![Page 1: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/1.jpg)
What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in
2015 and Beyond
![Page 2: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/2.jpg)
![Page 3: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/3.jpg)
![Page 4: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/4.jpg)
![Page 5: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/5.jpg)
2014 Data breaches
Settlements & Resolution Agreements Approximately $5.5 million collected
Greatest number of HIPAA settlements
HIPAA Audits
Leadership changes
Complaints, compliance reviews & investigations
![Page 6: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/6.jpg)
“OCR’s strong enforcement of the HIPAA privacy, security, and breach
notification rules, remains very much on track.”
![Page 7: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/7.jpg)
2015
HIPAA Audits
Enforcement
Complaints, compliance reviews & investigations
![Page 8: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/8.jpg)
HIPAA Audits
Policies & procedures – daily activities
Staff knowledge & training
Cybersecurity – Risk assessments, breach notification & access controls
Privacy notice practices
Audit protocol
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/protocol.html
![Page 9: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/9.jpg)
Enforcement
6,000+ open investigations
Increased focus on negotiating settlements
Various methods for enforcement
![Page 10: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/10.jpg)
Complaints & Investigations
Complaints volume increases each year
Record number expected for 2015
Inconsistency between regional offices
Request policies & procedures (mini audits)
Culture of compliance
![Page 11: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/11.jpg)
How to Prepare
1. Cybersecurity
2. Business Associate Agreements
![Page 12: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/12.jpg)
Cybersecurity Gap analysis
Staff training
Inventory of systems & devices
Regular review of policies & procedures
![Page 13: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/13.jpg)
Business Associate Agreements HITECH Act
Increased negotiation surrounding BAAs Indemnity
Which entity is responsible for breach notification & responding to patient requests
Subcontractor BAAs
Termination rights for material breach
![Page 14: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/14.jpg)
Takeaways Audit first
Review and negotiate BAAs
Dust off Policies & Procedures Addressable Elements
Compliance Culture
![Page 15: What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond](https://reader031.vdocument.in/reader031/viewer/2022020111/56649eba5503460f94bc1be3/html5/thumbnails/15.jpg)
Questions
?