Christy E Navarro

Abstract: Prior to developing the privacy impact analysis tool that San Francisco-based Catholic Healthcare West (CHW) currently uses, Christy Navarro, CIPP,CHW's senior privacy and data security analyst, knew there had to be a better way. When business owners introduced new software applications, contracts, or projects and shared PHI and other sensitive business information, it was a challenge for CHW's privacy officials to examine the privacy ramifications of such activities and make the necessary recommendations. Privacy officials at each of CHW's 42 hospitals and medical centers in California, Arizona, and Nevada conducted their own nonuniform reviews, looking at all 40 privacy-related policies regardless of the nature of the project. The privacy review process-an examination of various business activities to ensure consistency with organizational privacy policies-needed simplification and standardization, says Navarro. "We were all essentially doing the same activity using a different approach each time. We needed to standardize it," she adds.

Abstract: As the nation moves toward greater adoption and leveraging of health information technology, the issue of protecting and providing proper access to health records has become a central element of concern. In addition to that attention, the last few years have seen a marked increase in the enforcement of various health information privacy laws at both the federal and state level. While the theme of only a few years ago was "voluntary compliance," large breaches and other privacy and security issues may now lead to a multitude of penalties or financial settlements. This Web conference will explore recent healthcare privacy enforcement trends, including: � The increase in HIPAA financial settlements and what lessons can be learned from these resolutions; � How states are using both HIPAA and state law to enforce health information privacy; � The various types of federal and state agencies that are enforcing health information privacy, and � What the future may hold, such as HIPAA audits and more aggressive enforcement of potential violations attributable to �willful neglect.� Speakers: Adam Greene, Partner, Davis Wright Tremaine LLP Christy Navarro, CIPP, Chief Privacy Administrator, Catholic Healthcare West

Abstract: Ms. Navarro is the Chief Privacy Administrator for CHW and will share an overview and examples of tools that can be utilized to navigate various state and federal laws for determining patient privacy breach notification and reporting requirements. She will discuss common types of reportable incidents including examples and outcomes and review one organizations� practice with determining detection dates and �pre-notice� efforts.

Abstract: It is important that privacy officials identify the use, transmission/storage of PHI, and that they proactively assess the means for protection of this information. One effective method is through the development of a privacy impact assessment. This session will use a privacy impact assessment template and a case study. Participants will be provided with information on conducting a privacy impact assessment when planning for information system purchases and upgrades. The materials will include key components of the impact assessment. We will review a case study and provide a sample privacy impact assessment tool to the participants.

Abstract: