Technical aspects of HIPAA as it relates to Computer and Network Security

"Technical aspects of HIPAA implementation as it relates to Computer and Network Security"

The talk will be presented by Ed Messerly,
Instructor for Networking & Computer Security,
Cascadia Community College

Abstract

This is the 2nd talk in a series on HIPAA (i.e. Health Insurance Portability and Accountability Act of 1996).
HIPAA regulation establishes the requirement that Patient Information must be kept private.
The talk follows the previous lecture where regulation requirements were presented.
This discussion will spell out some of the implications within large and small office environment where Patient information is stored in electronic form and can be easily, and inappropriately, disseminated.

The following issues and subjects will be reviewed:
    a) Electronic break-ins by hackers,
    b) Viewing by Curiosity seekers who don’t have need or authorization
    c) Ability to Audit or ascertain who has viewed Private Patient Information (PPI)
    d) 2nd Party clearing house (i.e., Billing Services) whom receive and process PPI
    e) HCFA1500 form submittal to Insurance carriers

Related Subjects:
    Input of Data:
        Local vs. Network Local: using own S/W vs. Provided s/w to you
                Network: Office area vs. outside [Web-application input data, POS (point of sale service)]

    Storage of PPI:
        Secure : Locked-up - encrypted File/folder share access
            Password accessed (tokens), Auditable
        Local vs. Network

    Transmissions
        Local vs. Network vs. Internet, Firewall capability,

right click and 'save target as' for copy of file: Presentation reference material