Tip of the month of June, 2008 - Week 1

Business Continuity Planning – A Federal Requirement

In this issue:

Monthly HIPAA Compliance Tip: Business Continuity Planning – A Federal Requirement
Web cast: Developing & Implementing a Hospital Emergency Operations Plan (EOP)
Audio cast: Is Your Hospital Infrastructure Secure & Are You Ready for a CMS Audit?
TANDBERG’S Joe D’Iorio Receives American Telemedicine Association Industry Council Award
Web cast: Data Loss Prevention - Strategies You Can Use to Protect Your Company Today
Web cast: Increased Access to Critical Specialists: How One Company is Making it Easier
EM Compliance Standards to be More Rigorous, Stringent in 2009
Cisco Sets New Era of Business Mobility in Motion
Hard Drive Recovered from Columbia Shuttle Disaster Leads to Research Breakthrough
Case Study: San Juan Regional Medical Center Gets Control of Policy Practices

1. Monthly HIPAA Compliance Tip: Business Continuity Planning – A Federal Requirement

Brought to you by: Ali Pabrai, CISSP, CSCS, HIPAA Academy

CONTINGENCY PLANNING IS A HIPAA REQUIREMENT

Contingency plan is a HIPAA Security standard. The objective of the contingency plan standard is to establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic Protected Health Information (EPHI). As shown below, the Contingency Plan standard is defined within the Administrative Safeguards section of the HIPAA Security Rule. Has your organization addressed this mandatory HIPAA Security Standard?

Standards	Implementation Specifications	R = Required A = Addressable
Contingency Plan	Data Backup Plan	R
	Disaster Recovery Plan	R
	Emergency Mode Operation Plan	R
	Testing and Revision Procedure	A
	Applications and Data Criticality Analysis	A

Contingency plan related requirements are also identified as implementation specifications in the Physical Safeguards section of the HIPAA Rule as well as the Technical Safeguards section.

Contingency planning, also referred to as Business Continuity Planning (BCP), is about a coordinated strategy that involves plans, procedures and technical measures to enable the recovery of systems, operations, and data after a disruption. A Business Impact Analysis (BIA) is the foundation for building Contingency Plans. Once the BIA is completed, Contingency Plans can be developed using the information identified in the BIA.

To discuss ecfirst/HIPAA Academy services for conducting a Business Impact Analysis (BIA) and developing a contingency plan, including disaster recovery plan (DRP), for your organization, please call 1.877.899.9974 x17

Email technologysolutions@aha.org for your copy of the executive brief PDF on CMS Requirements for a HIPAA Security Audit.

HIPAA Academy HIPAA Compliance Training Solutions have the exclusive endorsement of the AHA.

2. Web cast: Developing & Implementing a Hospital Emergency Operations Plan (EOP)

Thursday, June 19th, 2008

1:00 - 2:30 p.m. (EDT)

LiveProcess and AHA Solutions present a web cast: Developing and implementing a hospital Emergency Operations Plan (EOP) is one of the most important components for building an effective emergency management program. In addition, knowing how to construct an EOP that is both easy to use and that meets accreditation standards will help ensure successful emergency response as well as surviving compliance surveys.

SPEAKERS:
-Mitch Saruwatari, VP Quality & Compliance, LiveProcess
-Teri Alameda, President, Teri Alameda Health and Safety Consultation, Inc.

Click Here to Register.

LiveProcess Disaster Readiness & Incident Command Solutions have the exclusive endorsement of the AHA.

3. Audio cast: Is Your Hospital Infrastructure Secure & Are You Ready For a CMS Audit?

Tuesday, June 24th, 2008

1:00 - 2:00 pm (EDT); 12:00 - 1:00 pm (CST)

HIPAA Academy and AHA Solutions present an audio cast: Are you ready for a CMS Audit? Is your information technology infrastructure resilient? Have you recently completed a comprehensive and thorough assessment of your computing environment to determine the weak links that may be vulnerable to attacks? Have you deployed robust (to prevent passive threats) and roving (to prevent active threats) security capabilities?

SPEAKERS:
-Ali Pabrai, CISSP (ISSAP, ISSMP), CSCS, Cyber Security & Compliance Expert, ecfirst.com, home of the HIPAA Academy
-Marcy Wilder, Partner, Hogan & Hartson (former Deputy General Counsel of HHS)

Click Here to Register.

4. TANDBERG’S Joe D’Iorio Receives American Telemedicine Association Industry Council Award

Joe D’Iorio, Manager of Healthcare Services at TANDBERG, received the Third Annual American Telemedicine Association Industry Council Award for Leadership in the Advancement of Telemedicine today at the 13th Annual ATA Meeting & Exposition, held in Seattle, WA.

The annual award recognized D’Iorio for his leadership and championship at local, national and international levels in promoting and advocating for telemedicine/telehealth and e-health. D’Iorio has been a long-time champion of telemedicine and served as the Chair of the American Telemedicine Association Industry Advisory Council from 2005-2006. Since joining TANDBERG in 2001, D’Iorio has worked with telemedicine programs worldwide to develop the design and operational requirements for medical devices used in doctor-patient encounters.

To read the full press release, click here.

TANDBERG Videoconferencing Solutions have the exclusive endorsement of the AHA.

5. Web cast: Data Loss Prevention - Strategies You Can Use to Protect Your Company Today

Tuesday, June 10, 2008
2:00 PM ET / 11:00 AM PT / 6:00 PM GMT

Data loss prevention (DLP) is a serious issue for companies, as the number of incidents (and the cost to those experiencing them) continues to increase. Whether it's a malicious attempt or an inadvertent mistake, data loss can diminish a company's brand, reduce shareholder value, and damage the company's goodwill and reputation.

Join this live TechRepublic Webcast, featuring Brad Hunter, Director of Technology Solutions, AHA Solutions, along with Sean Tippett, Data Loss Prevention Technology and Solutions Product Manager from Cisco Systems, Inc., to learn what you can do to protect your company's sensitive information from getting into the wrong hands.

Click here to register

IronPort Email Security Products have the exclusive endorsement of the AHA.

6. Web cast: Increased Access to Critical Specialists: How One Company is Making it Easier

Thursday, June 12th; 3:00pm EDT

Speakers: Joe Diorio, TANDBERG GEM Sales Manager, John Moynihan, Chief Technology Officer, Specialists on Call

Responding to a national healthcare crisis -- the need for rapid, effective treatment of stroke patients and the shortage of critical care stroke neurologists -- Specialists On Call, Inc., is the first teleneurology service accredited by The Joint Commission.

During this interactive web event, learn how Specialists on Call uses video communications to provide more timely healthcare to save patient lives, offer specialist physicians the opportunity to focus on their specialty, and improve the bottom line for hospitals at the same time. A question and answer session will follow their presentation.

To learn more and to register, click here.

7. Cisco Sets New Era of Business Mobility in Motion

Cisco announced an evolved architecture that helps empower healthcare organizations to meet and exceed mobility demands and move beyond basic wireless networking into the next generation of business mobility - transforming the way business is done by fostering broader collaboration and new levels of productivity. This announcement is part of Cisco Motion - Cisco's innovative vision for business mobility that delivers practical solutions to integrate mobile devices, applications, security and disparate networks into a unified platform.

The cornerstone of the Cisco Motion vision is the Cisco 3300 Series Mobility Services Engine (MSE). The new Cisco 3300 Series Mobility Services Engine revolutionizes the Cisco Unified Wireless Network by separating network control from services/applications elements to deliver superior scale for wireless networks, and accelerated time-to-market and innovation for integrated mobility applications via an open platform.

Click here to read the full press release.

Cisco Wireless Networking Products have the exclusive endorsement of the AHA.

8. EM Compliance Standards to be More Rigorous, Stringent in 2009

As a result of mounting public pressures, emergency management guidelines, regulations and standards are now becoming much more rigorous and specific. While most hospitals agree with the 2008 Joint Commission Standards for Emergency Management standards, many are having a difficult time coming into compliance quickly enough. More significantly, however, is effective January 1, 2009, the Joint Commission will create a separate chapter for emergency management.

This article, published in the Health Care Compliance Association’s monthly magazine, Compliance Today, appears here with permission from the Health Care Compliance Association. Contact 888/580-8373 with reprint requests.

For a copy of the complete article, email technologysolutions@aha.org

9. Hard Drive Recovered from Columbia Shuttle Disaster Leads to Research Breakthrough

Six months after the Space Shuttle Columbia exploded, killing seven astronauts, NASA located a hard drive in a dried-up Texas lake bed that contained a portion of a xenon research project that was part of the mission. NASA sent the drive to Kroll Ontrack, provider of Ontrack® Data Recovery services, where data recovery engineers were able to recover 99% of the data despite extreme damage to the drive.

This spring, scientists were able to complete their xenon research project, which studied how xenon gas flows in a zero gravity environment. The successful completion was disclosed in the April issue of Physical Review E and has led to renewed interest in the process Ontrack Data Recovery engineers used to recover the data.

To receive a copy of the article, email technologysolutions@aha.org

Kroll Ontrack Data Recovery Services have the exclusive endorsement of the AHA.

10. Case Study: San Juan Regional Medical Center Gets Control of Policy Practices and Reduces Approval Process by Six Months

With seven satellite facilities and a service area in four states, San Juan Regional Medical Center (SJRMC) needed to speed up the process for writing hospital policy and ensure that all employees received and read them. SJRMC had policies that were typewritten, word-processed and stored in various locations across their facilities. Additionally, like many hospitals, SJRMC had policies written by multiple levels of managers but without a strict level of uniformity or process for approval, storage, retrieval, or distribution. In short, the process was out of control.

To find out how SJRMC streamlined the policy management process and improved their compliance, email technologysolutions@aha.org for a copy of the case study.

Policy Tech Policy and Procedure Management Software System have the exclusive endorsement of the AHA.