the evolution, development & training of hipaa policies and procedures in a decentralized health...
TRANSCRIPT
![Page 1: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/1.jpg)
The Evolution, Development & Training of
HIPAA Policies and Procedures in a Decentralized Health Care
Environment
Presented By:Sharon A. Budman , M.S. Ed., B.B.A.
Ishwar Ramsingh, MBA, CISSPThe Tenth Annual HIPAA Summit
April 8, 2005
![Page 2: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/2.jpg)
Overview
• Understanding the puzzle• Following the Vision• Defining the terms• Determining the strategy• Enlisting the troops• Defining the process• Implementing the final product• Rules to Live By
![Page 3: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/3.jpg)
Accomplishing the Goal
Vision
Strategy
PeopleProcess
![Page 4: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/4.jpg)
Vision
• Develop HIPAA related Privacy and Security policies and procedures as required by the Regulation.
• Implement policies and procedures appropriate for your environment.
![Page 5: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/5.jpg)
Strategy• Understand your structure
– Decentralized environment
• Identify Executive Sponsor to support the Vision
• Identify Key Stakeholders• Define the scope
– To which units will these policies apply?• Especially important in a Hybrid environment such
as most academic medical centers.
![Page 6: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/6.jpg)
Strategy in Motion
• Executive leadership – Chief Privacy/Security Officer
• Key Stakeholders– HIPAA Steering Committee
• Composed of Sr. Leadership, Information Systems Directors, Physical Security Director, Office of General Counsel, Office of HIPAA Privacy and Security, Ethics, Human Resources
![Page 7: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/7.jpg)
Decentralized Challenges• Security Related Policies are especially a
challenge in a multi-departmentalized IT structure
• Our approach encompassed developing over-arching policies and procedures as an umbrella/blanket to protect the covered entity– This is a global approach yet not intricately
detailed.– It creates a minimum necessary type
standard with which all areas must comply.
![Page 8: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/8.jpg)
Policy
•A definite course of action selected from alternatives to guide and determine present and future decisions.
•A high level overall plan embracing the general goals and acceptable procedures of a governing body.
DEFINITION
Source:Webster’s Ninth Collegiate Dictionary, 1988
![Page 9: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/9.jpg)
DEFINITION
•A particular way of accomplishing something
•A series of steps followed in a regular definite order
•An established way of doing things.
Source:Webster’s Ninth Collegiate Dictionary, 1988
Procedure
![Page 10: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/10.jpg)
Benefits
• Improves Organizational Efficiencies
• Improves Operational Functioning
• Define appropriate behavior
• Communicate consensus and standardization
• Provide the foundation and a measurement tool for Human Resource action in response to inappropriate behavior.
![Page 11: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/11.jpg)
“Understanding the environment, is key to identifying appropriate and effective policies and procedures.”
![Page 12: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/12.jpg)
Policy Requirements
• Determine why a policy is needed
• Define what is covered by the policy
• Develop a standard template
• Identify contacts and responsibilities
• Determine how violations will be handled
![Page 13: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/13.jpg)
Perform an inventory of
current Policies & Procedures
The Development Process
Perform Gap/Risk Analysis to
determine areas deficient in P&P’s
Create a list of areas requiring
P&P’s
Design a standardized P & P
format/template
Organize & categorize policy needs by Subject
Utilize organizational
sources for Policy Development
Organize P & P’s into a logical
workflow
Write, Edit Review, & Compile all
policy drafts into standard format for
presentation.
Obtain consensus of the HIPAA
Steering Committee
Revise & make any necessary
changes
Present & Obtain leadership approval
Roll out P & P manual and
provide training
Monitor & Update all P & P’s as
needed
![Page 14: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/14.jpg)
“Begin with the end in mind.”
![Page 15: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/15.jpg)
Policy & Procedure Tips
• Policies must be implementable• Policies must be enforceable• Policies must be concise• Policies must be easy to understand• Policies assist in balancing compliance
with productivity.• Policies & Procedures, especially related
to the HIPAA Security Rule, should be tailored to the specific systems and operational areas.
![Page 16: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/16.jpg)
People
• It is imperative to obtain input and solicit consensus of many areas within the organization when developing effective Policies and Procedures.
• Enlist the assistance of your HIPAA contacts throughout the Organization
• Train the contacts on the Policies and Procedures, their evolution and importance as they will carry the message to the masses.
![Page 17: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/17.jpg)
People and Politics
• Remember: – People view policies as an obstacle to
productivity because they serve as a tool to control behavior.
– People are naturally resistant to control.– People are sometimes fearful of new
policies.– Policies affect everyone no matter their role
in the organization.
![Page 18: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/18.jpg)
Living and Learning
• Garner leadership support• Encourage Buy-in from Key
Stakeholders• Use HIPAA for Continuous Process
Improvement• Look at HIPAA in a positive realm and
use it as a catalyst to effectuate change
![Page 19: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/19.jpg)
Rules To Live By
• Institute policies/procedures with which your organization can comply.
• Policies & Procedures must be consistent with your business processes.
• Enforce accountability or benefits will be lost.
![Page 20: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/20.jpg)
“Effective and appropriate policies and procedures are essential to achieving
organizational efficiencies and protecting your organization’s assets,
information, and reputation.”
![Page 21: The Evolution, Development & Training of HIPAA Policies and Procedures in a Decentralized Health Care Environment Presented By: Sharon A. Budman, M.S](https://reader035.vdocuments.mx/reader035/viewer/2022070413/5697bfaa1a28abf838c9a6e6/html5/thumbnails/21.jpg)
Questions????
Contact information:
Ishwar [email protected]
Information Security AdministratorUniversity of Miami Office of HIPAA
Privacy & Security305-243-5000
Sharon A. [email protected]
Director, HIPAA Privacy & SecurityUniversity of Miami Office of HIPAA
Privacy & Security305-243-5000