1 / 6

Privacy Program Implementation: Framework & Structure for HIPAA Compliance

This project focuses on implementing a comprehensive privacy program based on the HIPAA regulations. It emphasizes the coordination of privacy and security efforts, compliance through good faith efforts and documentation, and integration into existing organizational structures. The approach recognizes the growing importance of information protection beyond regulatory requirements.

helsel
Download Presentation

Privacy Program Implementation: Framework & Structure for HIPAA Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy Project Framework & Structure HIPAA Summit Brent Saunders 202-414-1031 brenton.saunders@us.pwcglobal.com

  2. Philosophy and Approach to Privacy • Six key concepts drive the project philosophy: • Primary focus on business drivers, secondary on regulatory drivers • Privacy and security programs should be well coordinated (information protection) • Good faith efforts and documentation are essential to demonstrate compliance • Approach privacy as a series of manageable implementation projects • Integrate privacy and security programs into existing organizational structure and reporting realities • Partner compliance and business resources • The approach recognizes that, beyond legal and regulatory requirements, information protection is an emerging business imperative, whether it’s employee, patients, members, clinical and/or corporate information

  3. An Approach – Implementing a Privacy Program • Assessment vs. Implementation • Projects should be developed by teams and refined with the business people/department to meet your organization’s business needs, processes and environment • An “implementation” approach can be broken down into the following phases: • Project Organization and Impact • Program and Project Structure Refinement • Detail Planning/Rollout • Implementation

  4. The 4 Phases Phase II – Programand Project Structure Refinement Phase III – Detail Planning and Rollout Phase I –Project Organization Phase IV – Implementation Set Expectations, Objectives, Approach Build Detailed Project Plans Project Management Goals & Strategic Direction Ongoing Oversight (as needed) Document Review Develop Integrated Project Plan Organizational and Legal Analysis Specific Project Assistance (as needed) Information Flow Analysis Assign Project Accountability Project Management Setup and Initiation Finalize Project Management Structure Progress Validation (as needed) Needs Assessment Privacy Laws and Regulations - Impact Analysis Launch Privacy & related Security Projects Compliance Maintenance Project Identification Awareness Training (as needed) Project Management and Quality Assurance

  5. Steering Committee • V.P.-level members from Compliance, Legal, and Functional areas • Establish mission • Obtain support from senior management Oversight Oversight Strategy • Work Groups • Work Groups established for each functional area, e.g., medical records, finance Report findings • Project Management • Privacy Office • Develop and coordinate risk-management and compliance activities Strategy Data mapping Gap analysis Monitor compliance Implementation Develop and oversee training • Business Processes • Maintain compliance Assist and support business units

  6. Ongoing Program Organization • Compliance Model • Hub and Spoke Model • Privacy Committee Model • Legal Model • IT Model

More Related