SlideShare a Scribd company logo

HIPAA Security Assesment Toolkit

J
jatabq

This document introduces the HIPAA Security Assessment ToolKit, which provides resources to help organizations achieve HIPAA security compliance. It highlights how the HITECH Act significantly increased security requirements and penalties. The toolkit contains tools and guidance to help users conduct a security assessment, identify remediation items, and develop compliance policies and training. It establishes an efficient and low-risk approach to getting started with HIPAA security compliance.

Technology
1 of 12
Downloaded 58 times
1
2
3
4
5
6
7
8
9
10
11
12
HIPAA Security Assessment ToolKit™ Introduction and Overview Bob Chaput 615-656-4299 or 800-704-3394 bob.chaput@HIPAASecurityAssessment.com HITECH Security Advisors, LLC 1
Disclaimers 1. We are not attorneys! Consult with your own legal counsel or advisors. 2. Information about and around HIPAA and HITECH continues to evolve. 3. HIPAA and HITECH rules and regulations are subject to lots of different interpretations. 4. Every effort has been made to insure that the information presented is correct, but we can cannot offer such assurances. 5. You should not rely on this information for legal purposes, but simply use it as a tool to raise your awareness.
Why You Should Care! 1. “Ensuring adequate privacy and security protections for personal health information” is a key part of Meaningful Use 2. HITECH Act has raised the ante for HIPAA Security compliance significantly 3. Compliance is the smart thing to do for your business and the right thing to do for your patients or your customers’ patients 4. It’s the law! 3
Meaningful Use Stage 1 Policy Goals It’s about health outcomes improvement in the US… 1. Improving quality, safety, efficiency, and reducing health disparities. 2. Engaging patients and families in their healthcare 3. Improving care coordination 4. Improving population and public health 5. Ensuring adequate privacy and security protections for personal health information 4
The HITECH Act – Major Changes From a Privacy and Security perspective, here are five absolute “game changers” under HITECH: 1) Mandatory audits (Subtitle D, Part 1, Section 13411) 2) HHS non-compliance fines return to HHS’ coffers and within a few years (by law) individuals will participate in sharing the proceeds 3) State AGs can now bring civil actions on behalf of their citizens 4) Business Associates are now statutorily obligated 5) Data Breach Notification requirements 5
Meet the HHS Data Breach ‘Wall of Shame’ http://www.hhs.gov/ocr/privacy/hi paa/administrative/breachnotific ationrule/postedbreaches.html 6
HIPAA Security-HITECH Compliance Roadmap HIPAA HIPAA Remediation Security is Plan NOT a Focus of HSA ToolKit™ (HRP) “techie” project Preliminary HIPAA Remediation Security Plan Strategy HIPAA HIPAA HIPAA (PRP) (HSS) Security Compliance Security Assessment Manual Evaluation (HSA) HIPAA (HCM) (HSE) HIPAA Security Risk Training Analysis (HST) (HRA) … A journey, not a HIPAA Security destination ! Policies (HSP) 7
Purpose of the HSA ToolKit™ 1. Jump Start Your HIPAA Security Compliance Program 2. Establish A Progress / Benchmark Monitor 3. Quickly Identify “Low Hanging” Remediation Items 4. Develop a Solid Foundation for HIPAA Risk Analysis 5. Build Deep Understanding At The Onset 6. Get out in front of Meaningful Use requirements on ePHI security 8
Contents of the HSA ToolKit™ 1. HIPAA Security Assessment ToolKit™ Contents document 2. How to Use the HIPAA Security Assessment ToolKit™ 3. Comprehensive HIPAA Security Assessment (HSA) Excel Tool™, including Instructions, Glossary of Terms, included with HSA Excel Tool, Policies Checklist, Resources & References 4. HIPAA Security – HITECH Compliance Roadmap™ 5. Preliminary Remediation Plan Candidate Items template 6. Data Mountain HIPAA-HITECH Security Rule FAQ 7. Iron Mountain HIPAA Primer – What You Should Know About the New Regulations 8. 2009 CMS' HIPAA Compliance Review Analysis And Summary of Results 9. Office of Civil Rights (OCR) HIPAA Security Standards: Guidance on Risk Analysis 10. Centers for Medicare & Medicaid Services (CMS) Security Standards: Implementation for the Small Provider 11. Complete copy of HIPAA Security Final Rule (45 CFR Parts 160, 162, and 164) 9
Heart of the HSA ToolKit™
Features and Benefits of the HSA ToolKit™ HSA ToolKit™ Features HSA ToolKit™ Benefits • Low Risk • Easily derived immediate remediation steps Low Price and High Value • Fast Track to HIPAA Security Rule Compliance • Comprehensive tool and resources • Low Impact on Client Staff and Operations Short Duration • Fast, Immediate Results • Proven Quality • Developed by Senior, Experienced Professionals Development Team • Health Care Expertise • HIPAA – HITECH Focused • Comprehensive, Complete Data Gathering • Based on Proven Best Practices Sound Methodology • High-Quality, Credible Outcomes • Process View, No-Fault Appraisal • Baseline for Compliance Program 11
Contact Bob Chaput www.HIPAASecurityAssessment.com bob.chaput@HIPAASecurityAssessment.com Connect: www.linkedin.com/in/bobchaput Follow me: Twitter.com/bobchaput HITECH Security Advisors, LLC 12

