Ready For a HIPAA Security Audit?
The SECURITY & PRIVACY NEWSLETTER is published monthly in support of the healthcare industry’s efforts to work together towards compliance in security and privacy. Subscribers total over 3,000.
In this issue:
1. Monthly HIPAA Compliance Tip: Ready For a HIPAA Security Audit?
2. AT&T to Deliver Country’s First Statewide E-Health Exchange Zone
3. Day in the Life of a Patient Seminar: March 21, 2008, Chicago
4. Disaster Readiness/Incident Management Product Endorsed by the AHA
5. Cisco Web cast: Hospital Visibility Solutions with RFID
6. LiveProcess Helps One of Nation’s Busiest Trauma Centers ‘Make it Happen
7. Health Care Compliance Association (HCCA) 12th Annual Compliance Institute April 13-16, 2008; New Orleans
8. Cisco Case Study: Community Hospital Expands Wirelessly
9. Web cast: Video Communications…The Total Solution Payoff for Greater Return
10. Sixth Collaborative Communications Summit: Transforming Healthcare through Health Information Technology
1. Monthly HIPAA Compliance Tip: Ready For a HIPAA Security Audit?
Brought to you by: Ali Pabrai, CISSP, CSCS, HIPAA Academy
GovernmentHealthIT reported on January 16, 2008 at a workshop on HIPAA Security, that CMS announced it will begin audits by reviewing 10 to 20 hospitals in the next nine months for compliance with the HIPAA Security Rule. Is your organization ready for a HIPAA Security audit? Not just compliance requirements but also rising threats to the information infrastructure are resulting in organizations’ conducting vulnerability assessment to establish the state of enterprise security. Such assessment typically includes external, internal, and wireless penetration testing.
For example, the HIPAA Security Rule’s Risk Analysis implementation specification is a requirement that all covered entities must meet. This requires organizations’ to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (EPHI) held by the entity.
The penetration testing typically includes external, internal as well as a detailed assessment of wireless systems. The testing typically includes, and is not limited to, the following types of systems such as the Internet screening router(s), switch(es), firewalls, critical servers such as those in the data center as well as email, Web, and DNS.
The penetration team will need to devise a plan of attack before the vulnerability testing begins on the network. Once the testing begins, you will scan the active devices for vulnerabilities. This typically includes all TCP and UDP ports. The next step is a manual validation of identified findings. The wireless assessment includes identification of rogue devices, open/vulnerability access points and the state of your wireless LAN security.
Your team will need to determine the scope and work and identify the following information for the scans:
You may visit the industry’s most complete compliance portal at www.ecfirst.com for access to all major information security regulations. To learn what remediation actions are bring prioritized by other hospitals and health systems in the area of compliance and information security, schedule Ali Pabrai, CISSP, CSCS at your site to discuss with your executive management team. Contact Nazeela Shokrai at Nazeela.Shokrai@ecfirst.com to bring Ali Pabrai to your site.
About HIPAA Academy: AHA Solutions, Inc., the endorsement facility of the American Hospital Association (AHA) awarded the AHA endorsement to ecfirst.com, Inc.’s (ecfirst) HIPAA Academy as a resource for training to help hospitals comply with the Health Insurance Portability and Accountability Act (HIPAA) security regulations.
HIPAA Academy HIPAA Compliance Training Solutions have the exclusive endorsement of the AHA.
2. AT&T To Deliver Country’s First Statewide E-Health Exchange Zone
Leveraging technology to enhance the health care experience for patients and practitioners alike, AT&T announced a major initiative with the State of Tennessee to deliver the country’s first statewide health information exchange. The Tennessee Information Infrastructure eHealth Exchange Zone is being developed to transform how health information is accessed and delivered by the Tennessee care-giving community and, ultimately, to enable increased patient safety, reduced spending and improved quality of care for the state’s 6 million residents.
AT&T is actively engaged with the state and health care providers statewide in building the eHealth Exchange Zone. Plans call for eHealth applications to be phased in as participation by health care providers grows.
To read the full press release, please email technologysolutions@aha.org
AT&T voice and data networking products have the exclusive endorsement of the AHA.
3. Day in the Life of a Patient Seminar
The dynamics of today’s healthcare market require innovative technology solutions at the point of care that drive efficiency, improve patient safety and enhance quality of care. This seminar follows a patient through a day within a healthcare setting to examine how to best deliver point of care information technology solutions that fundamentally improve their experience.
When and Where (updated!)
Friday, March 21, 2008 7:30 am - 12:00 pm
ESPN Zone
43 E. Ohio Street, Chicago, IL 60611
Who should attend?
Senior clinical and IT leaders considering bedside applications like CPOE, bedside charting or med dispensing and e-prescribing.
Those interested in adding connective medical devices to hospital infrastructure to facilitate patient monitoring and integrating with EMR.
Those considering enhancing nurse call and emergency communications to improve efficiencies and quality of care.
Click here for more information and to register.
Burwood strategic wireless consulting has the exclusive endorsement of the AHA.
4. LiveProcess Disaster Readiness/Incident Management Product Endorsed by the AHA
AHA Solutions, Inc., a subsidiary of the American Hospital Association (AHA), awarded LiveProcess an exclusive AHA endorsement for its disaster readiness and incident command solutions for hospitals. LiveProcess is a centralized web-based platform that helps a hospital’s emergency coordinator manage many aspects of a hospital’s disaster preparedness plans and responses.
