Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Building Assurance Through HIPAA Security, Washington D.C., May 10th-11th

Building Assurance Through HIPAA Security, Washington D.C., May 10th-11th

Ratings: (0)|Views: 3 |Likes:
Published by Redspin, Inc.
Healthcare IT transformation is well underway and IT security will play a major role in whether or not we, collectively, succeed as an industry, as a major part of the U.S. economy and as a country.

While I gained a wealth of information and education from this conference, I want to summarize a few of the most important “take-away” items here.
Healthcare IT transformation is well underway and IT security will play a major role in whether or not we, collectively, succeed as an industry, as a major part of the U.S. economy and as a country.

While I gained a wealth of information and education from this conference, I want to summarize a few of the most important “take-away” items here.

More info:

Published by: Redspin, Inc. on May 23, 2011
Copyright:Traditional Copyright: All rights reserved

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

12/19/2013

pdf

text

original

 
 
Last Monday night, I boarded a “red
-
eye” flight from LAX to Dulles to attend the OCR/NIST HIPAA Security
Conference. I landed at 6:15AM, did a quick change into my business attire, grabbed some coffee, rented a car,and found my way to the Ronald Reagan Building at 1600 Pennsylvania Avenue, 3 blocks from The WhiteHouse. I thankfully arrived just before the breakfast buffet ended and took a seat at the back of the conferenceballroom.The room was packed with 400+ attendees
 – 
literally standing room only until the conference organizers couldarrange for more chairs to be brought in. The congregation included providers, government policy-makers,healthcare lawyers, academics, vendors, and consultants. From the start of the conference at 9AM Tuesdaymorning to well after 4PM Wednesday afternoon, there was a sense of purpose in the air. Healthcare ITtransformation is well underway and IT security will play a major role in whether or not we, collectively,succeed as an industry, as a major part of the U.S. economy and as a country.While I gained a wealth of information and education from this conference, I want to summarize a few of the
most important “take
-
away” items here.
 -
The development of Stage 2 “meaningful use” requirements is well underway.
Security will remain a keyfocus. New providers will be expected to conduct a HIPAA security risk analysis (SRA) and Stage 1 qualifiers
will be ask to “update and re
-
assess” the previous SRA they completed in order to meet Stage 1 attestation.
 -
While still likely stopping short of mandating encryption, Stage 2 meaningful use will also “shine a spotlight”
on the security of data at rest, according to Deven McGraw, co-
Chair of the HIT Policy Committee “Tiger Team” and Director of the Health Privacy Project at the Center for Democracy and Technology.
 - A batch of final regulations dealing with healthcare privacy and security issues will be issued in one
“Omnibus” package to be released this year and likely within months, if not within weeks. This will include:
 
 
HITECH Act modifications to the HIPAA privacy, security and enforcement rules.
 
The final version of the breach notification rule, replacing the current interim version.
 
Formalizing privacy provisions under the Genetic Information Nondiscrimination Act that forbids use of genetic information for insurance underwriting and categorizes such use as a violation of both privacyand non-discrimination regulations.
WEB PHONE EMAIL
800-721-9177 INFO@REDSPIN.COM
 
 - Sue McAndrew, Deputy Director for Health Information Privacy at the Office of Civil Rights (OCR) calledthe HIPAA security risk analysis provision a foundational element of HITECH, along with updating the SRAregularly and implementing reasonable and appropriate safeguards.- Ms. McAndrew further confirmed and clarified that business associates and their subcontractors will have thesame obligations as covered entities under the HIPAA Security Rule and therefore must conduct their ownHIPAA security risk assessments. Within 12 months from the issuance of the Omnibus NPRM, businessassociates will be directly liable for the breach of protected health information (PHI) under HITECH Actsections 13401 and 13404.
She went on to describe this extension of directly liability to business associates “asea change” in the regulations.
 - Stepped-up enforcement of the HIPAA security and privacy provisions is on the way. Federal enforcementtraining of State Attorneys Generals offices was done in Texas this past April, and will be conducted in Atlantaand Washington D.C. by end or May and in San Francisco in early June.
WEB PHONE EMAIL
800-721-9177 INFO@REDSPIN.COM

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->