What’s your HIPAA risk? · Certified in healthcare compliance and risk management Experts in...

© 2020 HIPAA One All Rights Reserved. Webinar Sponsors:

What’s your HIPAA risk?Debunking the top 5 myths


Presenters

Bobby SeegmillerSVP and Founding Partner

PATMascot

Kirk IsingSenior Account Executive


Today’s Agenda

Top myths about HIPAA compliance

Understanding cybersecurity and what yourresponsibilities are

Importance of completing an annual riskanalysis

Open question & answer


HIPAA One Company Introduction

HIPAA Compliance & Data Security Professionals Certified in healthcare compliance and risk management Experts in talent, solutions and methodologies Dedicated to constant improvement

HIPAA One Risk Analysis Software: Over 7,000 sites (CEs and BAs) protecting ePHI Automation of all mundane labor-intensive activities Includes security and privacy and breach notification

Scalable Software Technology Used by single-doc practices to enterprise health plans Current with updated state and HIPAA phase 2 audit protocol

Disclaimer: We are not attorneys, but as auditors must understand HIPAA.


Poll Questions

Which segment of the industry are you in?

A. Skilled NursingB. Home HealthC. Assisted LivingD. Other

Which option best describes your role?

A. ClinicalB. AdministrativeC. IT


True or FalseSmall organizations are not audited by the OCR


Small organizations are not audited by the OCR

The OCR audits organizations of all sizes.


Cybersecurity is Everyone’s Responsibility

1. Partners and patients rely onyou to protect their information

2. Threats are everywhere – amatter of when not if

3. Breaches are costly

Cybersecurity is important because:

1. Unlocked laptops

2. Exposed passwords

3. Sophisticated phishing

4. Malicious phone calls

No single security tool can catch:


True or FalseMy EHR vendor is HIPAA

compliant, so that covers my organization


My EHR vendor is HIPAA compliant, so that covers my

organizationYou are responsible for your compliance.


EHR Compliance ≠ Total Compliance


Chain of Trust and Liability

Covered Entity:Healthcare providerHealth Plan

Business Associate: Billing/CodingIT Services

Business Associate AgreementePHI Sharing


True or FalseMy company provides software to protect me from all malicious

attacks


My company provides software to protect me from all malicious

attacksOrganizations can implement tools but training

and awareness are just as important


IT Incidents in the Healthcare Industry

111 Healthcare IT Incidents reportedto HHS in Jan-May 2020 (Providers)

Incidents reported were EMAIL associated 76

*Statistics from the US Department of Health and Human Services Breach Portal Jan - May 2020

3.6 Million individuals affected bythe IT incidents.


Phishing Emails on the Rise

Be suspicious of emails and messages

Think before you click links

Regularly update computer &

devices

Never share personal

information online


Tools to Aid Compliance

Multi-Factor AuthenticationHIPAA Training


Poll Questions

Have you conducted your 2020 HIPAA Security Risk

Assessment?

A. YesB. NoC. I was not aware

we were requiredto do one

If you were audited tomorrow, are you 100% confident you

would pass?

A. YesB. No


True or FalseLong Term Care/Home Health are not required to perform a Security

Risk Analysis


Long Term Care/Home Health are not required to perform a Security

Risk Analysis

A Risk Analysis is required annually


Working Towards Compliance

Complete a Security Risk Analysis Annually Implement tools to

protect your office

Train all new and existing employees

Review and update policies and procedures

T


Security Risk Analysis

•A foundational piece to yourcybersecurity and HIPAA initiative

• Identifies risk and vulnerabilitiesthat could lead to a breach

•Creates a roadmap for the year

•Ongoing updates and reviews


Key Steps of a Security Risk Analysis (SRA)

Gather information, policies, and procedures

01Compare current items to the requirements

02Assess gaps: Security, Privacy, and Breach Audits

03

Report on findings and outstanding risks

05Response planning and remediation actions

04Execute updates and begin risk management

06A Security Risk Analysis must be completed and

reviewed each year


Security Risk Analysis


Progress Overview


Assigning Risk


Remediation Planning


Yearly Import of Security Risk Analysis

Imports last year’s questions and updates.


HIPAA One Time Estimates

HR Director: 30 min

EMR/ePHI System Admin: 45 min

IT Network Manager: 30 min

IT Server Manager: 60 min

Facilities Manager: 30 min

HIPAA Security Officer: 90 min

Average Time Per Interview*

* Add 10 minutes for every 1K employees


True or FalseI can only be audited if I

have a breach


I can only be audited if I have a breach

You can be audited at any time


Ways to be Audited

Breach Notice: Phishing, Ransomware, unauthorized disclosure (Omnibus update)

01 02 03 04Eligibility Audit: Office for Civil Rights, Medicaid/ Medicare, State Attorney General

Business Associate: Regardless of who is at fault, the covered entity is responsible

Patient Complaint/ Whistleblower: Privacy (PHI), Security (ePHI) or Breach Notice


No organization is too small to be audited. Everyone is at risk

You need to be HIPAA compliant, just as your EHR vendor is HIPAA compliant

Organizations should implement software as well as provide awareness training

A Security Risk Analysis is required annually

You can be audited anytime: eligibility audit, breach, or patient complaint


Poll Question

What topic would you like to learn more about?

A. Security Risk AnalysisB. Privacy/Breach Risk AnalysisC. HIPAA Training and Awareness


Questions?


Thank You For Joining Us

Follow us on Social:

HIPAA One @HIPAAOne

To Learn More Contact Us:

www.hipaaone.com

http://www.hipaaone.com/contact


Thank You for Joining Us

Webinar and handouts available at:simpleltc.com/hipaa-risk

https://www.simpleltc.com/hipaa-risk/

What’s your HIPAA risk? · Certified in healthcare compliance and risk management Experts in...

Documents

Transcript of What’s your HIPAA risk? · Certified in healthcare compliance and risk management Experts in...