More Related Content

PPSX
Mbm Hipaa Hitech Ss Compliance Risk Assessment
MBMeHealthCareSolutions
 
PPTX
HIPAA Compliance: Simple Steps to the Healthcare Cloud
Hostway|HOSTING
 
PPTX
MindLeaf - HIPAA privacy and cybersecurity insurance
mindleaftechnologies
 
PDF
Cyberinsurance 111006
JNicholson
 
PPTX
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
PDF
HIPAA: security risk analysis
JoAnna Cheshire
 
PPTX
Firehost Webinar: Hipaa Compliance 101 Part 1
Armor
 
DOCX
Hipaa random audit
supportc2go
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
MBMeHealthCareSolutions
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
Hostway|HOSTING
 
MindLeaf - HIPAA privacy and cybersecurity insurance
mindleaftechnologies
 
Cyberinsurance 111006
JNicholson
 
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
HIPAA: security risk analysis
JoAnna Cheshire
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Armor
 
Hipaa random audit
supportc2go
 

What's hot (19)

PPTX
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
Polsinelli PC
 
DOCX
Common Security Framework Summary
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
PDF
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Schellman & Company
 
PDF
2010 New Guidelines Hipaa Checklist V1
GuardEra Access Solutions, Inc.
 
PDF
Hortonworks help customers building a HIPAA compliant Data Lake
Vitor Lundberg
 
PDF
Hitrust csf-assurance-program-requirements-v1 3-final
ajcob123
 
PDF
Ecfirstbiz
shailu devi
 
PDF
HIPAA Solutions on Cloud Foundry
Jim Shingler
 
PPT
Iadmdhipmkt1.0
profit10
 
PDF
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
PPTX
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
HPCC Systems
 
PDF
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
PDF
HIPAA Security & Privacy Official
GlobalCompliancePanel
 
DOCX
HIPAA | HIPAA Training
himalya sharma
 
PPT
FRSecure Sales Deck
Evan Francen
 
PDF
What Every Physician Needs to Know About Cloud Storage
Texas Medical Liability Trust
 
DOCX
HIPAA | HIPAA Training
himalya sharma
 
PPT
Compliance & hipaa regulations
rcpopp2002
 
PDF
HealthCare Compliance - HIPAA & HITRUST
Kimberly Simon MBA
 
The Intersection of OCR Enforcement and Health Care Data Privacy & Security
Polsinelli PC
 
Common Security Framework Summary
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Schellman & Company
 
2010 New Guidelines Hipaa Checklist V1
GuardEra Access Solutions, Inc.
 
Hortonworks help customers building a HIPAA compliant Data Lake
Vitor Lundberg
 
Hitrust csf-assurance-program-requirements-v1 3-final
ajcob123
 
Ecfirstbiz
shailu devi
 
HIPAA Solutions on Cloud Foundry
Jim Shingler
 
Iadmdhipmkt1.0
profit10
 
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
Leveraging HPCC Systems as Part of an Information Security, Privacy, and Comp...
HPCC Systems
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
HIPAA Security & Privacy Official
GlobalCompliancePanel
 
