hipaa privacy and security compliance webinar · 1/16/2020 · agenda. 3 » 11:00am • opening...
TRANSCRIPT
![Page 1: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/1.jpg)
Thursday, January 16, 2020
HIPAA Privacy and Security Compliance Webinar
1
Please note: • All phone lines will automatically be muted on entry, and will remain muted for the length
of the presentation.• You may submit written questions via the “chat” icon shown here .
![Page 2: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/2.jpg)
Karen WakeAVP Commercial InsuranceJohnson Financial Group
Opening Remarks
2
![Page 3: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/3.jpg)
Agenda
3
» 11:00am• Opening remarks and introductions
» 11:00am to 11:25am• “HIPAA Refresher for Employers/Health Plan Sponsors”
• Jason Gutzman, VP Employee Benefits Consultant
» 11:25am to 11:50am• “2020 HIPAA Risk Preview”
• Steve Frew, VP Risk Consultant
» 11:50am to 12:00pm• Q&A and closing remarks
![Page 4: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/4.jpg)
Featured Presenters
4
Jason GutzmanRHU, MHP, REBC, ChHC, CSFS,
GBA, CEBSVP Employee Benefits Consultant
Johnson Financial Group
Steve FrewJD, CIPP/US
VP Risk ConsultantJohnson Financial Group
![Page 5: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/5.jpg)
Presented by: Jason Gutzman
HIPAA Refresher for Employers/Health Plan
Sponsors
5
![Page 6: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/6.jpg)
» What is HIPAA» Who is subject to the HIPAA Rules» What information is Protected» Key requirements of HIPAA Rules» Enforcement» Compliance Steps
Outline
6
![Page 7: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/7.jpg)
What is HIPAA?
7
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is federal legislation in which addresses issues ranging from health insurance coverage to national standard identifiers for healthcare providers.
The portions that are important for our purposes are those that deal with protecting the privacy (confidentiality) and security (safeguarding) of health data, which HIPAA calls Protected Health Information or PHI, and breach notification rules. These important Rules were issued in 2013 and diligently enforced by the Office for Civil Rights (OCR) – a division of Health and Human Services (HHS).
![Page 8: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/8.jpg)
HIPAA Rules
8
![Page 9: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/9.jpg)
Health Plans are Covered Entities
9
![Page 10: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/10.jpg)
Employers
10
![Page 11: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/11.jpg)
Protected Health Information
11
![Page 12: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/12.jpg)
Information Definitions
12
![Page 13: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/13.jpg)
Privacy Rule Overview
13
![Page 14: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/14.jpg)
Special Exception for Fully Insured Health Plans
14
![Page 15: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/15.jpg)
Use and Disclosure Rules
15
![Page 16: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/16.jpg)
Disclosures to Employers
16
![Page 17: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/17.jpg)
Disclosures to Business Associates
17
![Page 18: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/18.jpg)
Privacy Notice
18
![Page 19: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/19.jpg)
Other Individual Rights
19
![Page 20: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/20.jpg)
Administrative Requirements
20
![Page 21: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/21.jpg)
Security Rule Overview
21
![Page 22: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/22.jpg)
Risk Analysis
22
![Page 23: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/23.jpg)
Security Safeguards
23
![Page 24: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/24.jpg)
Examples of Safeguards
24
![Page 25: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/25.jpg)
Breach Notification Rule Overview
25
![Page 26: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/26.jpg)
What Is a Breach?
26
![Page 27: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/27.jpg)
• A breach could result from many activities. » Accessing more than the minimum necessary» Failing to log off when leaving a workstation» Unauthorized access to PHI» Sharing confidential information, including passwords» Having patient-related conversations in public settings» Improper disposal of confidential materials in any form» Copying or removing PHI from the appropriate area
• Why?» Curiosity…about a co-worker or friend» Laziness…so shared sign-on to information systems» Compassion…the desire to help someone» Greed or malicious intent…for personal gain
What Constitutes a Breach?
27
![Page 28: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/28.jpg)
Covered Entity Breach Notification Requirements
28
![Page 29: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/29.jpg)
Common Employer Mistakes
29
![Page 30: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/30.jpg)
Most Common HIPAA Complaints
30
![Page 31: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/31.jpg)
HIPAA Penalties
31
![Page 32: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/32.jpg)
What Employers Need to Do
32
When in doubt, consult with legal counsel!