LiveProcess’ web-based platform is used by hundreds of hospitals across the country, and has been proven in the field during Joint Commission Surveys, facility and community-based exercises and actual events requiring activation of the Hospital Command Center (HCC). LiveProcess has helped healthcare executives standardize their emergency management program across single and multiple facilities, providing a new level of visibility, incident command, risk management and compliance.
To read the full press release, click here.
5. Cisco Web cast: Hospital Visibility Solutions with RFID
Date: March 25, 2008
Time: 2:00 PM Eastern/11:00 AM Pacific
With a continued focus on patient care and operational performance, RFID technology is becoming a key topic among hospital executives. In order to take full advantage of the power of RFID solutions in your facility, you will need to learn about the benefits of the technology, explore potential solutions and identify the right technology partners to help make it happen.
This web cast will allow you to:
- Discover the benefits and ROI for healthcare RFID solutions for your organization
- Learn about a number of available solutions for hospitals, including:
-
- Asset Management
- Equipment Maintenance
- Temperature Monitoring
- Workflow & Resource Management
- Patient & Staff Safety
- Identify the best technologies and the right vendors to meet your facility’s needs
Click here for more information and to register.
6. LiveProcess Helps One of Nation’s Busiest Trauma Centers ‘Make it Happen’
“Several days before Hurricane Katrina slammed into the Gulf Coast in August 2005, members of the Grady Health System emergency management team and other regional coordinating hospitals of the state were in a hotel conference room in Macon to work with LiveProcess, a company that has developed the first standardized solution for healthcare disaster and emergency readiness and reaction.”
To get a copy of the case study that explains how disaster readiness tools helped Grady Health System, email technologysolutions@aha.org
LiveProcess disaster readiness/incident management solutions have the exclusive endorsement of the AHA.
7. Health Care Compliance Association (HCCA) 12th Annual Compliance Institute April 13-16, 2008; New Orleans
Join your colleagues in New Orleans for HCCA’s 12th Annual Compliance Institute—the single most comprehensive compliance conference designed specifically to meet the needs of today’s health care compliance professional. The 2008 Institute will be held at the Hilton New Orleans Riverside Hotel, New Orleans, LA
To register or for the most updated information, visit www.compliance-institute.org
If you are interested in attending a networking dinner sponsored by AHA Solutions, please email technologysolutions@aha.org
8. Cisco Case Study: Community Hospital Expands Wirelessly
“Greenwich Hospital is a 174-bed healthcare center serving the communities of Fairfield County, Connecticut and Westchester County, New York. A member of Yale New-Haven Health Systems and a major academic affiliate of the Yale University School of Medicine, the hospital is both an important teaching institution and a progressive provider of medical care.”
“In 1992, the administration staff launched a US$60 million campaign to expand and update the hospital, and now the campus includes several state-of-the-art buildings. Although they have helped to ensure superior care for patients, the improvements have posed a challenge for the hospital’s information technology staff.”
“We have a very spread-out facility-several buildings that are two to five miles away from each other,” says Nassar Nizami, chief security officer at the hospital. Until recently, the hospital was operating a wireless LAN for its medical and administrative staff. But that WLAN was composed of standalone, individually-managed access points (APs). If someone reported a problem, the staff would have to physically find and fix the faulty AP. To address these concerns, last year the hospital decided to upgrade its WLAN with a system that could be managed and controlled centrally.”
To get a copy of the case study and learn how the business challenges were resolved, email technologysolutions@aha.org
Cisco wireless networking products have the exclusive endorsement of the AHA.
9. Web cast: Video Communications…The Total Solution Payoff for Greater Return
Date: Tuesday, March 18th, 2008
Time: 2pm EST / 11am PST
As companies deploy video communications technologies that can be leveraged by everyone in the enterprise, their focus should be implementing a total solution that enables management, network control and firewall traversal. Once a platform like this is in place, companies can layer on the specific needs of their employees, including multi-point conferencing; gateways for seamless voice and video connectivity between IP and ISDN networks; archiving and recording; and any mix of endpoints they require in seeing a greater ROI. A total-solution approach will deliver this return while protecting your investment: Companies can add new technologies or capabilities, easily and transparently, at any time, and with no disruption to the end user experience.
TANDBERG videoconferencing solutions have the exclusive endorsement of the AHA.
10. Sixth Collaborative Communications Summit: Transforming Healthcare through Health Information Technology
Date: May 5-7, 2008
Location: Mandarin Oriental, Washington DC
The Collaborative Communications Summit: “Transforming Healthcare through Health Information Technology” is designed to help top-level executives, legislators, physicians, regulators and technologists come to grips with the swirling forces of technology change, policy development and changing business models . Attendees of the CCS HIT are industry leaders and senior executives from the healthcare community focused on HIT with the following job titles: CEO, CIO, CMO, CMIO, CNO, COO, CSIO, SVP, VP and Director.
The goal of the CCS HIT is to provide an intimate, high-level forum that facilitates open avenues of communication amongst executives and stakeholders in healthcare fostering the growth and adoption of HIT resulting in safer, more efficient and cost effective healthcare. Attendees will walk away with timely and actionable information that can be immediately implemented in their respective organizations.
To inquire about participation, please contact:
Chad Reott
330.294.0094
Chad@michaelbass.com
For Sponsorship Inquiries at the Spring 2008 CCS HIT Please CLICK HERE
To See Sponsors of the Fall 2007 CCS HIT CLICK HERE
