WWW.THESIS.DISLIB.INFO
FREE ELECTRONIC LIBRARY - Online materials, documents
 
<< HOME
CONTACTS



Pages:     | 1 |   ...   | 4 | 5 ||

«CALL TO ORDER Ms. Emily A. Youssouf Adoption of Minutes December 4, 2014 Ms. Emily A. Youssouf • INFORMATION ITEMS Audits Update Mr. Chris A. ...»

-- [ Page 6 ] --

 Provide a written schedule that will specify date(s), over a 12-month period, by which all inventoried HHC systems and applications that access, house or transmit EPHI will have been assessed as to the presence of the required implementation standards set forth in the Security Rule;

 Provide a written schedule that will specify date(s), over a 12-month period, by which all systems and applications that access, house or transmit EPHI will have been assessed as to the presence of each addressable implementation standard set forth in the Security Rule or, in the alternative, documentation as to the reason(s) why the addressable specification was not implemented;

 Immediately begin a risk analysis of the top 25 high-risk applications (based on criticality, amount of EPHI, impact etc.);

 Inventory all remediation recommendations resulting from any completed risk analysis and document that the required remediation was completed or, if not completed, provide a date by which remediation was expected;

–  –  –

 Use a recommended best practice guide when performing a risk analysis to enhance the likelihood of compliance with the Security Rule. Such guides include, but are not limited to, the National Institute of Standards and Technology (NIST) Introductory Resource for implementing the Security Rule15 and HIPAA Guidance on Risk Analysis Requirements under the HIPAA Security Rule.16

Follow up

The findings of the OCC provided above have been communicated to ETIS leadership.

At this time, OCC is awaiting management’s response to this report, which will be provided by Bert Robles, HHC Senior Vice President, Information Services/Corporate Chief Information Officer.

An Introductory Resource for Implementing the Health Insurance Portability and Accountability Act Security Rule http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf; also see NIST Guide for Technology Systems at http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf; also see Department of Health and Human Services. "Security Rule Guidance Material." at atwww.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html.;

Department of Health and Human Services. "Standards for Privacy of Individually Identifiable Health Information;

Final Rule." Federal Register 67, no. 157 (Aug. 14, 2002). at http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=2002_register&docid=02-20554-filed.pdf. and National Institute of Standards and Technology. "An Introduction to Computer Security: The NIST Handbook."

Special Publication 800-12. October 1995. Available online at http://csrc.nist.gov/publications/nistpubs/800handbook.pdf.

National Institute of Standards and Technology. "An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule." NIST Special Publication 800-66. October

2008. at http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf.

AUDIT COMMITTEE OF THE

HHC BOARD OF DIRECTORS

–  –  –

Management’s response and remedial steps taken will be presented to the Audit Committee when it next convenes in April 2015.

IV. Compliance Reporting Index for the Fourth Quarter of Calendar Year 2014 (“CY2014”) Summary of Reports

1) For the fourth quarter CY2014 (September 1, 2014 to December 31, 2014) there were 136 compliance-based reports of which 1 was classified as a Priority “A” report, 50 (or 36.8%) were classified as Priority “B” reports, and 85 (or 62.5%) were classified as Priority “C” reports.

For purposes here, the term “reports” means compliance-based inquiries and compliance-based complaints. Of the 136 reports received during this period, 68 (or 50%) were compliance complaints received on the OCC’s anonymous toll-free compliance hotline.

Mode of Reporting

2) Below is a summary of how the OCC received the 136 CY2014 fourth quarter reports:

–  –  –

V. Privacy Reporting Index for the Fourth Quarter of CY2014 (October 1, 2014 to December 31, 2014)

Incident Reports and Investigations (Fourth Quarter 2014):

1) During the fourth quarter of October 1, 2014 through December 31, 2014, thirty (30) complaints were entered in the HHC HIPAA Complaint Tracking System, an HHC proprietary database. Of the 30 complaints entered in the tracking system nine (9) were found after investigation to be violations of HHC HIPAA Privacy Operating Procedures; six (6) were determined to be unsubstantiated; eleven (11) were found not to be a violation of HHC HIPAA Privacy Operating Procedures; and four (4) are still under investigation. Of the nine (9) confirmed violations, seven (7) were determined to be breaches and two (2) were determined not to be a breach. A total of seven individuals were affected by the seven confirmed breaches.

Confirmed breaches (Fourth Quarter CY2014):

2) Below is a summary of the confirmed privacy breaches for the fourth quarter of 2014.