![Page 33: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/33.jpg)
Presented by: Steve Frew
2020 HIPAA Risk Preview
33
![Page 34: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/34.jpg)
» HIPAA threats – 2020 starting line-up» OCR HIPAA enforcement» HIPAA reporting» Risk management tips
Outline
34
![Page 35: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/35.jpg)
Threat Sources
35
![Page 36: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/36.jpg)
Breakdown
Laptops Documents Disk drives Flash drives Desktops
Theft or Loss of Device
36
![Page 37: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/37.jpg)
Method
Email Brute force Backdoor
Outside Attack – Hackers
37
![Page 38: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/38.jpg)
0 10 20 30 40 50 60 70 80
Stolen Creds
Malware
Ransomware
Type of attack
Hackers
38
![Page 39: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/39.jpg)
Error Misuse
Employees – Errors and Intent
39
![Page 40: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/40.jpg)
40
![Page 41: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/41.jpg)
41
![Page 42: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/42.jpg)
• Data or hardcopy posted to wrong patient record
• Data or hardcopy not securely disposed of» Hard drives » Hardcopy in trash» Copies or printouts left in insecure setting» Multi-part forms
Improper Filing and Disposal
42
![Page 43: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/43.jpg)
• Release after expiration of authorization• Failure to provide copies in timely manner upon
request» New OIG hot button
Late Release of Information
43
![Page 44: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/44.jpg)
OCR HIPAA Enforcement
44
![Page 45: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/45.jpg)
45
COVERED ENTITY AMOUNT CAUSE
Elite Dental Services –Dallas
$10,000 • Disclosed PHI in response to unfavorable YELP review
• Failure to implement P&P on social media posts
• Inadequate notice of privacyJackson Health $2,154,000 Employee selling PHI of VIPS for 5
years. Accessed more than 24,000 patient records.
![Page 46: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/46.jpg)
46
COVERED ENTITY AMOUNT CAUSE
Korunda $85,000 Complaint of failing to provide access to medical records in format requested. OCR provided technical assistance to CE but they failed to promptly provide access
Medical Informatics Engineering
$100,000 Hacker accessed 3.5 million medical records.• Failure to conduct risk
assessment
![Page 47: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/47.jpg)
47
COVERED ENTITY AMOUNT CAUSE
Texas HHS $1.6 million
• Failure to conduct risk assessment
• Failure to respond to known security incident
• 187 day failure to notify affected individuals
• Failure to notify media 147 daysSentara $2,175,000 Owner entity of 10 hospitals mixed
up billing and disclosed PHI of 577 patients but only reported 8 to OCR• No business associate
agreement with owner entity for billing services
• Failure to notify OCR in timely manner
![Page 48: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/48.jpg)
48
COVERED ENTITY AMOUNT CAUSE
University of Rochester Medical Center
$3 million • Theft of unencrypted laptop disclosed PHI of 43 patients
• Failed to conduct risk assessment
• Failed to implement security measures
• Inadequate policies and procedures
• Failure to adopt encryption or document why encryption was not reasonable and adopt equivalent alternative protection
![Page 49: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/49.jpg)
49
COVERED ENTITY AMOUNT CAUSE
Bayfront Health $85,000 Failure to provide medical records in timely manner and form -- 10 months
Cottage Health $3 million 2 breaches in two years total of 60,000+ records• Failure to conduct risk
assessment• Inadequate security measures• Failure to conduct tech
evaluation following new OS install
• Failure to have business associate agreement with contractor
![Page 50: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/50.jpg)
HIPAA Reporting
50
![Page 51: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/51.jpg)
Reporting <500
51
![Page 52: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/52.jpg)
Reporting >500
52
![Page 53: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/53.jpg)
• Breach Portal» Notice to the Secretary of HHS Breach of Unsecured
Protected Health Information» https://ocrportal.hhs.gov/ocr/breach/wizard_breach.jsf
Where to Report
53
![Page 54: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/54.jpg)
Reporting Page
54
![Page 55: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/55.jpg)
Risk Management Tips
55
![Page 56: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/56.jpg)
Mobile Security and HIPAA
56
Secure access authentication
Encrypt
Remote wipe
Block file share
Update regularly
Approved apps only
VPN on public Wi-Fi
![Page 57: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/57.jpg)
HIPAA Security on the Cloud
57
Business Associate Agreement:
Written agreement Privacy and security terms Duties Subcontractors:
• Audit rights• Insurance & Limits
![Page 58: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/58.jpg)
Formulate a Defensive Strategy
Assume you will be hit
Secure your email system Data loss protection
systems Role based privileging
Multifactor access
Monitor-audit-test
Build human firewalls
Encrypt everything
58
![Page 59: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/59.jpg)
59
Download at: https://www.johnsonbank.com/Resources/Articles/2018-10-05-HIPAA-Toolkit
![Page 60: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/60.jpg)
Questions?
60
![Page 61: HIPAA Privacy and Security Compliance Webinar · 1/16/2020 · Agenda. 3 » 11:00am • Opening remarks and introductions » 11:00am to 11:25am • “HIPAA Refresher for Employers/Health](https://reader035.vdocuments.site/reader035/viewer/2022071217/60490cd4e9e79a241234d2a7/html5/thumbnails/61.jpg)
Thank you for attending!
61