SlideShare a Scribd company logo

HITECH Act - Privacy & Security Solution

Omar Khawaja
Omar Khawaja

Verizon\'s solution for address HITECH Act\'s Privacy and Security requirements. All US organizations (healthcare providers, payers and partners / business associates) that store or process Protected Healthcare Information (PHI) must comply with this Federal law.

TechnologyBusiness
1 of 14
HITECH Act Privacy & Security Solution Omar Khawaja omar.khawaja@verizonbusiness.com GlobalProduct Management November, 2010
2 HITECH Act Overview = Health Information Technology for Economic and Clinical Health • Title 13 of ARRA • $20B • Objectives – Develop standards by 2010 for electronic exchange of healthcare information – Incentives to encourage doctors and hospitals to digitize – Save government $10B – Strengthen privacy and security to protect PHI • Expanded scope of HIPAA in HITECH 1. Mandates public notification of data breaches 2. Stricter compliance and accounting for ePHI requests 3. Responsibility for managing PHI at Business Associates Stiff enforcement, penalties: $50k to $1.5MM per violation
3 Background “Meaningful Use” • Criteria that needs to be met by healthcare providers to qualify for HITECH grants and incentives • CMS provides $18B in reimbursement incentives for “meaningful users” • Five Policy Priorities to establish Meaningful Use: 1. Improved Quality, Safety, and Efficiency 2. Engage Patients and Families 3. Improve Care Coordination 4. Improve Public Health 5. Ensure Privacy & Security of PHI • Care Goals • Set of Objectives & Measures for Each Two Year Window (2011, 2013, and 2015)
4 New Security Requirement 1. Breach Notification
5 New Security Requirement 2. ePHI Accounting
6 Background What is a Business Associate? • Person or entity that performs certain functions or activities that involve the use or disclosure of PHI • Work on behalf of, or provides services to, a Covered Entity (CE) • Member of the CE’s workforce is not a BA • May include: – Accountants – Consultants – Pharmacy – Payers (health insurance provider) – Labs (e.g.: LabCorp) – Software Vendors (EHR, PHR, etc.) – HIOs, RHIOs, HIEs • How many BAs? – United Healthcare Group: 3600+ BAs – Humana: 2400+ BAs – Medco: ~900 BAs
7 New Security Requirement 3. Business Associates
8 Verizon’s HITECH Solution How it all comes together… Prepare for Compliance • Compliance Strategy • Compliance Review • Readiness Assessment • Data Discovery Obtain Compliance • Remediation • Assessments for… • Company • Business Associates • Products Maintain Compliance SMP-H Consulting Services Managed Services Data Discovery HITRUST
9 Why Verizon? Indisputable Reputation Transfer effective best practices that have proven to work based on 1700+ security engagements delivered in 2008
10 Industry Recognition  Verizon is the leading global MSSP (Gartner, Forrester)  Verizon security consultants actively participate in 20+ security industry specific organizations  Verizon Security Consulting practice recognized as a Strong Performer (Forrester)  ICSA Labs is the industry standard for certifying security products Credentials  BSI Associate Consultant for ISO 27001 and BS 25999  PCI ASV, QSA and PA-QSA  CREST approved penetration tester  HITRUST Qualified CSF Assessor and member Leadership Roundtable Global Reach  500+ dedicated security consultants based in 23 countries that speak 24 languages  Serve 77% of Forbes Global 2000  7 sources of risk intelligence Experience  Investigated breaches involving 900+ million records  Verizon SMP is the oldest security certification program in the industry  Provide national identity solutions in over 25 countries  Provide services to 78% of Fortune 100  Delivered 1800+ security consulting engagements in 2009 Why Verizon? Leading Provider of Security Solutions
11 Finally… • The Federal Government is serious – Apr ‘03 – Feb ‘09: 42k HIPAA complaints  0 penalties – May ‘09: Kaiser fined $250k for privacy breach – Security of PHI is required for Meaningful Use • Lack of security is costly – Aug ‘08: LensCrafters settles class action suit for $20m – Jan ‘09: VA to pay $20m for privacy breach – Individuals (not just organizations) are on the hook • Why VzB? – VzB already has the services to address HITECH Privacy and Security – VzB has 2800+ healthcare customers – VzB has a dedicated Healthcare Solutions team – Transfer knowledge based on 1800+ security consulting engagements in just 2009
12 ADDITIONAL SLIDES For even more information…
13 HITECH Act Enforcement and Penalties • Criminal penalties can now be applied to individuals (not just companies) • New system of civil monetary penalties that incorporates concept of “willful neglect” • Establishment of methodology to distribute to harmed individuals a portion of civil penalties collected • State attorneys general can bring civil action on behalf of residents whose privacy has been violated • Requires HHS secretary to periodically audit CEs, BAs • OCR responsible for enforcing HIPAA Security and Privacy Rules
14 HITRUST-VzB Relationship