–  –  –

other employees and hospital visitors in a public area. Breach notification was sent to the affected patient in January 21, 2015.

 Woodhull Medical Center – October 2014. This incident involved the unauthorized disclosure of PHI to an unauthorized recipient patient. The recipient patient received the discharge documents belonging to another patient. Breach notification was sent to the affected patient on December 16, 2014.

 Jacobi Medical Center – October 2014. This incident involved the unauthorized disclosure of PHI to an unauthorized recipient patient. The recipient patient received a prescription belonging to the affected patient. Breach notification was sent to the affected patient on December 24, 2014.

 Jacobi Medical Center – October 2014. This incident involved the unauthorized disclosure of PHI to an unauthorized recipient patient. The recipient patient received the discharge documents belonging to the affected patient. Breach notification was sent to the affected patient on December 24, 2014.

 Woodhull Medical Center – November 2014. This incident involved the unauthorized disclosure of PHI to an unauthorized recipient patient. The recipient patient received a prescription belonging to the affected patient. Breach notification sent to the affected patient on January 7, 2015.

 Kings County Hospital – November 2014. This incident involved the unauthorized disclosure of PHI to an unauthorized recipient patient. Upon a return follow-up visit to the facility the recipient patient provided hospital staff with documents that included a surgical schedule. The schedule contained the PHI of thirteen Kings patients. The document was recovered by a Kings staff member. Breach notification was sent to all affected patients on January 5, 2015.

 Bellevue Hospital Center – October 2014. This incident involved the unauthorized access of one patient’s medical record by numerous HHC workforce members, including residents and nurses. The affected patient was a person of notoriety. Disciplinary action is pending against said workforce members. Breach notification was sent to the affected patient on December 24, 2014.

VI. Monitoring of Excluded Providers

1) The OCC has not received or uncovered any reports of excluded providers since the Audit Committee last convened on December 4, 2014.

–  –  –

April 2015 Audit Committee – Report on Ongoing Compliance Matters VII.

1) In its Corporate Compliance Report in April 2015, the OCC will report on, among other

things, the following:

 the status of its revision of Operating Procedure 50-1 (Corporate Compliance Program);

the HHC Principles of Professional Conduct; and the HHC Corporate Compliance Plan;

 its review and findings regarding HHC’s compliance with HIPAA Business Associate Agreement requirements; vendor management activities; and Center for Medicaid and Medicare Services (“CMS”) regulatory requirements for contractors; and  compliance and privacy training activities and corresponding compliance rates.



Pages:     | 1 |   ...   | 4 | 5 ||


Similar works:

«CHAPTER SEVEN Srika nt Rao and Ra v in d ra Kin i: Affordabl e B us i ne s s S o lu tio n s What’s common to software and shampoo? Sachets W hile most of India’s computer-related economic success has come via international business opportunities, this story of entrepreneurship is about having struck gold right here in India. Entrepreneurs don’t just seize the opportunities they see; they also create them by understanding needs. In February 2004, Srikant Rao and his partner Ravindra Kini...»

«LEXISNEXIS® A.S. PRATT® JUNE 2016 Editor’s Note: Lender Nightmares Steven A. Meyerowitz So You Thought You Had a Senior Lien? Losing Priority under Wisconsin and Federal Law (and Other Lender Nightmares) Peter C. Blain Structured Dismissals: Saving Time and Money in Corporate Bankruptcy Richard A. Bixter Jr. Daebo International Shipping: Reaffirmation of Chapter 15 Power and Policy Michael B. Schaedle, Thomas H. Belknap, Jr., Alan M. Root, and Gregory F. Vizza The Ninth Gets It...»

«NSWIC PO Box R1437 Royal Exchange NSW 1225 NEW SOUTH Tel: 02 9251 8466 WALES Fax: 02 9251 8477 IRRIGATORS’ info@nswic.org.au www.nswic.org.au COUNCIL ABN: 49 087 281 746 Submission NSW Treasury Draft guideline for the use of Cost Benefit Analysis in mining and coal seam gas proposals Stefanie Schulte Economic Policy Analyst Member Organisations: Bega Cheese Ltd., Border Rivers Food & Fibre, Coleambally Irrigation Co-Operative Ltd., Cotton Australia, Gwydir Valley Irrigators Association Inc.,...»

