one academic medical center s response to hipaa
Download
Skip this Video
Download Presentation
One Academic Medical Center’s Response to HIPAA

Loading in 2 Seconds...

play fullscreen
1 / 8

One Academic Medical Center’s Response to HIPAA - PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on

One Academic Medical Center’s Response to HIPAA. David McKelvey DUHS January 12, 2001. Education Goal: Learn the material. Regulations in the Federal Register Expert analyses / interpretations Conferences NCHICA HIPAA HealthKey WEDI conference INfoSec 2000 GG/healthcare symposium

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'One Academic Medical Center’s Response to HIPAA' - lydie


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
one academic medical center s response to hipaa

One Academic Medical Center’s Response to HIPAA

David McKelvey

DUHS

January 12, 2001

awareness orientation identification organization technology normalize contacts
Education
  • Goal: Learn the material.
  • Regulations in the Federal Register
  • Expert analyses / interpretations
  • Conferences
    • NCHICA HIPAA HealthKey
    • WEDI conference
    • INfoSec 2000
    • GG/healthcare symposium
    • HIPAA National Summit in DC
    • AMC HIPAA Workshop

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts

awareness orientation identification organization technology normalize contacts1
HIPAA security training sessions
  • Goal: Introduce HIPAA to the organization and stimulate planning required to become compliant.
  • 4 hours long
  • Held approximately every 6 weeks
  • Lecture style presentation
  • Several hundred people have attended so far

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts

awareness orientation identification organization technology normalize contacts2
HIPAA first look meetings (Gap Analysis)
  • Goals: Equip groups with information required to prepare HIPAA budget requests. Give snapshot to senior mgmt.
  • 3-6 hours long
  • Scheduled with individual groups
  • In attendance management and IT people
  • Deliverable is a spreadsheet filled out by the group
    • Compliance level (L M H)
    • Challenges, needs, success factors in becoming compliant ($ ET ST OC T O SL HSL SD)
    • Opportunities while/in becoming compliant ($ ST O SL HSL TEAM STDS SD)
    • Cost estimate to become compliant (L M H)
    • Cost estimate to stay compliant (L M H)
  • About 18 groups have participated so far

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts

awareness orientation identification organization technology normalize contacts3
Groups
  • Goal: Organize people and activities required to bring the organization into HIPAA compliance.
  • Changes to policy, procedures, and technology in equal measure is required.
  • Executive committee
  • Policy group
  • Evaluation and monitoring committee
  • Information security office
  • Technical security guidance groups
  • Oversight groups
  • Managers

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts

awareness orientation identification organization technology normalize contacts4
Goal: Prototype, pilot, and implement technological solutions to HIPAA requirements best addressed by common or interoperable technological solutions.
  • Firewall
  • Public Key Infrastructure (PKI)
  • Digital Signature
  • Virtual Private Network (VPN)
  • Wireless network access
  • Anti-virus software
  • Personal firewall
  • PDA access
  • Intrusion detection
  • Security incident

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts

awareness orientation identification organization technology normalize contacts5
Goal: Participate in activities with representatives of other HCOs intended to define what is adequate, promote interoperable standards, and coordinate implementation.
  • North Carolina Healthcare Information and Communications Alliance (NCHICA)
    • Implementation Planning Task Force
    • Data Security Workgroup
    • Network Security and Interoperability Workgroup
    • Transactions Workgroup
  • Workgroup for Electronic Data Interchange (WEDI)

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts

awareness orientation identification organization technology normalize contacts6
David McKelvey: [email protected]

NCHICA: http://www.NCHICA.org

WEDI: http://www.WEDI.org

AwarenessOrientationIdentificationOrganizationTechnologyNormalizeContacts

ad