Date post: | 07-May-2015 |
Category: |
Technology |
Upload: | connectria |
View: | 184 times |
Download: | 1 times |
Supporting HIPAA Compliance Through Managed Hosting
Agenda
HIPAA Defined
HIPAA Compliance and Non-Compliance
Managed Hosting and HIPAA Compliance
Connectria’s HIPAA Solutions
2
Disclaimer
As you will see throughout this presentation, it is the customer’s sole
responsibility to assure that it takes appropriate steps to achieve
compliance with its HIPAA obligations.
Connectria makes no representations or warranties of any kind that
customers will be HIPAA compliant by solely utilizing Connectria’s
services.
3
What is HIPAA?
Health Insurance Portability & Accountability Act
Designed to improve the efficiency and effectiveness of the American health care system
1. Group and individual insurance reform
2. Accountability
3. Administrative Simplification
4
The Broad HIPAA Legislation
HIPAA legislation consists of five titles:
Title I Health care access, portability and renewability
Title IIPreventing health care fraud and abuse; administrative simplification; medical liability reform
Title III Tax-related health provisions
Title IVApplication and enforcement of group health plan requirements
Title V Revenue offsets
5
More on Title II
Administrative Simplification requires: Improved efficiencies through standardized EDI (electronic
data interchange)
Privacy and security of health data through standards enforcement
In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH) extended HIPAA privacy
and security requirements as well as increased enforcement
6
Electronic Information and HIPAA
HIPAA applies to all forms of information, however electronic data raises a distinct set of guidelines, particular for security
Protected Health Information (PHI or EPHI) is
individually identifiable health information (e.g.name, phone#, email, SS#, etc.) that is transmitted by, or maintained in, electronic media or any form or medium
HIPAA Security Safeguards
Source: Gartner
8
AdministrativePhysical
Facility Access Controls Workstation Use Workstation Security Device and Media Controls
Technical Access Control Audit Controls Integrity Person or Entity Authentication Transmission Security
Security Management Process Assigned Security Responsibility Workforce Security Information Access Management Security Awareness and Training Security Incident Procedures Contingency Plan EvaluationBusiness Associate Contracts and Other Arrangements
HIPAA Applies to “Covered Entities”
• Doctors• Clinics• Psychologists• Dentists• Chiropractors• Nursing Homes• Pharmacies
…but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.
Source: US Dept of Health and Human Services, HHS.gov
A Health Care Provider
• Health insurance companies• HMOs• Company health plans• Government programs that pay for healthcare, such as Medicare, Medicaid, and military and veterans health care programs
A Health Plan
• Entities that process non- standard health information they receive from another entity into a standards (i.e., standard electronic format or data content), or vice versa.
A Health CareClearinghouse
A Covered Entity is One of the Following:
9
Achieving Compliance
Understand the laws and compliance Seek outside counsel if necessary
The security rule is expressed as a set of standards and implementation specifications, with some flexibility built into the law
STANDARDS• Are required, must be met, however…
• …can be met in any fashion that is reasonable and appropriate for a given organization
IMPLEMENTATION SPECIFICATIONS
• Are required or addressable (but not optional)• Organizations must document any addressable specification deemed not reasonable or appropriate
Source: Gartner
10
Potential Cost of Non-Compliance
Civil and criminal penalties for privacy and security
violations
HITECH Act strengthened enforcement
Fines up to $25,000 for multiple violations
of the same standard in a calendar year
Fines up to $250,000 and/or imprisonment
up to 10 years for knowing misuse of
individually identifiable health information
11
Breaches and Penalties are Real
12
The HIPAA Solution Misconception
There is no such thing as a HIPAACompliant Managed Hosting Solution
HIPAA Compliance Extends well beyond securing electronic data (Titles I-V)1
Managed Hosting Companies are not “Covered Entities”2 Managed Hosting Companies can support but not guarantee compliance3
13
Connectria’s HIPAA Solutions
Connectria has a HIPAA solution for any type of covered entity
Supports a wide range of mission critical systems including:
Solutions for healthcare related software companies (e.g.
SaaS)
Packaged and customized HIPAA Solutions
Extranets/Intranets Email environments Disaster recovery environments e-learning systems
Electronic Medical Records (EMR) systems Patient management systems Billing systems, e-Commerce websites
14
Connectria’s HIPAA Solutions
15
Administrative Physical Facility Access Controls Workstation Use Workstation Security Device and Media Controls
Technical Access Control Audit Controls Integrity Person or Entity Authentication Transmission Security
15
Security Management Process Assigned Security Responsibility Workforce Security Information Access Management Security Awareness and Training Security Incident Procedures Contingency Plan EvaluationBusiness Associate Contracts and Other Arrangements
A Few of Our Customers…
16
For more information
Interested in learning more about Connectria’s HIPAA Solutions?
Call us at: 1-800-781-7820 or 314-587-7000
Email us at: [email protected]
Visit us at: www.connectria.com
17