«ON RETURN RATE IMPLIED BY BEHAVIOURAL PRESENT VALUE Krzysztof PIASECKI, Department of Operations Research, Poznań University of Economics, Poland, e-mail: k.piasecki@ue.poznan.pl The future value of a security is described as a random variable. Distribution of this random variable is the formal image of risk uncertainty. On the other side, any present value is defined as a value equivalent to the given future value. This equivalence relationship is a subjective. Thus follows, that present...»

«News Release For Immediate Release NOT FOR DISTRIBUTION TO U.S. NEWSWIRES OR DISSEMINATION IN THE UNITED STATES Element Board Unanimously Approves Plan to Separate into Two Market Leading Companies  Special meeting of Element shareholders to be held on September 20, 2016 to consider approval of the transaction  ECN Capital to acquire INFOR Acquisition Corp. subsequent to its separation from Element Toronto, Canada – July 25, 2016 – Element Financial Corporation (TSX: EFN)...»

«DISCUSSION PAPER SERIES IN ECONOMICS AND MANAGEMENT Signaling in Debt Contracting via Voluntary Verification of Timely Information Sebastian Kronenberger, Sandra K. Kukec Discussion Paper No. 15-16 GERMAN ECONOMIC ASSOCIATION OF BUSINESS ADMINISTRATION – GEABA Signaling in Debt Contracting via Voluntary Verification of Timely Information Sebastian Kronenberger* and Sandra K. Kukec† May, 2015 ABSTRACT The importance of timely and reliable information is increasing in the focus of lenders,...»

«U.S. Depar tment of Housing and Ur ban Development OFFICE OF PUBLIC AND INDIAN HOUSING January 30, 2012 OFFICE OF PUBLIC AND INDIAN HOUSING REAL ESTATE ASSESSMENT CENTER Mr. James Gurke Executive Director Alaska Housing Finance Corporation PO Box 101020 Anchorage, AK 99510 SUBJECT: Inter im Obligation Letter Public Housing Operating Subsidies LOCCS/PAS Project No. AK00100021312D Dear Mr. Gurke: This letter obligates $30,400 of Operating Fund subsidy for the months of February and March 2012....»

«Deutsche Bank UK Banks Conference 07 April 2011 Chris Lucas, Group Finance Director Slide: Name Slide Thanks very much, it’s a great pleasure to be here today and I’d like to thank our hosts Deutsche Bank for the opportunity to talk to you this morning. It's a pleasure to follow Alistair Darling with whom we worked closely through the credit crisis and for whom we have great respect. Slide: Our Strategy Remains Unchanged We continue to believe the integrated universal banking model is the...»

«Submitted to Management Science manuscript (Please, provide the mansucript number!) Bundled Payment vs. Fee-for-Service: Impact of Payment Scheme on Performance Elodie Adida School of Business Administration, University of California at Riverside, elodie.goodman@ucr.edu Hamed Mamani Foster School of Business, University of Washington, Seattle, hmamani@uw.edu Shima Nassiri Foster School of Business, University of Washington, Seattle, shiman@uw.edu Healthcare reimbursements in the US have been...»

«Protocol of Measures for the Evaluation of the Webster-Stratton Group Parenting Programme with Parents of ‘at risk’ Pre-school Children in Sure Start Centres Across Wales J. Hutchings, J. Eade, K. Jones, & T. J. Bywater Sure Start Parent Support Research Programme, University of Wales Bangor ISBN 184 220 058 5 This project has been funded by The Health Foundation First published 2003 by The Bangor Child Behaviour Project School of Psychology University of Wales, Bangor Brigantia Building,...»

«3 Interfirm Trade Finance: Pain or Blessing during Financial Crises? Anna Maria C. Menichini The severe recession that hit the global economy in 2008–09, causing low or even negative growth rates, caused widespread contractions in international trade in both developed and developing countries. The World Trade Organization reported that global trade volume contracted by 12.2 percent in 2009 because of the collapse in global demand brought on by the biggest economic downturn in decades (WTO...»

«Monthly Employment Reports and the Pricing of Firm-Level Earnings News by Samuel Joseph Melessa Business Administration Duke University Date:_Approved: _ Katherine Schipper, Supervisor _ Alon Brav _ William J. Mayew _ Per Olsson _ Mohan Venkatachalam Dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Business Administration in the Graduate School of Duke University i v ABSTRACT Monthly Employment Reports and the Pricing of Firm-Level...»





 
<<  HOME   |    CONTACTS
2017 www.thesis.dislib.info - Online materials, documents

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.