Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)

Size: px
Start display at page:

Download "Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)"

Transcription

1 Arizona Health Information Exchange Marketplace Requirements and Specifications Health Information Service Provider (HISP)

2 Table of Contents Table of Contents... 1 Introduction... 2 Purpose... 3 Scope... 4 Timeline... Error! Bookmark not defined. Submission Timelines & Requirements Instructions... 4 Postal Mail Instructions... 4 Vendor Minimum Specifications for Health Information Service Providers (HISPs) Participating in the Arizona HIE Marketplace... 5 Basic Business and Financial Specifications... 5 General Privacy and Security Standards Compliance Specifications... 5 Implementation Methodology Specifications... 6 HISP Technical Architecture Specifications Account Configuration Specifications... 9 Best Practice Compliance Specifications Direct Directory Specifications Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 1 of 12

3 Introduction Arizona Health-e Connection (AzHeC) is requesting applications from Health Information Service Providers (HISPs) to participate in the Arizona HIE Marketplace a resource that gives Arizona health care entities and providers options for HISP services to facilitate Direct messaging. HISPs enable providers to exchange patient health information in a secure, simple, and inexpensive manner over the Internet. Based on the information provided by respondents, AzHeC will evaluate applicants as they relate to Minimum Specifications Requirements identified for participation in the Arizona HIE Marketplace. Generally, HISP vendors will be selected based on: Business strength and long-term financial viability Compliance with local and national privacy and security standards and specifications Adherence to stated implementation methodology specifications Compliance with HISP technical architecture specifications Compliance with account configuration requirements and specifications Commitment to upholding local and national HIE industry standards that are commonly identified as best practices Agreement to provide AzHeC and the State of Arizona s state-level directory services vendor organization with their directory of Direct accounts in Arizona AzHeC is committed to maintaining vendor neutrality at all levels of the organization. For this reason, AzHeC is not setting a maximum number of vendors permitted to qualify for the Arizona HIE Marketplace. The Arizona HIE Marketplace facilitates a customer s selection of a HISP vendor that meets a minimum set of standards and specifications. For health care providers and hospitals trying to meet Meaningful Use requirements, this will give them a level of assurance that the service provided by an Arizona HIE Marketplace vendor will enable them to meet a basic level of HIE capability and interoperability. However, to ensure that vendors wishing to be qualified for the Arizona HIE Marketplace have the ability to assist those customers trying to meeting Meaningful Use requirements, vendors must prove they will meet the minimum specifications set forth in this document through their responses to the Arizona HIE Marketplace Application. AzHeC wants vendors to understand the specifications needed to participate in the Arizona HIE Marketplace. These specifications and Department of Health and Human Services (HHS) Specifications are not designed to limit the marketplace, but rather are to enable providers to fully adopt health information technology systems and thereby improve clinical outcomes in the state. The vendor application process is designed for optimal transparency throughout the marketplace and health care community. Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 2 of 12

4 The State of Arizona and the Arizona Strategic Enterprise Technology office (ASET) is responsible for the implementation of the Arizona Health Information Exchange (HIE) Cooperative Agreement grant program through the Office of National Coordinator for Health Information Technology (ONC). As a recipient of the Health Information Exchange Cooperative Agreement Grant, ASET is charged with enabling health information exchange activities throughout the state. Specifically, ASET is charged with ensuring that any willing health care provider has viable options to participate in health information exchange. One of the ways ASET intends to support health information exchange in Arizona is through the formation of a Health Information Exchange Marketplace. This concept is widely supported by our health care stakeholder community and is a way to match health care providers with health information exchange options. The HIE marketplace will be seen as a trusted source where health care providers can review viable health information exchange options. Specific technical and operational policies will be developed as part of this Contract in which all health information exchange applicants must adhere to as participants in the marketplace. Health information exchange applicants will be invited to submit an application to be a participant in the marketplace and shall be evaluated and selected based on established criteria. The relationship between ASET and AzHeC is for the purpose of developing and maintaining the HIE marketplace and establishing AzHeC the public-facing entity for the marketplace. The State of Arizona will have an active role in the development and oversight of the marketplace through its relationship with AzHeC. Purpose To gain acceptance and qualify for the Arizona HIE marketplace, vendors must complete an Arizona HIE Marketplace Application. Once completed, AzHeC will evaluate applicants based on selection criteria, which fall into two basic categories: Compliance with applicable ONC best practices and specifications Commitment to connecting to the state-level Directory Services (Provider Directory) and sharing directory information After evaluation, vendors that pass the evaluation will work with AzHeC to begin a Memorandum of Understanding (MOU) process to formalize each vendor s terms of participation. During this period, vendors will formalize their commitment to the Vendor Minimum Specifications (as outlined in this document) and will sign an MOU with AzHeC for ongoing participation in the Arizona HIE Marketplace. Upon review of these specifications, vendors have the following options: Vendor chooses to comply with all specifications pertaining to HISP products and services Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 3 of 12