Recommended

Il naviglio pavese e il turismo: una "mission impossible"?
Il naviglio pavese e il turismo: una "mission impossible"? Il naviglio pavese e il turismo: una "mission impossible"?
Il naviglio pavese e il turismo: una "mission impossible"?
Emanuela Marchiafava
 
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
CORE Group
 
Port modeling
Port modelingPort modeling
Port modeling
Hossein J.Kamali
 
Pannolini Lavabili
Pannolini LavabiliPannolini Lavabili
Pannolini Lavabili
MomCamp
 
初めての仮想化
初めての仮想化初めての仮想化
初めての仮想化
Yoko Nakano
 
The saturday economist ten predictions for 2014
The saturday economist ten predictions for 2014 The saturday economist ten predictions for 2014
The saturday economist ten predictions for 2014
John Ashcroft
 
power point presentation for standard VIII
power point presentation for standard VIIIpower point presentation for standard VIII
power point presentation for standard VIII
tharamttc
 
Data table for falling steel
Data table for falling steelData table for falling steel
Data table for falling steel
Ciyyu Kudu
 

Recommended

Il naviglio pavese e il turismo: una "mission impossible"?
Il naviglio pavese e il turismo: una "mission impossible"? Il naviglio pavese e il turismo: una "mission impossible"?
Il naviglio pavese e il turismo: una "mission impossible"?
Emanuela Marchiafava
 
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
MCH Curricula: Strategies for Developing Materials_Hanold_5.11.11
CORE Group
 
Port modeling
Port modelingPort modeling
Port modeling
Hossein J.Kamali
 
Pannolini Lavabili
Pannolini LavabiliPannolini Lavabili
Pannolini Lavabili
MomCamp
 
初めての仮想化
初めての仮想化初めての仮想化
初めての仮想化
Yoko Nakano
 
The saturday economist ten predictions for 2014
The saturday economist ten predictions for 2014 The saturday economist ten predictions for 2014
The saturday economist ten predictions for 2014
John Ashcroft
 
power point presentation for standard VIII
power point presentation for standard VIIIpower point presentation for standard VIII
power point presentation for standard VIII
tharamttc
 
Data table for falling steel
Data table for falling steelData table for falling steel
Data table for falling steel
Ciyyu Kudu
 
Hitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
Hitguj Marathi Bestseller On Superliving Dr. Shriniwas KashalikarHitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
Hitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
kirtikar
 
China placi de circuit imprimat preţul de listă
China placi de circuit imprimat preţul de listăChina placi de circuit imprimat preţul de listă
China placi de circuit imprimat preţul de listă
grace cheng
 
Announcements for Sunday, May 2nd 2010
Announcements for Sunday, May 2nd 2010Announcements for Sunday, May 2nd 2010
Announcements for Sunday, May 2nd 2010
Maynard Pittendreigh
 
Tarea 1.1 tice
Tarea 1.1 ticeTarea 1.1 tice
Tarea 1.1 tice
alondra moreno
 
The OMDoc Import/Export of Hets
The OMDoc Import/Export of HetsThe OMDoc Import/Export of Hets
The OMDoc Import/Export of Hets
Ewaryst Schulz
 
Research in Emergency Medicine: Medical school aspect
Research in Emergency Medicine: Medical school aspectResearch in Emergency Medicine: Medical school aspect
Research in Emergency Medicine: Medical school aspect
Narenthorn EMS Center
 
Nice Hawaii
Nice HawaiiNice Hawaii
Nice Hawaii
Anjovison .
 
