Disclaimer This webinar may be recorded. This webinar ... · Today’s Electronic Data...

DisclaimerThis webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some laws. This should not be used as legal advice. Itentive recognizes that there is not a “one size fits

all” solution for the ideas expressed in this webinar; we invite you to follow up directly with us for more personalized information as it pertains

to your specific practice and issues.

Thank you, and enjoy the webinar.

About Us

Our passion is to provide solutions for our healthcare provider partners which help them improve patient care, enhance the patient experience and maintain a financially healthy practice.

Since 2003 we have specialized in NextGen®

Healthcare services including:

• Consulting

• Hosting

• Customization

• And productivity tools such as ChartGuard® and RefundManager®

Upcoming Webinars

Today’s Electronic Data Interchange… So Much More than Claims

• Wednesday, March 15, 2017

Also, keep your eyes peeled for any other webinar invites dependent on future regulatory changes

NOT another HIPAA Compliance Webinar!

Lowering

the

Cost of

Compliance

Introductions

Christ Floros

Managing Consultant, Security and Compliance

Itentive Healthcare Solutions

Chelsea Grover

Marketing Communications Coordinator

Itentive Healthcare Solutions

NOT another HIPAA Compliance Webinar!

Lowering

the

Cost of

Compliance

Lowering the cost of compliance

HIPAA compliance is on the minds of most of today’s healthcare leaders. Reports of breaches, fines and clarifications of responsibilities flood in through emails and articles. Although most understand the requirements, many are faced with the problem of implementation and the burden of the costs.

In this webinar we will review what is at risk and present solutions that help in the adoption of a HIPAA compliant security program.

HIPAA Security Rule

• The purpose of the Security Rule is to ensure that every covered entity has implemented safeguards to protect the confidentiality, integrity and availability of electronic protected health information.

• Check the box mentality

• Risk = Threat ∗ Vulnerability ∗ Impact

Value of Information

Credit Card Data

(Worth $.25 to $1)

Patient Data

(Worth $10 to $50)

Vs.

ePHI Breaches

• 2015

113 million patients affected (Anthem breach 80 million)

270 reported breaches

• 2016 (through October)

14.3 million patients affected

252 reported breaches

HIPAA Fines

• 2015

$ 6.1 Million

• 2016

$ 22.84 Million

What does a Data Breach Cost?

• $221 per record in Financial Sector

• $355 per record in Healthcare Sector

• In US probability of having a breach has risen to 24%

• 50% of breaches caused by criminal or malicious attack

Ponemon Institue 2016 report sponsored by IBM

Doing the math

• 10,000 records ∗ $355 per record = $ 3.5 million

• 25,000 records ∗ $355 per record = $ 8.9 million

• 50,000 records ∗ $355 per record = $ 17.8 million

How do we protect ourselves?

• Perform comprehensive HIPAA Security Risk Analysis

• Develop remediation plan to address gaps in compliance

• Identify and maintain evidence of compliance

• Monitor for changes that may present new vulnerabilities

• Rinse and repeat

Challenges to managing the risk

• Regulations provide the What without the How

• Monitoring the volume of information generated through audit logs

• Identifying changes or additions affecting risks and opening vulnerability

• Our day jobs!

How do I effectively manage my HIPAA compliance?

How can we help

Streamline the SRA process

• Providing comprehensive Security Risk Analysis

• Our analysts walk you through the process of identifying and documenting risks through simple questions and interview

• The entire process is documented in the cloud for reference

How can we help

Action planning after the SRA

• Develop remediation plan addressing gaps in compliance

• Online Action Plan to record individual remediation efforts leading to the final remediation of gap including documentation and evidence.

How can we help

Tools that bring it all together

• The aforementioned cloud based Risk Assessment tool

• Organizes SRA through role based interviews

• Acts as repository for documentation

• Tracks and drives remediation plan

How can we help

Reporting

• Customized reports providing relevant information

• Users who have not accessed systems

• User accounts violating security policy

• Security level changes

• Domain security settings

How can we help

Alerting

• Appearance of ePHI in unauthorized locations

• Security changes to sensitive systems

• Network device config changes

• Scanning devices to ensure compliance enabled

• Detect unauthorized devices

How can we help

Demonstrable evidence of compliance

• Security Risk Assessment and documentation

• Reports provide documentation of reviews

• Alerts provide proof of active compliance with security policies

This process is not about living

in fear of an audit.

• Due diligence

Have we carefully considered the threats and

vulnerabilities in our environment?

• Due care

Have we implemented and verified all that is

reasonably required to avoid a breach?

It is about avoiding a breach.

Questions

Christ Floros

• Managing Consultant, Security and Compliance At Itentive Healthcare Solutions

• cfloros@Itentive.com

• 224-220-5533

Thank you

Chicago | Columbus | Itentive.com