5 Vendor chooses to modify HISP products and/or services offered to fully comply with the Specification for Participation Vendor chooses to withdraw application Vendor chooses to re-apply in subsequent application periods Scope This document contains and provides those specifications for the first round of vendor applicants. Future iterations of the application process may prompt revision and creation of new requirements, as the needs of Arizona s health care community evolve. Existing Arizona HIE Marketplace participants will be notified of any changes made to these specifications. At the time of notification, vendors can opt to accept the new requirement, withdraw from Arizona HIE Marketplace, or withdraw a specific product or service from marketplace. It is expected that the application process period for the Arizona HIE Marketplace will be opened on a semi-annual basis. Submission Timelines & Requirements Interested HISP Vendors must complete and submit an application. Submitted applications will be considered on a rolling basis until 5:00pm (Arizona Time) on Monday, October 15 th, Applications must be submitted via and postal mail. Hand delivered applications are an acceptable alternative to postal mail. Applicants that fail to submit both applications will not be considered for Arizona HIE Marketplace participation. Instructions 1. Attach the completed Arizona HIE Marketplace Application to an In the subject line of the , type: Arizona HIE Marketplace Application 3. Send the to: Travis Shank at Postal Mail Instructions 1. Print and sign the completed Arizona HIE Marketplace Application. 2. Place all Arizona HIE Marketplace materials in a sealed envelope. 3. Send the sealed envelope to the following address: Arizona Health-e Connection Attn: Arizona HIE Marketplace Application 3877 N. 7 th Street, Suite 130 Phoenix, AZ Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 4 of 12

6 Vendor Minimum Specifications for Health Information Service Providers (HISPs) Participating in the Arizona HIE Marketplace The following sections of this document outline the Vendor Minimum Specifications for Health Information Service Providers (HISPs) participation in the Arizona HIE Marketplace. Basic Business and Financial Specifications AzHeC intends to create an interoperable, diverse marketplace, including organizations of different sizes and specialties. To support full transparency, AzHeC requires that all vendors provide appropriate documentation regarding their subcontractors to AzHeC and Arizona customers with whom the vendor engages. Requirement # Area Specification BB1 Documentation All HISP Vendors must reveal in writing to AzHeC and Arizona health care customer any subcontractors used. BB2 Clarity of Pricing & Terms HISP Vendors will make available clear pricing models and terms of use for customers to review prior to choosing a HISP. BB3 Certificate Issuance HISP Vendor must provide bundled options for purchase and issuance of X.509v3 digital certificates when registering a health care customer for a Direct account. General Privacy and Security Standards Compliance Specifications AzHeC is committed to upholding local and national standards throughout the marketplace to ensure that privacy and security measures are established and maintained for patient data. To ensure vendors are upholding industry standards, AzHeC is issuing a series of specifications around data security. Requirement # Area Specification PS1 Privacy & Security Standards HISP Vendors will comply with all applicable Arizona and federal privacy and security laws Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 5 of 12

7 PS2 PS3 PS4 Privacy & Security Standards Privacy & Security Standards Privacy & Security Standards and regulations. HISP vendors will execute a contract/business agreement with providers which includes privacy and security obligations and indemnifies the provider against a breach that the HISP is solely responsible for. HISP Vendors will certify to AzHeC and the client that it has established a breach notification compliance program which requires timely notice to client as required by law and that it will adhere to all requirements that will prevent a breach. HISP vendors will be compliant with HIPAA and HITECH Privacy and Security rules. PS5 Security Audit HISP vendors will complete a security audit and penetration test on their technology infrastructure and provide documented results to clients. The security audit and penetration test must be repeated on a regular basis as required by law and no less frequently than annually and as there are significant technology infrastructure changes. HISPS will also notify their clients of major findings and corrective actions and all known breaches. Implementation Methodology Specifications While AzHeC welcomes each vendor s uniqueness in its products and services, there are several key components that are critical to assist health care professionals and hospitals across the state to reach Meaningful Use as quickly as possible. As an example, while AzHeC does not obligate vendors to provide specific types of support, vendors must ensure that customers are made aware of the specific support services available to them. The objective of the following specifications is to drive critical success factors for implementations. Requirement # Area Specification Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 6 of 12