Funciones de cadena
Funciones de cadenaFunciones de cadena
Funciones de cadena
Alfredo Joya
 
Variations in glacier retreat in the American West, implications for water re...
Variations in glacier retreat in the American West, implications for water re...Variations in glacier retreat in the American West, implications for water re...
Variations in glacier retreat in the American West, implications for water re...
University of the Highlands and Islands
 
Power Up Your Communications Career
Power Up Your Communications CareerPower Up Your Communications Career
Power Up Your Communications Career
Tracy Imm
 
テーマ「最適化 その2」
テーマ「最適化 その2」テーマ「最適化 その2」
テーマ「最適化 その2」
technocat
 
story of leonard
story of leonardstory of leonard
story of leonard
sjunielle
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
 

More Related Content

Viewers also liked

Hitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
Hitguj Marathi Bestseller On Superliving Dr. Shriniwas KashalikarHitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
Hitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
kirtikar
 
China placi de circuit imprimat preţul de listă
China placi de circuit imprimat preţul de listăChina placi de circuit imprimat preţul de listă
China placi de circuit imprimat preţul de listă
grace cheng
 
story of leonard
story of leonardstory of leonard
story of leonard
sjunielle
 

Viewers also liked (12)

Hitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
Hitguj Marathi Bestseller On Superliving Dr. Shriniwas KashalikarHitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
Hitguj Marathi Bestseller On Superliving Dr. Shriniwas Kashalikar
 
China placi de circuit imprimat preţul de listă
China placi de circuit imprimat preţul de listăChina placi de circuit imprimat preţul de listă
China placi de circuit imprimat preţul de listă
 
Announcements for Sunday, May 2nd 2010
Announcements for Sunday, May 2nd 2010Announcements for Sunday, May 2nd 2010
Announcements for Sunday, May 2nd 2010
 
Tarea 1.1 tice
Tarea 1.1 ticeTarea 1.1 tice
Tarea 1.1 tice
 
The OMDoc Import/Export of Hets
The OMDoc Import/Export of HetsThe OMDoc Import/Export of Hets
The OMDoc Import/Export of Hets
 
Research in Emergency Medicine: Medical school aspect
Research in Emergency Medicine: Medical school aspectResearch in Emergency Medicine: Medical school aspect
Research in Emergency Medicine: Medical school aspect
 
Nice Hawaii
Nice HawaiiNice Hawaii
Nice Hawaii
 
Funciones de cadena
Funciones de cadenaFunciones de cadena
Funciones de cadena
 
Variations in glacier retreat in the American West, implications for water re...
Variations in glacier retreat in the American West, implications for water re...Variations in glacier retreat in the American West, implications for water re...
Variations in glacier retreat in the American West, implications for water re...
 
Power Up Your Communications Career
Power Up Your Communications CareerPower Up Your Communications Career
Power Up Your Communications Career
 
テーマ「最適化 その2」
テーマ「最適化 その2」テーマ「最適化 その2」
テーマ「最適化 その2」
 
story of leonard
story of leonardstory of leonard
story of leonard
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

