URGENT! New insurance option available

We are pleased to announce that all full-time (30+ hours/week) employees will now have the option to purchase short-term and/or long-term disability insurance. We will be having 2 informational sessions in each County Office on Thursday May 4, 2017. Our insurance broker, CBA, and the insurance provider will be on-site to explain the options and answer any questions you may have. The meetings are optional, but you are strongly encouraged to attend. If you cannot attend for any reason, you can SCHEDULE a time to meet with Brent West or myself to discuss the options. If elected now the insurance would be effective 6/1/17. If not elected at this time, you will not be eligible for enrollment until we have our annual open enrollment period in November/December for a start date of 1/1/18.
Session times for Athens are 10am-10:45am and 11am-11:45am.
Session times for Marietta are 2pm-2:45pm and 3pm-3:45pm.

On the heels of our agency wide Annual Compliance Training I want to thank all who attended and all who made it possible to schedule. Every topic has its vitality and relevance. Every decision we make can and should be traceable back to Health and Welfare is Priority ONE!

The following are notes from BizWit Focus on Security. Robert has provided our agency with two comprehensive security audits over the past 4 years. He noted quite a bit of improvement the second time around. Including our review of rules and regulations and internal HIPAA and related IT security policies. I felt it was a good time to share he most recent monthly newsletter in hopes of keeping us sensitive to the stewardship we all share in keeping Havar's consumer and employee information safe from prying eyes. See below;
Rules and Compliance
‚Äč
We are pleased to announce that all full-time (30+ hours/week) employees will now have the option to purchase short-term and/or long-term disability insurance. We will be having 2 informational sessions in each County Office on Thursday May 4, 2017. Our insurance broker, CBA, and the insurance provider will be on-site to explain the options and answer any questions you may have. The meetings are optional, but you are strongly encouraged to attend. If you cannot attend for any reason, you can SCHEDULE a time to meet with Brent West or myself to discuss the options. If elected now the insurance would be effective 6/1/17. If not elected at this time, you will not be eligible for enrollment until we have our annual open enrollment period in November/December for a start date of 1/1/18.
Session times for Athens are 10am-10:45am and 11am-11:45am.
Session times for Marietta are 2pm-2:45pm and 3pm-3:45pm.

Rules, governance, policies - we all hate them, but cannot live without them as they provide basic expectation for how we do things, what we expect from others (staff and vendors),
and how we meet specific requirements (compliance). I wanted to make a few related points.
Rules aka policies are basic requirement of multiple compliance requirements including HIPAA, PCI, OSHA etc. Some can be very prescriptive e.g. company needs to maintain policies
and procedures, incorporate training; and others are more flexible e.g. organization needs to maintain adequate and reasonable safeguards.
Most of you reading this newsletter are in healthcare, or are supporting healthcare organizations, so very likely you are subject to State, Federal or industry specific compliance requirements listed below:

HIPAA Privacy, Security and Data Breach Notification rules - applies to covered entities and business associates;
FTC - Consumer Protection Act - applies to any organization dealing with personally identifiable information e.g. employee or customer's information, demographics that is a subset of PHI. Thus why FTC pursues investigations against covered entities and BA independently from, or in collaboration with OCR.
State regulations sometimes impose State specific and stronger data beach notification laws, stronger protection for behavioral and mental health services related data. Some States actively pursue enforcement of these rules.
Insurance companies do NOT enforce rules per se, but your insurance premiums will be higher, or your insurance claim will be denied (e.g. Cottage Health) if you do not meet specific requirements identified on the insurance application e.g. patching systems, systematically identifying and mitigating vulnerabilities, training staff etc.

As Joe or Jane, you may not care much about these rules - but they can have impact on every organization, it could be a time spend on investigations and
responses to incidents, monetary penalty or lost business due to inability to meet compliance expectations - that means less money for payroll, downsizing,
loss of jobs due to fiscal impact or disciplinary actions.

    We are in it together!

Sometimes compliance is a magic word, that helps people understand the risk exposure better. Yet policies/rules are often a shelved idea that is pulled out only when auditors ask about it - operationalize it: (this is what we've done before and during Compliance Training)

    Make policies available

so they can be searched by keywords and used for guidance - put it on Intranet.
    Make it understandable

- Do not copy and paste all regulatory language into your policies, and make it a legal dissertation paper - reference laws and use supporting / implementation templates.
    Train user, talk about

common policy implementation challenges in staff meetings.
    Ask staff to re-sign

policy acknowledgements annually.
    Use technology to enforce

policies including legal disclaimer on user's devices.
For large small and medium size organizations - keep an eye on regulations like NY Cybersecurity Requirements for Financial Services Companies (includes health insurers) stipulating designation of qualified individual to serve as CISO, or recently introduced Cybersecurity Disclosure Act stipulating disclosure of cybersecurity expertise available to the Board of Directors. These regulations may become a norm for Health Information Technology as well,
    because even when the World's market indexes go down, the PHI value does NOT!

.
Yes, Havar does have an IT department responsible for compliance and security in all things digital in Havar. And yet
YOU are on the IT Team and make those security efforts come to life.
"It takes 20 years to build reputation and five minutes to ruin it. If you think about that, you'll do things differently". Warren Buffet