8 IM1 IM2 IM3 IM4 Support for Direct Customers Support for Direct Customers Support for Direct Services Support for Direct Services HISP Vendors will provide customers with information regarding available support services. HISP vendors must provide online access to mailbox and account management including a. Basic account demographics b. Trust store manipulation c. Message forwarding HISP vendors will provide technical support via phone or to those providers who require additional assistance when configuring their accounts. Please indicate hours of available support by time zone. HISP vendors will provide both phone and support to customers. HISP Technical Architecture Specifications To ensure customers adopting Direct Project secure messaging to exchange patient health information with their counterparts select a HISP solution that is able to perform encryption, trust verification, and authentication on their behalf, AzHeC must guarantee that HISP Vendors qualified through the Arizona HIE Marketplace are compliant and compatible with the Direct Project specifications and best practices. AzHeC understands that HISPs might differ from one another, and AzHeC welcomes their uniqueness and additional functionalities; however, there are a set of core technical requirements that must be met by all HISP Vendors participating in the Arizona HIE Marketplace. Requirement # Area Specification HT1 Compatibility HISP Vendors must be able to sign, encrypt, decrypt, and verify the payload using S/MIME as well as support SMTP, S/MIME, and X.509v3 certificates to securely transport health information over the internet as defined by the Applicability Statement for Secure Health Transport at Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 7 of 12

9 HT2 Legal Agreements Secure+Health+Transport. Directed exchange where an external HISP could have access to unencrypted data (managing the private keys of the address holder) must operate under a standard Business Associate Agreement (BAA) if the Direct address holder is a part of the HIPAA Covered Entity. HT3 Mail Client HISP vendors must provide a web-based client that supports SMTP/TLS protocols. Additionally, HISP vendors have the option to support desktop-based clients (such as Outlook) that supports POP-S and IMAP-S interfaces. HT4 Client API The HISP must support the Direct SMTP edge protocol to enable system generated Direct messaging (e.g. EHR to HIE Connectivity) HT5 Trust Stores HISPs must allow a Direct Project participant to specify which counterparts they wish to be able to exchange information. Trust stores can white/black list at the following levels. A. Address B. Domain C. Certificate Authority D. Certificate Signatory HT6 HT7 Security of Private Keys Content and Format of Messages HISPs that manage private keys must perform specific risk assessment and risk mitigation to ensure that the private keys have the strongest protection from unauthorized use. That risk assessment must address the risk of internal personnel or external attackers gaining unauthorized access either to the keys or the health information functions for which the keys enforce trust. HISPs must have a defined policy for notification and handling of breach of private key stores. HISPs must be able to format the "payload" as an RFC 5322 compliant message with a valid MIME body (RFC2045, RFC2046). The delivery of messages must be agnostic of attachment type or format. Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 8 of 12

10 HT8 HT9 HT10 HT11 Use of Message Data Logging and Auditing Addressing of Messages Forwarding of Messages Patient data is not retained for purposes other than processing and delivering the message. No use or storage of message payload beyond what is explicitly required by contract with customers. Additional access to content must be governed by a separate contract between the HISP and provider. HISP vendors must collect and provide, at a minimum, customer-level (by Direct address) messages sent and failed messages to customer on request. HISP vendors must route messages to any other wellformed Direct address, regardless of destination HISP provider (i.e. no walled gardens). HISP vendors must support automatic forwarding of messages from one Direct address to another Direct project address to enable transition of HISP services. HT12 Domains HISPs must support the ability for providers to use a custom address domain (e.g. either by forwarding or native hosting. HT13 HT14 Disaster Recovery Testing and Production Policies and Procedures HISP must have a defined disaster recovery and backup plan, including offsite hosting and ability to recover from disasters such as primary hardware failure, long term power outage, flood, etc. within an appropriate timeframe and provide these details to the customer. HISP must have a defined process and set of policies for testing and deploying production updates to ensure compliance with Service Level Agreements. Account Configuration Specifications Customers who opt to use an existing mail client (e.g., Outlook, Thunderbird) must be able to set-up and configure their account on their own with the use of a configuration guide provided by the HISP Vendor. If additional help is required, the HISP Vendor must be able to provide assistance. Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 9 of 12