HIPAA | HIPAA Training
himalya sharma
 
FRSecure Sales Deck
Evan Francen
 
What Every Physician Needs to Know About Cloud Storage
Texas Medical Liability Trust
 
HIPAA | HIPAA Training
himalya sharma
 
Compliance & hipaa regulations
rcpopp2002
 
HealthCare Compliance - HIPAA & HITRUST
Kimberly Simon MBA
 
Ad

Similar to HIPAA Security Assesment Toolkit (20)

PDF
HIPAA Compliance for Developers
TrueVault
 
PDF
Simple Steps to HIPAA Compliance
AtMyDeskTraining
 
PDF
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin, Inc.
 
DOCX
Final Project Presentation requirementSelect your final project .docx
lmelaine
 
PDF
HIPAA HITECH Express Security Privacy Webinar
Compliancy Group
 
DOCX
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docx
wilcockiris
 
PPTX
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW
 
PDF
The HIPAA Audit: What to Expect and How to Prepare Your Practice
ShyamMishra72
 
PDF
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
PDF
Explain the security implications of HIPPA requirements for hospital.pdf
arjunenterprises1978
 
PPTX
Understanding HIPAA
Manas Deep
 
PDF
An Overview of HIPAA Laws and Regulations.pdf
SeasiaInfotech2
 
PPTX
Comp8 unit6a lecture_slides
CMDLMS
 
PDF
HIPAA 101- What all Doctors NEED to know
Compliancy Group
 
PPTX
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...
Learn2Prevent
 
PDF
A brief introduction to hipaa compliance
Prince George
 
PDF
How to Ensure HIPPA Compliance
Hanna Global
 
PDF
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...
Colington Consulting
 
PDF
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...
Ben Rothke
 
PDF
Hipaa compliance for small healthcare providers
GlobalCompliancePanel
 
HIPAA Compliance for Developers
TrueVault
 
Simple Steps to HIPAA Compliance
AtMyDeskTraining
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin, Inc.
 
Final Project Presentation requirementSelect your final project .docx
lmelaine
 
HIPAA HITECH Express Security Privacy Webinar
Compliancy Group
 
Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta.docx
wilcockiris
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW
 
The HIPAA Audit: What to Expect and How to Prepare Your Practice
ShyamMishra72
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
Explain the security implications of HIPPA requirements for hospital.pdf
arjunenterprises1978
 
Understanding HIPAA
Manas Deep
 
An Overview of HIPAA Laws and Regulations.pdf
SeasiaInfotech2
 
Comp8 unit6a lecture_slides
CMDLMS
 
HIPAA 101- What all Doctors NEED to know
Compliancy Group
 
The Ultimate Guide to HIPAA Training Course Online Everything You Need to Kno...
Learn2Prevent
 
A brief introduction to hipaa compliance
Prince George
 
How to Ensure HIPPA Compliance
Hanna Global
 
The Ultimate Guide to HIPAA Compliance - Strategies and Security Risk Assessm...
Colington Consulting
 
HIPAA and Beyond - How to Effectively Safeguard Electronic Protected Health I...
Ben Rothke
 
Hipaa compliance for small healthcare providers
GlobalCompliancePanel
 
Ad

Recently uploaded (20)

PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 

HIPAA Security Assesment Toolkit

  • 1. HIPAA Security Assessment ToolKit™ Introduction and Overview Bob Chaput 615-656-4299 or 800-704-3394 bob.chaput@HIPAASecurityAssessment.com HITECH Security Advisors, LLC 1
  • 2. Disclaimers 1. We are not attorneys! Consult with your own legal counsel or advisors. 2. Information about and around HIPAA and HITECH continues to evolve. 3. HIPAA and HITECH rules and regulations are subject to lots of different interpretations. 4. Every effort has been made to insure that the information presented is correct, but we can cannot offer such assurances. 5. You should not rely on this information for legal purposes, but simply use it as a tool to raise your awareness.
  • 3. Why You Should Care! 1. “Ensuring adequate privacy and security protections for personal health information” is a key part of Meaningful Use 2. HITECH Act has raised the ante for HIPAA Security compliance significantly 3. Compliance is the smart thing to do for your business and the right thing to do for your patients or your customers’ patients 4. It’s the law! 3
  • 4. Meaningful Use Stage 1 Policy Goals It’s about health outcomes improvement in the US… 1. Improving quality, safety, efficiency, and reducing health disparities. 2. Engaging patients and families in their healthcare 3. Improving care coordination 4. Improving population and public health 5. Ensuring adequate privacy and security protections for personal health information 4
  • 5. The HITECH Act – Major Changes From a Privacy and Security perspective, here are five absolute “game changers” under HITECH: 1) Mandatory audits (Subtitle D, Part 1, Section 13411) 2) HHS non-compliance fines return to HHS’ coffers and within a few years (by law) individuals will participate in sharing the proceeds 3) State AGs can now bring civil actions on behalf of their citizens 4) Business Associates are now statutorily obligated 5) Data Breach Notification requirements 5
  • 6. Meet the HHS Data Breach ‘Wall of Shame’ http://www.hhs.gov/ocr/privacy/hi paa/administrative/breachnotific ationrule/postedbreaches.html 6
  • 7. HIPAA Security-HITECH Compliance Roadmap HIPAA HIPAA Remediation Security is Plan NOT a Focus of HSA ToolKit™ (HRP) “techie” project Preliminary HIPAA Remediation Security Plan Strategy HIPAA HIPAA HIPAA (PRP) (HSS) Security Compliance Security Assessment Manual Evaluation (HSA) HIPAA (HCM) (HSE) HIPAA Security Risk Training Analysis (HST) (HRA) … A journey, not a HIPAA Security destination ! Policies (HSP) 7
  • 8. Purpose of the HSA ToolKit™ 1. Jump Start Your HIPAA Security Compliance Program 2. Establish A Progress / Benchmark Monitor 3. Quickly Identify “Low Hanging” Remediation Items 4. Develop a Solid Foundation for HIPAA Risk Analysis 5. Build Deep Understanding At The Onset 6. Get out in front of Meaningful Use requirements on ePHI security 8
  • 9. Contents of the HSA ToolKit™ 1. HIPAA Security Assessment ToolKit™ Contents document 2. How to Use the HIPAA Security Assessment ToolKit™ 3. Comprehensive HIPAA Security Assessment (HSA) Excel Tool™, including Instructions, Glossary of Terms, included with HSA Excel Tool, Policies Checklist, Resources & References 4. HIPAA Security – HITECH Compliance Roadmap™ 5. Preliminary Remediation Plan Candidate Items template 6. Data Mountain HIPAA-HITECH Security Rule FAQ 7. Iron Mountain HIPAA Primer – What You Should Know About the New Regulations 8. 2009 CMS' HIPAA Compliance Review Analysis And Summary of Results 9. Office of Civil Rights (OCR) HIPAA Security Standards: Guidance on Risk Analysis 10. Centers for Medicare & Medicaid Services (CMS) Security Standards: Implementation for the Small Provider 11. Complete copy of HIPAA Security Final Rule (45 CFR Parts 160, 162, and 164) 9
  • 10. Heart of the HSA ToolKit™
  • 11. Features and Benefits of the HSA ToolKit™ HSA ToolKit™ Features HSA ToolKit™ Benefits • Low Risk • Easily derived immediate remediation steps Low Price and High Value • Fast Track to HIPAA Security Rule Compliance • Comprehensive tool and resources • Low Impact on Client Staff and Operations Short Duration • Fast, Immediate Results • Proven Quality • Developed by Senior, Experienced Professionals Development Team • Health Care Expertise • HIPAA – HITECH Focused • Comprehensive, Complete Data Gathering • Based on Proven Best Practices Sound Methodology • High-Quality, Credible Outcomes • Process View, No-Fault Appraisal • Baseline for Compliance Program 11
  • 12. Contact Bob Chaput www.HIPAASecurityAssessment.com bob.chaput@HIPAASecurityAssessment.com Connect: www.linkedin.com/in/bobchaput Follow me: Twitter.com/bobchaput HITECH Security Advisors, LLC 12