It is now more important than ever to ensure your breach security is on par or better than the rest of the industry. Review these slides to ensure you understand the regulations surrounding patient privacy and how to prevent future breaches.

1. HIPAA Privacy &
Cyber Insurance
Outline provided by Paresh Shah, MindLeaf Tech. Inc.
MindLeaf

2. Regulations and Protecting Patient Privacy
HIPAA Technical Safeguards
- Record and examine access in Information
System that contains PHI.
HIPAA Administrative Safeguards
- Review records of IT - logs.
ARRA HiTech Privacy and MU Criteria
- Security risk analysis in accordance with 45 CFR
164.308(a)(1)
HIPAA Omnibus Rule
- 4 Factor Risk assessment – Acquistion, access,
Use or disclosure of PHI.
New Accounting for Disclosure Regulations
- Patients with transparency about the uses
and disclosures of their digital PHI.
State(s) Laws on Privacy
- Varies by state(s).
HIPAA Privacy and Cyber Security Insurance 2

3. Provider’s Cyber Insurance
Data Privacy Media Liability Notification & Id
Protection
Other Factors Extortion Data Recovery
• Key – Protecting the
business
• Manage and mitigate
the cost of
responding to cyber
attack through
insurance options.
Highlights
Cyber
Security
Policy
Insurance
Effect
Problem statement:
What happens when
there is a Privacy
breach?
Compliance is the floor while Cyber Security is the ceiling for
Provider(s) organization.
HIPAA Privacy and Cyber Security Insurance
3

4. Name, Location, Staff, Organization
Specific Information
Check box – Yes/No
Written procedure with respect to security?
Virus definitions updated and disseminated
Firewall? Updates frequency?
Incident Response Plan?
Etc.
Insurance – Application Sheet
Provider(s) Information Cyber Security Coverage
HIPAA Privacy and Cyber Security Insurance
4

5. Anatomy of a Privacy breach
01 02 03 04
• Access to patient data • Reactive phase following the
breach
• Incident Response Plan – What
occurred.
• Plan in the months following the
breach for e.g.
• Interim access to patient
records
• Reduce damages to
patients
• Respond to findings
• Legal matters.
• Repairing the damage to the
provider organization
• And preventing the occurrence of
similar event
PRIVACY
BREACH
IMMEDIATE
BREACH
RESPONSE
- TRIAGE
SHORT TERM
IMPACT
LONG
TERM
IMPACT
HIPAA Privacy and Cyber Security Insurance
5

6. Impact of a breach on Provider(s)
Direct
Costs
Will the
Insurance
claim pay
for this?
Indirect
Costs
Compliance, Protection – post breach, Attorney fees, PR, Investigations, Cash
Flow to cover the costs.
Loss of Revenue – patient attrition, Goodwill, Cost of Insurance premium,
Operational costs
HIPAA Privacy and Cyber Security Insurance 6

7. Breach Takewaways/ Potential consequences
• Short Term
• Long Term
Impact
• Technical
• Business
Recovering
• Future Direction
Course
• Business
Leadership
Changes
HIPAA Privacy and Cyber Security Insurance 7

8. Action Who
By When
ASAP
Assumptions – Incident Response Plan
Perform a loss control on the Cyber Security exposures
Insurance Company/ or
Internal
Mitigate likely outcomes – Response Team, Top Risk areas Management
Investment – Risk focused Finance/ CIO
Employee Engagement – Education on CyberSecurity Management
Implement Action Plan
HIPAA Privacy and Cyber Security Insurance 8

9. MindLeaf and Intel
It is now more important than ever to ensure your breach security is on par or better than the
industry. Intel Health and Life Sciences and several industry partners are currently running a global pilot
program offering complementary, confidential breach security assessments for HLS organizations.
This engagement involves a one hour meeting for the assessment conducted by Intel or MindLeaf a partner,
and results in an extensive report that shows participating organizations how their breach security
compares with the broader HLS industry.
This report also includes traceability to key regulations and standards, enabling participants to see how
addressing any gap may also help with compliance. An example report is on www.mindleaf.com.
How does your breach security compare?
HIPAA Privacy and Cyber Security Insurance 9

10. Provider(s) Goals
Manage the privacy and
cybersecurity risk(s) And
The ability to recover from an
attack.
HIPAA Privacy and Cyber Security Insurance 10

11. If you would like to learn more about these concepts,
reach out to Paresh Shah
at
pshah@mindleaf.com
HIPAA Privacy and Cyber Security Insurance
11