11 Requirement # Area Specification EC1 Configuration Guide HISP Vendors must provide a configuration guide to customers who want to manually setup their accounts in the web-based mail client provided by the HISP and desktopbased mail clients such as Outlook. EC2 Technical Support HISP Vendors will provide technical support to those customers who require additional assistance when configuring their accounts. EC3 Account Administration HISP Vendors must provide customers with online access to mailbox and account management. Best Practice Compliance Specifications AzHeC is committed to upholding local and national standards through the Arizona HIE Marketplace to ensure that privacy and security measures are established and maintained for patient data. To ensure vendors are upholding industry standards, AzHeC is issuing a series of specifications around data security. Requirement # Area Specification BP1 BP2 Best Practice Compliance Best Practice Compliance HISP Vendors must follow HISP Best Practices in regard to HIPAA and Legal Agreements, Security, and Transparency and Data Handling/Retention as recommended by HISP Best Practices at HISP Vendors must include all data collection, use, retention and disclosure policies (including rights reserved but not exercised) in BAAs or other service agreements. HISP Vendors must minimize data collection, use, retention, and disclosure to that minimally required to meet the level of service required of the HISP by the customer. Minimal use may require retention of data for security, audit, Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 10 of 12

12 BP3 BP4 Best Practice Compliance Best Practice Compliance logging, and other required operation; such use must be included in BAAs and service agreements, and must capture the minimal amount of data to fulfill those requirements. Audit logs containing: (1) Sent messages and (2) Failed messages are acceptable and expected. HISP Vendors agree to adopt new industry-consensus approved best practices with respect to HISP rules of the road. HISP Vendors agree to work with AzHeC to ensure ongoing compliance with best practices. Direct Directory Specifications The HISP Vendor agrees to provide AzHeC and the State of Arizona s State-Level Directory Services (Provider Directory) vendor/organization with their directory of Direct addresses in the specified format. This ongoing procurement is being led by the State of Arizona and a vendor/organization is expected to be selected late in March/April Requirement # Area Specification DD1 Directory Vendor agrees to provide AzHeC and the State of Arizona, and the State of Arizona s Directory Services vendor with Direct addresses in the format of a Microsoft Excel spreadsheet on a monthly basis. DD2 Directory At a minimum, HISP vendors will provide directory information to AzHeC, the State of Arizona, and the State of Arizona s Directory Services vendor in the following format: Column 1: Provider Last Name Column 2: Provider First Name Column 3: Provider NPI Column 4: Organization Column 5: Organization Tax ID # (TIN) Column 6: Department Column 7: Organization Affiliation Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 11 of 12

13 Column 8: Provider Location (City) Column 9: Provider Location (State) Column 10: Direct Address Column 11: HISP Vendor Name Arizona HIE Marketplace_Requirements and Specifications_ HISP_Rolling_Application-Page 12 of 12

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

Account Restrictions Agreement [ARA] - Required by LuxSci HIPAA Accounts

Account Restrictions Agreement [ARA] - Required by LuxSci HIPAA Accounts Medical Privacy Version 2015.04.13 Account Restrictions Agreement [ARA] - Required by LuxSci HIPAA Accounts In order for Lux Scientiae, Incorporated (LuxSci) to ensure the security and privacy of all Electronic

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

I. Purpose. Applicability of Policies. NATE-Policy #3.c.1

I. Purpose. Applicability of Policies. NATE-Policy #3.c.1 Subject: NATE-QE Eligibility Criteria for: Policy #: 3.c.1 Provider to Provider for Treatment Trust Profile (P2P4Tx) Status: Approved Approved/Authorized By: NATE Board of Directors Date Approved: 10/29/2013

More information

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information Within the healthcare industry, the exchange of protected health information (PHI) is governed by regulations

More information

Participation Agreement Medicaid Provider Program

Participation Agreement Medicaid Provider Program Participation Agreement Medicaid Provider Program PLEASE FAX THE FOLLOWING PAGES #4, #7, #8, #14, #15 211 Warren Street Newark, NJ 07103 PHONE: 973-642-4777 FAX: 973-645-0457 E-mail: info@njhitec.org www.njhitec.org

More information

REQUEST FOR INFORMATION (RFI) Health Interface Engine Solution

REQUEST FOR INFORMATION (RFI) Health Interface Engine Solution City of Philadelphia Department of Public Health 1401 JFK Blvd Suite 600 Philadelphia, PA 19102 REQUEST FOR INFORMATION (RFI) This document contains a Request for Information (RFI) for an interface engine

