Post on 07-May-2015
description
transcript
HIPAA ITDealing with the HIPAA Security Rules
in Your Healthcare Practice
Kurt Buckardt, CSO Konsultek- CISSP - NSA IAM/IEM Certified- Member ISACA- CCSE
www.konsultek.com847.426.9355
HIPAA IT: The Timeline
• 1996 Health Insurance Portability and Accountability Act (HIPAA) enacted
• 2003 Health and Human Services Develops the HIPAA Security Rule.
• 2009 Obama administration declares that there will be a Cyber Czar.
www.konsultek.com847.426.9355
HIPAA IT: The Reality
"Small practice healthcare providers can expect to see significant regulatory
changes"
www.konsultek.com847.426.9355
HIPAA IT: The Security Rule
• Designed to ensure the confidentiality, integrity, and availability of electronic protected health information (EPHI)
www.konsultek.com847.426.9355
HIPAA IT: The Security Rule has 3 Controls
1. Technical safeguards designed to protect data and control access to information by individuals as well as guarding unauthorized access via an information network.
2. Physical safeguards designed to protect data from the hazards of fire, weather, environment, or intrusion.
3. Administrative safeguards designed to document formal policies and practices for data protection, including the organization's security management process, and implementation specifications.
www.konsultek.com847.426.9355
HIPAA IT: Technical Safeguards encompass 5 specific areas
1. HIPAA Access Control Standard2. HIPAA Audit Controls Standard 3. HIPAA Integrity Standard 4. HIPAA Person or Entity Authentication
Standard 5. HIPAA Transmission Security Standard
www.konsultek.com847.426.9355
HIPAA IT: HIPAA Access Control Standard
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4).76
www.konsultek.com847.426.9355
HIPAA IT: HIPAA Audit Controls Standard
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
www.konsultek.com847.426.9355
HIPAA IT: HIPAA Integrity Standard
Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
www.konsultek.com847.426.9355
HIPAA IT: HIPAA Person or Entity Authentication Standard
Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.
www.konsultek.com847.426.9355
HIPAA IT: HIPAA Transmission Security Standard
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
www.konsultek.com847.426.9355
Avoid HIPAA Security Problems!Make more sense of the HIPAA Security Rule and get a full appreciation of what the future of healthcare security holds for your practice request the 12 page white paper
“Is There an IT Doctor in the House?” Dealing With the HIPAA Security Rule and EHR
Security Compliance in a Small Healthcare Practice
Get it hereHIPAA IT
www.konsultek.com847.426.9355
Konsultek
We take the pain out of your healthcare practice’s IT security
and continuity.
www.konsultek.com847.426.9355
Kurt Buckardt, CSO Konsultek- CISSP - NSA IAM/IEM Certified- Member ISACA- CCSE