2015 WINNERS

June 3, 2015

Watch the Replay on YouTube

Agenda

• Privacy Excellence Awards – Overview – Timeliness – Industry News

• Some Words from Our Judges • 2015 Winning Organizations – Going over and above for Patient Privacy

– Audit Readiness – Technical Excellence – Ethics and Integrity – Awareness and Education

• Questions

For Our Patients’ Sake

We envision a healthcare industry in which patients confidently share their most

sensitive medical details to receive the best care possible without regard to privacy

concerns.

Today’s Speakers

Pat Henrikson Privacy Senior Director/Chief Privacy Officer Banner Health

Becky Robertson Privacy and Information Security Officer Cookeville Regional Medical Center Center

Karen Sunderland Senior Auditor, Electronic Information Privacy Yale New Haven Health System

Mark Ford Principal, Cyber Risk Services Deloitte & Touche LLP

Laura Rosas Privacy & Security Expert Former Senior Advisor, ONC

Brian Stone Manager, Customer Success FairWarning, Inc.

2015 Privacy Excellence Awards

• A patient privacy hero embodies: – Courage – Innovation – Dedication

• Honors those who are building goodwill and trust with their patients every day, by investing in and living a culture of patient privacy

• Judged by a panel of peers & industry experts

• Ultimate benchmark for patient privacy monitoring

2015 Privacy Excellence Awards: Time is Now

• In the News: – OCR Launches Phase 2 HIPAA Audit

Program with Pre-Audit Screening Surveys

– OIG Teams Up With Private Sector to Provide Guidance to Health Care Governing Boards

– Healthcare Fraud Initiatives in 2015

A Few Words from Our Judges

• Importance of Ethics & Integrity

• Why Privacy and Security Matters

• Judging: – Measuring Effectiveness

– Additional Insights

The Path to Excellence

2015 Privacy Excellence Award Winners

• Overall Achievement Award: Cookeville Regional Medical Center

• Visionary of the Year – Large: Banner Health

• Visionary of the Year – Medium-Small: Yale-New Haven Health System

• Best Healthcare Provider – Large: Banner Health

• Best Healthcare Provider – Medium-Small: Cookeville Regional Medical Center

Yale New Haven Health System – Audit Readiness

To have a legally defensible position with regards to patient privacy • Program Governance at the VP Level with direct

report to the President and BOG as necessary

• Current Security Risk Assessment

• Annual privacy and security plan outlining data sources being monitored

• Enforced policies and ad-hoc/proactive audits performed on a quarterly basis

Yale New Haven Health System – Audit Readiness

• Written policies around “Acceptable Use/Access” of ePHI

• Sanctions policy specifically addressing privacy violations

• Process and documentation for identifying priorities for monitoring

• Privacy/Security Audits:

– Impressive training and awareness efforts cited

– Timely turn-around time from creation of alert to completion of investigation

Banner Health – Technical Excellence

Establishing a technical and procedural environment to be safely accessed by authorized parties

• BH HIPAA Steering Committee – Provides oversight governance for privacy - includes senior

level corporate leaders

• BH HIPAA Privacy and Security Incident Response Plan – Provides direction and flow charts and includes six principal

phases involved when responding to a breach of PHI

• Effectiveness Reports – Benchmark data used to increase the adoption of our

monitoring program

Banner Health – Technical Excellence

• Authoritative User data integrated

– Conducting advanced monitoring

– Filtering false positives

• Close collaboration between Privacy and IT

• Scoring System Ranks Data Sources

• Data backup strategy

– Redundancy & layers of access built into all servers

Cookeville Regional Medical Center - Ethics & Integrity

Organizational Ethical Integrity is a measure of how truly an organization demonstrates its values through its actions.

• Signed User agreement

• Safeguards and processes in place: – Prevent misuse of patient information or

associated data

– Ensure a uniformed investigation and enforcement of incidents discovered through patient privacy monitoring

Cookeville Regional Medical Center - Ethics & Integrity

• Reporting potential healthcare fraud or questionable practices – “Do the Right Thing” – no retaliation policy

– Employee Orientation: Heavy Compliance focus • Mandatory for all employees, including

leadership, and Board of Directors members

– Anonymous Privacy Hotline and Compliance Hotline

Awareness & Education

• Emphasis on educating patients and training staff to achieve a new standard of awareness and efficiency in patient privacy

• Thinking outside the box with programs and tools that create a culture of patient privacy

Awareness & Education

Cookeville Regional Medical Center • Privacy "Rounding"

– Privacy Officer, (with help from the Privacy Committee members), does floor rounds and visits our many specialty group physicians’ offices

• Avatar representative, “Privacy Polly”

Privacy Polly says………

Awareness & Education

Banner Health • Live the Mission:

– “We exist to make a difference in people’s lives through excellent patient care every day”

• Each Banner facility has an appointed HIPAA Facility Contact – Provides education/updates every other month to group of about 250

• Characters created to assist in training Banner’s workforce – Used in workforce orientation materials and training, e-mail communications,

and website

Awareness & Education

• HIPAA “POPPS” Cart Plan:

Protecting Our Patients’ Privacy & Security – A mobile cart utilized to visit clinical units in an

effort to enhance HIPAA information privacy and security knowledge and allow users to identify with OIS & OPCC personnel in an non-threatening environment

• Clinical Workstations – Screen Savers

Yale New Haven Health System

Outstanding Contributions to Privacy

• CaroMont Health – Gastonia, NC

• Maury Regional Medical Center – Columbia, TN

• Susquehanna Health System – Williamsport, PA

• Terrebonne General Medical Center – Houma, LA

• Wood County Hospital – Bowling Green, OH

2016 Privacy Excellence Awards

Late Fall 2015 February 2016

Apr 17 – 20, 2016

Application Submission Begins

Applications Due Award Celebration at 2016 HCCA Compliance

Institute

Questions

• Please submit via the WebEx Q&A or Chat windows to the right side of your screen.

For more information, please visit:

www.PrivacyExcellenceAwards.com

Upcoming Webinar

OIG Security Audits: What You Need to Know Date: July 23, 2015 Time: 2:00 PM Eastern • A panel of expert speakers from Ogden Murphy

Wallace law firm will provide pertinent information on how to respond to the increasing pressure coming from the OIG

Pre-register for this Webinar Now

Thank you for joining us today

Pat Henrikson Privacy Senior Director/Chief Privacy Officer Banner Health

Becky Robertson Privacy and Information Security Officer Cookeville Regional Medical Center Center

Karen Sunderland Senior Auditor, Electronic Information Privacy Yale New Haven Health System

Mark Ford Principal, Cyber Risk Services Deloitte & Touche LLP

Laura Rosas Privacy & Security Expert Former Senior Advisor, ONC

Brian Stone Manager, Customer Success FairWarning, Inc.