Agenda
• Privacy Excellence Awards – Overview – Timeliness – Industry News
• Some Words from Our Judges • 2015 Winning Organizations – Going over and above for Patient Privacy
– Audit Readiness – Technical Excellence – Ethics and Integrity – Awareness and Education
• Questions
For Our Patients’ Sake
We envision a healthcare industry in which patients confidently share their most
sensitive medical details to receive the best care possible without regard to privacy
concerns.
Today’s Speakers
Pat Henrikson Privacy Senior Director/Chief Privacy Officer Banner Health
Becky Robertson Privacy and Information Security Officer Cookeville Regional Medical Center Center
Karen Sunderland Senior Auditor, Electronic Information Privacy Yale New Haven Health System
Mark Ford Principal, Cyber Risk Services Deloitte & Touche LLP
Laura Rosas Privacy & Security Expert Former Senior Advisor, ONC
Brian Stone Manager, Customer Success FairWarning, Inc.
2015 Privacy Excellence Awards
• A patient privacy hero embodies: – Courage – Innovation – Dedication
• Honors those who are building goodwill and trust with their patients every day, by investing in and living a culture of patient privacy
• Judged by a panel of peers & industry experts
• Ultimate benchmark for patient privacy monitoring
2015 Privacy Excellence Awards: Time is Now
• In the News: – OCR Launches Phase 2 HIPAA Audit
Program with Pre-Audit Screening Surveys
– OIG Teams Up With Private Sector to Provide Guidance to Health Care Governing Boards
– Healthcare Fraud Initiatives in 2015
A Few Words from Our Judges
• Importance of Ethics & Integrity
• Why Privacy and Security Matters
• Judging: – Measuring Effectiveness
– Additional Insights
The Path to Excellence
2015 Privacy Excellence Award Winners
• Overall Achievement Award: Cookeville Regional Medical Center
• Visionary of the Year – Large: Banner Health
• Visionary of the Year – Medium-Small: Yale-New Haven Health System
• Best Healthcare Provider – Large: Banner Health
• Best Healthcare Provider – Medium-Small: Cookeville Regional Medical Center
Yale New Haven Health System – Audit Readiness
To have a legally defensible position with regards to patient privacy • Program Governance at the VP Level with direct
report to the President and BOG as necessary
• Current Security Risk Assessment
• Annual privacy and security plan outlining data sources being monitored
• Enforced policies and ad-hoc/proactive audits performed on a quarterly basis
Yale New Haven Health System – Audit Readiness
• Written policies around “Acceptable Use/Access” of ePHI
• Sanctions policy specifically addressing privacy violations
• Process and documentation for identifying priorities for monitoring
• Privacy/Security Audits:
– Impressive training and awareness efforts cited
– Timely turn-around time from creation of alert to completion of investigation
Banner Health – Technical Excellence
Establishing a technical and procedural environment to be safely accessed by authorized parties
• BH HIPAA Steering Committee – Provides oversight governance for privacy - includes senior
level corporate leaders
• BH HIPAA Privacy and Security Incident Response Plan – Provides direction and flow charts and includes six principal
phases involved when responding to a breach of PHI
• Effectiveness Reports – Benchmark data used to increase the adoption of our
monitoring program
Banner Health – Technical Excellence
• Authoritative User data integrated
– Conducting advanced monitoring
– Filtering false positives
• Close collaboration between Privacy and IT
• Scoring System Ranks Data Sources
• Data backup strategy
– Redundancy & layers of access built into all servers
Cookeville Regional Medical Center - Ethics & Integrity
Organizational Ethical Integrity is a measure of how truly an organization demonstrates its values through its actions.
• Signed User agreement
• Safeguards and processes in place: – Prevent misuse of patient information or
associated data
– Ensure a uniformed investigation and enforcement of incidents discovered through patient privacy monitoring
Cookeville Regional Medical Center - Ethics & Integrity
• Reporting potential healthcare fraud or questionable practices – “Do the Right Thing” – no retaliation policy
– Employee Orientation: Heavy Compliance focus • Mandatory for all employees, including
leadership, and Board of Directors members
– Anonymous Privacy Hotline and Compliance Hotline
Awareness & Education
• Emphasis on educating patients and training staff to achieve a new standard of awareness and efficiency in patient privacy
• Thinking outside the box with programs and tools that create a culture of patient privacy
Awareness & Education
Cookeville Regional Medical Center • Privacy "Rounding"
– Privacy Officer, (with help from the Privacy Committee members), does floor rounds and visits our many specialty group physicians’ offices
• Avatar representative, “Privacy Polly”
Privacy Polly says………
Awareness & Education
Banner Health • Live the Mission:
– “We exist to make a difference in people’s lives through excellent patient care every day”
• Each Banner facility has an appointed HIPAA Facility Contact – Provides education/updates every other month to group of about 250
• Characters created to assist in training Banner’s workforce – Used in workforce orientation materials and training, e-mail communications,
and website
Awareness & Education
• HIPAA “POPPS” Cart Plan:
Protecting Our Patients’ Privacy & Security – A mobile cart utilized to visit clinical units in an
effort to enhance HIPAA information privacy and security knowledge and allow users to identify with OIS & OPCC personnel in an non-threatening environment
• Clinical Workstations – Screen Savers
Yale New Haven Health System
Outstanding Contributions to Privacy
• CaroMont Health – Gastonia, NC
• Maury Regional Medical Center – Columbia, TN
• Susquehanna Health System – Williamsport, PA
• Terrebonne General Medical Center – Houma, LA
• Wood County Hospital – Bowling Green, OH
2016 Privacy Excellence Awards
Late Fall 2015 February 2016
Apr 17 – 20, 2016
Application Submission Begins
Applications Due Award Celebration at 2016 HCCA Compliance
Institute
Questions
• Please submit via the WebEx Q&A or Chat windows to the right side of your screen.
For more information, please visit:
www.PrivacyExcellenceAwards.com
Upcoming Webinar
OIG Security Audits: What You Need to Know Date: July 23, 2015 Time: 2:00 PM Eastern • A panel of expert speakers from Ogden Murphy
Wallace law firm will provide pertinent information on how to respond to the increasing pressure coming from the OIG
Pre-register for this Webinar Now
Thank you for joining us today
Pat Henrikson Privacy Senior Director/Chief Privacy Officer Banner Health
Becky Robertson Privacy and Information Security Officer Cookeville Regional Medical Center Center
Karen Sunderland Senior Auditor, Electronic Information Privacy Yale New Haven Health System
Mark Ford Principal, Cyber Risk Services Deloitte & Touche LLP
Laura Rosas Privacy & Security Expert Former Senior Advisor, ONC
Brian Stone Manager, Customer Success FairWarning, Inc.