One academic medical center s response to hipaa
This presentation is the property of its rightful owner.
Sponsored Links
1 / 8

One Academic Medical Center’s Response to HIPAA PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on
  • Presentation posted in: General

One Academic Medical Center’s Response to HIPAA. David McKelvey DUHS January 12, 2001. Education Goal: Learn the material. Regulations in the Federal Register Expert analyses / interpretations Conferences NCHICA HIPAA HealthKey WEDI conference INfoSec 2000 GG/healthcare symposium

Download Presentation

One Academic Medical Center’s Response to HIPAA

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


One academic medical center s response to hipaa

One Academic Medical Center’s Response to HIPAA

David McKelvey

DUHS

January 12, 2001


Awareness orientation identification organization technology normalize contacts

  • Education

  • Goal: Learn the material.

  • Regulations in the Federal Register

  • Expert analyses / interpretations

  • Conferences

    • NCHICA HIPAA HealthKey

    • WEDI conference

    • INfoSec 2000

    • GG/healthcare symposium

    • HIPAA National Summit in DC

    • AMC HIPAA Workshop

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts


Awareness orientation identification organization technology normalize contacts1

  • HIPAA security training sessions

  • Goal: Introduce HIPAA to the organization and stimulate planning required to become compliant.

  • 4 hours long

  • Held approximately every 6 weeks

  • Lecture style presentation

  • Several hundred people have attended so far

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts


Awareness orientation identification organization technology normalize contacts2

  • HIPAA first look meetings (Gap Analysis)

  • Goals: Equip groups with information required to prepare HIPAA budget requests. Give snapshot to senior mgmt.

  • 3-6 hours long

  • Scheduled with individual groups

  • In attendance management and IT people

  • Deliverable is a spreadsheet filled out by the group

    • Compliance level (L M H)

    • Challenges, needs, success factors in becoming compliant ($ ET ST OC T O SL HSL SD)

    • Opportunities while/in becoming compliant ($ ST O SL HSL TEAM STDS SD)

    • Cost estimate to become compliant (L M H)

    • Cost estimate to stay compliant (L M H)

  • About 18 groups have participated so far

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts


Awareness orientation identification organization technology normalize contacts3

  • Groups

  • Goal: Organize people and activities required to bring the organization into HIPAA compliance.

  • Changes to policy, procedures, and technology in equal measure is required.

  • Executive committee

  • Policy group

  • Evaluation and monitoring committee

  • Information security office

  • Technical security guidance groups

  • Oversight groups

  • Managers

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts


Awareness orientation identification organization technology normalize contacts4

  • Goal: Prototype, pilot, and implement technological solutions to HIPAA requirements best addressed by common or interoperable technological solutions.

  • Firewall

  • Public Key Infrastructure (PKI)

  • Digital Signature

  • Virtual Private Network (VPN)

  • Wireless network access

  • Anti-virus software

  • Personal firewall

  • PDA access

  • Intrusion detection

  • Security incident

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts


Awareness orientation identification organization technology normalize contacts5

  • Goal: Participate in activities with representatives of other HCOs intended to define what is adequate, promote interoperable standards, and coordinate implementation.

  • North Carolina Healthcare Information and Communications Alliance (NCHICA)

    • Implementation Planning Task Force

    • Data Security Workgroup

    • Network Security and Interoperability Workgroup

    • Transactions Workgroup

  • Workgroup for Electronic Data Interchange (WEDI)

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts


Awareness orientation identification organization technology normalize contacts6

David McKelvey:[email protected]

NCHICA:http://www.NCHICA.org

WEDI:http://www.WEDI.org

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts


  • Login