Clearwater HIPAA Security Assessment™€¦ · Results you can count on: Completes a key...
Transcript of Clearwater HIPAA Security Assessment™€¦ · Results you can count on: Completes a key...
© 2010-11 Clearwater Compliance LLC | All Rights Reserved1
Jon Stone, MPA, PMP
615-210-9612
[email protected] Compliance LLC
Clearwater HIPAA Security Assessment™ Guided Tour
© Clearwater Compliance LLC | All Rights Reserved
• 25+ years in Healthcare in the provider, payer and healthcare quality improvement fields
• Innovator | Strategic Program Manager | Consultant | Executive
• 15+ years of strategic leadership for compliance and Healthcare information technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix.
• PMP, MPA - Healthcare Policy and Administration
Jon Stone, MPA, PMP
Jon Stone, MPA, PMP615-210-9612
© Clearwater Compliance LLC | All Rights Reserved
• Regulatory background
• Product features
• Software walkthrough
• Product benefits
Session Objectives
© Clearwater Compliance LLC | All Rights Reserved4
Three Pillars of HIPAA-HITECH Compliance…
Pri
vacy
Sec
uri
ty
Bre
ach
Noti
fica
tion
……
HITECH
HIPAA
Breach Notification IFR• 6 pages / 2K words• 4 Standards• 9 Implementation Specs
Privacy Final Rule• 75 pages / 27K words• 56 Standards• ~ 54 “dense”
Implementation Specs
Security Final Rule• 18 pages / 4.5K words• 22 Standards• ~50 Implementation
Specs
OMNIBUS FINAL RULE
© Clearwater Compliance LLC | All Rights Reserved5
What do the regulations require?
45 C.F.R. §164.308(a)(1)(i) Standard: Security Management Process
(1)(i) Standard: Security management process. Implement policies and
procedures to prevent, detect, contain, and correct security violations.
(ii) Implementation specifications:
45 C.F.R. §164.308(a)(8)
Standard: Evaluation. Perform a periodic technical and non-
technical evaluation, based initially upon the standards
implemented under this rule and subsequently, in response to
environmental or operational changes…
(A) Risk analysis (Required). Conduct an accurate and thorough
assessment of the potential risks and vulnerabilities to the
confidentiality, integrity, and availability of electronic protected health
information…
© Clearwater Compliance LLC | All Rights Reserved
Three Dimensions of HIPAA Security Business Risk Management
Complete a Security
Assessment to
Determine Compliance
Complete a Risk
Analysis to Protect
Sensitive Info
Perform Network and
Penetration Testing for a
full Risk Program
2. Security45 CFR 164.308(a)(1)(ii)(A)
Risk Analysis
1. Compliance45 CFR 164.308(a)(8)
Security Evaluation
3. Test & Audit45 CFR 164.308(a)(8) & OCR Audit
Protocol
© Clearwater Compliance LLC | All Rights Reserved
Why do a Security Assessment?
© Clearwater Compliance LLC | All Rights Reserved
8
Why do a Security Assessment?
Meet 45 CFR 164.308(a)(8) - Evaluation
Be prepared in the event of a breach or complaint driven investigation
Build a solid educational foundation
Jump – Start Overall Security Compliance Program
Demonstrate Good Faith Effort
© Clearwater Compliance LLC | All Rights Reserved9
© Clearwater Compliance LLC | All Rights Reserved
Three Key Compliance Questions
1. Is it documented?
• Policies, Procedures and
Documentation
3. Is it Reasonable and
Appropriate?
• Comply with the implementation
specification
2. Are you doing it?
• Using, Applying, Practicing
and Enforcing
© Clearwater Compliance LLC | All Rights Reserved
Click Here to Go To Website
Software as a Service Demo
© Clearwater Compliance LLC | All Rights Reserved
Sample System Notice
© Clearwater Compliance LLC | All Rights Reserved
13
Results you can count on:
• Completes a key requirement of the HIPAA Security Rule
• Find gaps in your program and know what to remediate first
• Stay compliant through ongoing guidance and support
• Resolve risk exposures and protect ePHI
• Store Compliance documentation in one place using our Cloud based software
• Reduce complexity and guesswork
Results you can count on:
• Completes a key requirement of the HIPAA Security Rule
• Find gaps in your program and know what to remediate first
• Stay compliant through ongoing guidance and support
• Resolve risk exposures and protect ePHI
• Store Compliance documentation in one place using our Cloud based software
© Clearwater Compliance LLC | All Rights Reserved14
Area Feature
Support Unlimited support during normal business
hours
Training 60-90 minutes of live web based training
Extensive free self-service training
User
Provisioning
Easy self service capabilities to add unlimited
numbers of users
Add additional business entities and perform
multiple concurrent assessments for an
additional reasonable price
Software as a Service Advantages
© Clearwater Compliance LLC | All Rights Reserved15
Area Feature
Ease of Access Available 7x24 from an internet connection
No software download required
Supports all common browsers
Business
Continuity
Customer data is backed up every 15 minutes.
Returned to operations in under two hours
Protection Strong firewalls
All data sent or received uses TLS 1.1 encryption
Passwords are stored using strong encryption
Software as a Service Advantages
© Clearwater Compliance LLC | All Rights Reserved
Need help with resources or expertise?
© Clearwater Compliance LLC | All Rights Reserved
Questions?
© Clearwater Compliance LLC | All Rights Reserved18
Or Click Here
If you are interested in a Free Trial please contact us;
(800) 704 - 3394
© Clearwater Compliance LLC | All Rights Reserved
Register For Upcoming Live HIPAA-HITECH Webinars at:
http://clearwatercompliance.com/live-educational-webinars/
Get more info…
View pre-recorded Webinars like this one at:
http://clearwatercompliance.com/on-demand-webinars/