Certification - HIPAA and Sarbanes-Oxley

Software Engineering

Certification - HIPAA and Sarbanes-Oxley

Created 3 years ago

Duration 0:05:25
lesson view count 201
Select the file type you wish to download
Slide Content
  1. Certification: HIPAA and Sarbanes-Oxley

    Slide 1 - Certification: HIPAA and Sarbanes-Oxley

    • Emerson Murphy-Hill
  2. What is HIPAA?

    Slide 2 - What is HIPAA?

    • HIPAA = Health Insurance Portability and Accountability Act
    • A Federal Law Created in 1996
    • H = Health
    • I = Insurance
    • P = Portability and
    • A = Accountability
    • A = Act
  3. HIPAA Security

    Slide 3 - HIPAA Security

    • The HIPAA Security standards provides the mechanisms that support efforts to protect privacy.
    • It covers information:
    • on hard drives
    • on removable/transportable digital memory medium (magnetic tape/disk)
    • transported electronically via the internet, e-mail or other means.
  4. PENALTIES For Non-compliance

    Slide 4 - PENALTIES For Non-compliance

    • Monetary Penalty
    • Term of Imprisonment
    • Offense
    • $100
    • N/A
    • Single violation of provision
    • Up to $25,000
    • N/A
    • Multiple violations of identical requirement or prohibition made during the calendar year
    • Up to $50,000
    • Up to one year
    • Wrongful disclosure of individually identifiable health information
    • Up to $100,000
    • Up to five years
    • Wrongful disclosure of individually identifiable health information committed under false pretenses
    • Up to $250,000
    • Up to 10 years
    • Wrongful disclosure of individually identifiable health information committed under false pretenses with intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm
  5. Sarbanes Oxley (SOX)

    Slide 5 - Sarbanes Oxley (SOX)

    • On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $72 billion during the past five quarters, primarily by improperly accounting for its operating costs.
    • Executive management of publicly held companies reporting $75 million revenue dollars or more to the Securities and Exchange Commission (SEC) are under the gun to be compliant with the Sarbanes-Oxley Act of 2002 (SOX) legislation
    • Named after sponsors Senator Paul Sarbanes (D-Maryland) and Representative Michael G. Oxley (R-Ohio)
    • Regulatory compliance – independent corporate auditors examine if an organizations is SOX compliant.
    • No more “Enrons”
    • Mandates strict rules relating to corporate transactions and operating practices.
  6. Sarbanes-Oxley 2002

    Slide 6 - Sarbanes-Oxley 2002

    • Requires management to demonstrate knowledge of underlying process of the business
    • Must be able to describe how transactions are authorized or accepted for input into processing
    • Identify critical data files used during processing
    • “Separation of duties”: e.g., developers cannot have write access to production system.
    • Define key reports resulting from processing
    • Ongoing process to monitor internal controls while continuously evaluating and improving their effectiveness