement procedures. The deeper you are in this continum the better is your story. Fully compliant does not mean there are no risks anymore. It means you are aware of them and have the right safeguards, procedures and plans in place. We lower the risk - permanently. In Security we never solve the problem. 2 Fully Compliant Good Story No Story!Slide 14: You are clueless if... ...your organization is simply unaware. Dusting off old HIPPA documentations doesnt help! ...you don't have processes in place to support, control and enforce your policies and procedures. Well written papers don't help – you need a process that enforces it. ...you are not sure who is Workforce and who is BA and have old agreements in place. If you havent reviewed your BA Agreements within teh last 12 months you are clueless ...you think you can solve the problem by outsourcing You are (partly) responsible for your BAs and you may have to eat the liability Bottom Line: If you can't show visible demonstrable evidence that you are in compliance – then you are clueless !Slide 15: THANK YOU!