HITECH Act - Privacy & Security Solution

  • 1. HITECH Act Privacy & Security Solution Omar Khawaja omar.khawaja@verizonbusiness.com GlobalProduct Management November, 2010
  • 2. 2 HITECH Act Overview = Health Information Technology for Economic and Clinical Health • Title 13 of ARRA • $20B • Objectives – Develop standards by 2010 for electronic exchange of healthcare information – Incentives to encourage doctors and hospitals to digitize – Save government $10B – Strengthen privacy and security to protect PHI • Expanded scope of HIPAA in HITECH 1. Mandates public notification of data breaches 2. Stricter compliance and accounting for ePHI requests 3. Responsibility for managing PHI at Business Associates Stiff enforcement, penalties: $50k to $1.5MM per violation
  • 3. 3 Background “Meaningful Use” • Criteria that needs to be met by healthcare providers to qualify for HITECH grants and incentives • CMS provides $18B in reimbursement incentives for “meaningful users” • Five Policy Priorities to establish Meaningful Use: 1. Improved Quality, Safety, and Efficiency 2. Engage Patients and Families 3. Improve Care Coordination 4. Improve Public Health 5. Ensure Privacy & Security of PHI • Care Goals • Set of Objectives & Measures for Each Two Year Window (2011, 2013, and 2015)
  • 4. 4 New Security Requirement 1. Breach Notification
  • 6. 6 Background What is a Business Associate? • Person or entity that performs certain functions or activities that involve the use or disclosure of PHI • Work on behalf of, or provides services to, a Covered Entity (CE) • Member of the CE’s workforce is not a BA • May include: – Accountants – Consultants – Pharmacy – Payers (health insurance provider) – Labs (e.g.: LabCorp) – Software Vendors (EHR, PHR, etc.) – HIOs, RHIOs, HIEs • How many BAs? – United Healthcare Group: 3600+ BAs – Humana: 2400+ BAs – Medco: ~900 BAs
  • 7. 7 New Security Requirement 3. Business Associates
  • 8. 8 Verizon’s HITECH Solution How it all comes together… Prepare for Compliance • Compliance Strategy • Compliance Review • Readiness Assessment • Data Discovery Obtain Compliance • Remediation • Assessments for… • Company • Business Associates • Products Maintain Compliance SMP-H Consulting Services Managed Services Data Discovery HITRUST
  • 9. 9 Why Verizon? Indisputable Reputation Transfer effective best practices that have proven to work based on 1700+ security engagements delivered in 2008
  • 10. 10 Industry Recognition  Verizon is the leading global MSSP (Gartner, Forrester)  Verizon security consultants actively participate in 20+ security industry specific organizations  Verizon Security Consulting practice recognized as a Strong Performer (Forrester)  ICSA Labs is the industry standard for certifying security products Credentials  BSI Associate Consultant for ISO 27001 and BS 25999  PCI ASV, QSA and PA-QSA  CREST approved penetration tester  HITRUST Qualified CSF Assessor and member Leadership Roundtable Global Reach  500+ dedicated security consultants based in 23 countries that speak 24 languages  Serve 77% of Forbes Global 2000  7 sources of risk intelligence Experience  Investigated breaches involving 900+ million records  Verizon SMP is the oldest security certification program in the industry  Provide national identity solutions in over 25 countries  Provide services to 78% of Fortune 100  Delivered 1800+ security consulting engagements in 2009 Why Verizon? Leading Provider of Security Solutions
  • 11. 11 Finally… • The Federal Government is serious – Apr ‘03 – Feb ‘09: 42k HIPAA complaints  0 penalties – May ‘09: Kaiser fined $250k for privacy breach – Security of PHI is required for Meaningful Use • Lack of security is costly – Aug ‘08: LensCrafters settles class action suit for $20m – Jan ‘09: VA to pay $20m for privacy breach – Individuals (not just organizations) are on the hook • Why VzB? – VzB already has the services to address HITECH Privacy and Security – VzB has 2800+ healthcare customers – VzB has a dedicated Healthcare Solutions team – Transfer knowledge based on 1800+ security consulting engagements in just 2009
  • 12. 12 ADDITIONAL SLIDES For even more information…
  • 13. 13 HITECH Act Enforcement and Penalties • Criminal penalties can now be applied to individuals (not just companies) • New system of civil monetary penalties that incorporates concept of “willful neglect” • Establishment of methodology to distribute to harmed individuals a portion of civil penalties collected • State attorneys general can bring civil action on behalf of residents whose privacy has been violated • Requires HHS secretary to periodically audit CEs, BAs • OCR responsible for enforcing HIPAA Security and Privacy Rules

Editor's Notes

  1. No max penalty Willful neglect Must authorize and define the use of PHI in contracts w/ partners 10% reduction in Medicare reimbursements if organization is not HIPAA compliant Subtitle D of HITECH is Privacy
  2. Dis-incentives in latter years of HITECH for non-Meaningful Users www.hipaasurvivalguide.com
  3. [WSJ, 02/02/09] [ITRC] Notices must be sent within 60 days Over-rides FTC Red Flags
  4. administrative, physical and technical BA’s are now within the jurisdiction of HHS Goes into effect on 02/18/2010 Reduces the risk on CEs (by shifting some of it to BAs)
  5. Other = HITECH / HIPAA Compliant Smart Centers, Secure Messaging, etc.
  6. For the latest version, please contact Omar Khawaja Verizon Business manages 260,000-plus security, network and hosting devices across more than 4,200 customer networks in 142 countries and territories. Privacy Rights has tracked only 263 million breached records from Jan ‘05 to July ’09 (http://www.privacyrights.org/ar/ChronDataBreaches.htm#Total) Threat & Vulnerability Intel Track and analyze new software vulnerabilities and related attacks Underground Intel Watch discussions, code sharing, planning,... Historically BBS, then Usenet, now more IRC and Cons... ICSA Labs Intel Security product testing and security consortia operations. 400+ products Forensics Intel Data and Intel from forensics investigations (200+ cases per year). MSS Intel Data from IDS, FW, IPS, Applications… Management & Monitoring SOC operations Net Intel Data from backbone. Sensors on more than 1 Million VzB addresses. Netflow Honey nets, Honey Pots… Studies & Surveys VZB Studies, surveys (10+/yr), Others published data to drive Risk Models, equations & methodology
  7. OCR = Office of Civil Rights HHS = Health and Human Services State attorneys general can bring civil action in federal court on behalf of residents whose privacy has been violated (Independent of ARRA) HHS assigned to the OCR responsibility for enforcing HIPAA Security Rule (in addition to Privacy Rule)
  8. Dec09