Steven Baruch - Health Care Compliance Association

More documents

Recommendations

Info

Data Breach Resolution RISK ASSESSMENT IN A HITECH WORLD Navigating your way through a successful healthcare data breach resolution can be a challenge. The key is being prepared. Experian ® can help. With a proven track record of servicing over 1,600 data breach incidents in virtually every industry, Experian has the experience and resources to help you steer the way to calm waters. Risk Defined Risk is a function of the likelihood of a given threatsource’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. 1 This is a concept that has long been wrestled with at many levels of business and government. Unfortunately, it is a hard concept to grasp…until it grasps you. It’s all too human to dismiss risk as an amorphous and intangible possibility, rather than a very real probability if ignored. This is the crossroad that we find ourselves at with HITECH and healthcare privacy and security today. Why Conduct a Risk Assessment If one asks themselves why conduct a HITECH Risk Assessment, today, the answers are surely more poignant than 5 or more years ago. Whether it is the increased fines of up to $1.5 million, or the fact that the State Attorney General can bring a civil action to your doorstep, or that the Office for Civil Rights (OCR) is now mandated to conduct audits, there is certainly a greater air of seriousness and more teeth behind the legislation. Conducting a HITECH Risk Assessment The risk assessment process varies according to an organization’s particular business needs and available skills. However, at its core, the most basic risk assessment process must answer the questions: What is at risk What can go wrong What is the probability that it would go wrong What are the consequences if it does go wrong December 2010 20 Risk assessment processes require the definition and inventory of systems and the business processes they support; an assessment of potential vulnerability and threat; a decision to act or not; evaluation of the effectiveness of the action; and communication about decisions made. Health Care Compliance Association • 888-580-8373 • www.hcca-info.org
Once these steps are completed, the process should be repeated on a regular basis to ensure that the decisions made and controls implemented remain effective in reducing risk and meeting business needs and goals. The Risk Assessment Phases include: Phase I: Inventory of Systems and Processes Phase II: Threat and Vulnerability Assessment Phase III: Evaluation of Controls Phase IV: Decision Phase V: Communication and Monitoring The Incident Preparedness Plan With the risks as high as they are in some cases, it is vital that healthcare organizations conduct Incident Preparedness Planning in conjunction with the Risk Assessment Plan. This plan should be re-evaluated on an annual basis. Here are some key considerations for what should be included in your organization’s Incident Preparedness Plan: • Create an Incident Response Team • Conduct Breach Preparedness Training • Engage an experienced Data Breach Service • Choose a provider that will be prepared to handle the following when a data breach occurs: 3 Handle notification of the breach 3 Conduct Fraud Resolution 3 Provide Call Center Support 3 Provide Reporting 3 Provide Credit Monitoring/Identity Protection Products and Solutions that include things such as: Internet Scan and Lost Wallet solutions that help consumers report, cancel and reissue items such as, credit, debit and medical and dental insurance cards To read the whitepaper in its entirety, please go to www.experian.com/dbhcca. Know the Facts Of the 385 organizations that experienced data breaches so far this year, 113 were in healthcare. 2 How will your company respond if it happens to you Know Who to Call Twenty-five percent of the breaches we have serviced this year alone have been in healthcare. With a proven track record of servicing over 1,600 data breach incidents, Experian has the experience and resources to help you steer the way to calm waters. READ MORE visit our website www.experian.com/dbhcca CALL 866 751 1323 for a FREE consultation RISK ASSESSMENT IN A HITECH WORLD Written in Collaboration By: 1: NIST Risk Management Guide for Information Systems Special Publication 800-30 2: Identity Theft Resource Center’s report for July 28, 2010 Health Care Compliance Association • 888-580-8373 • www.hcca-info.org December 2010 21
Page 1 and 2: Volume Twelve Number Twelve Decembe
Page 3 and 4: Publisher: Health Care Compliance A
Page 5 and 6: for the nurse with the bad back, th
Page 7 and 8: Mobility disabilities: A technical
Page 9 and 10: RACs are coming to Medicare Advanta
Page 11 and 12: an attestation statement for the pu
Page 13 and 14: Social Networking John Falcetano Ed
Page 15 and 16: SB: I am the first full-time, dedic
Page 17 and 18: If you have any questions that you
Page 19: I called Joe Murphy, and before I t
Page 23 and 24: of 2010 (PPACA) and the Health Care
Page 25 and 26: 100% Why is Compliance not a part o
Page 27 and 28: Routine meetings should be set up s
Page 29 and 30: COMPLIANCE 101 Stark and academic m
Page 31 and 32: total compensation of the referring
Page 33 and 34: teaching hospitals, medical schools
Page 35 and 36: providers who participate in the Me
Page 37 and 38: Health Care Compliance Association
Page 39 and 40: ecognized now by the federal govern
Page 41 and 42: Federal medical record requests: Se
Page 43 and 44: medication and services previously
Page 45 and 46: individual accountability provision
Page 47 and 48: created inappropriate financial inc
Page 49 and 50: New HCCA Members n Coquette O’Rou
Page 51 and 52: • Internal Audit • Litigation S

Steven Baruch - Health Care Compliance Association

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?