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

The CIO s Guide to HIPAA Compliant Text Messaging

The CIO s Guide to HIPAA Compliant Text Messaging The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially

More information

MaxMD 2200 Fletcher Ave. 5 th Floor Fort Lee, NJ (201) 963 0005 www.max.md www.mdemail.md support@max.md Page 1of 10

MaxMD 2200 Fletcher Ave. 5 th Floor Fort Lee, NJ (201) 963 0005 www.max.md www.mdemail.md support@max.md Page 1of 10 Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the MaxMD Customer signee is a Covered Entity or "HIPAA Business Associate," as defined below.

More information

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE THIS AGREEMENT, effective, 2011, is between ( Provider Organization ), on behalf of itself and its participating providers ( Providers

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

NJ-HITEC PARTICIPATION AGREEMENT FOR MEDICAID SPECIALISTS

NJ-HITEC PARTICIPATION AGREEMENT FOR MEDICAID SPECIALISTS NJ-HITEC PARTICIPATION AGREEMENT FOR MEDICAID SPECIALISTS The undersigned practice (the Practice ) and participating providers (each, a Provider, and collectively, Providers ) presently intend to become

More information

Model Business Associate Agreement

Model Business Associate Agreement Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model

More information

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014 OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2 Linda Sanches, MPH Senior Advisor, Health Information Privacy HCCA Compliance Institute March 31, 2014 Agenda Background Audit Phase

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

Business Associate Considerations for the HIE Under the Omnibus Final Rule

Business Associate Considerations for the HIE Under the Omnibus Final Rule Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair Agenda Who is

More information

This form may not be modified without prior approval from the Department of Justice.

This form may not be modified without prior approval from the Department of Justice. This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

VAULTIVE & MICROSOFT: COMPLEMENTARY ENCRYPTION SOLUTIONS. White Paper

VAULTIVE & MICROSOFT: COMPLEMENTARY ENCRYPTION SOLUTIONS. White Paper COMPLEMENTARY ENCRYPTION SOLUTIONS White Paper Table of Contents Section I: Vaultive & Microsoft: Complementary Encryption Solutions... 2 Section II: Vaultive is a Microsoft ISV Partner... Appendix A:

More information

Quality is Advantage

Quality is Advantage Quality is Advantage Microsoft Exchange Server 2013 Configuring Course duration: 32 academic hours Exam Code: 70-662 This course is designed for novice IT specialists, who wish to master maintenance and

More information

POLICIES AND PROCEDURES. TOPIC: Patient Accounting of Disclosures DOCUMENT NUMBER: 900. EFFECTIVE DATE: January 30, 2014 I. BACKGROUND AND PURPOSE

POLICIES AND PROCEDURES. TOPIC: Patient Accounting of Disclosures DOCUMENT NUMBER: 900. EFFECTIVE DATE: January 30, 2014 I. BACKGROUND AND PURPOSE POLICIES AND PROCEDURES TOPIC: Patient Accounting of Disclosures DOCUMENT NUMBER: 900 EFFECTIVE DATE: January 30, 2014 I. BACKGROUND AND PURPOSE The purpose of this policy is to recognize and accommodate

More information

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS

CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS CMA BUSINESS ASSOCIATE AGREEMENT WITH CMA MEMBERS Dear Physician Member: Thank you for contacting the California Medical Association and thank you for your membership. In order to advocate on your behalf,

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

2400 - Implementing and Managing Microsoft Exchange Server 2003

2400 - Implementing and Managing Microsoft Exchange Server 2003 2400 - Implementing and Managing Microsoft Exchange Server 2003 Introduction This five-day, instructor-led course provides students with the knowledge and skills that are needed to update and support a

More information

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE Infinedi HIPAA Business Associate Agreement This Business Associate Agreement ( Agreement ) is entered into this day of, 20 between ( Company ) and Infinedi, LLC, a Limited Liability Corporation, ( Contractor

More information

Request for Proposal (RFP) Supporting Efficient Care Coordination for New Yorkers: Bulk Purchase of EHR Interfaces for Health Information

Request for Proposal (RFP) Supporting Efficient Care Coordination for New Yorkers: Bulk Purchase of EHR Interfaces for Health Information Request for Proposal (RFP) Supporting Efficient Care Coordination for New Yorkers: Bulk Purchase of EHR Interfaces for Health Information ISSUE DATE: April 10, 2013 RESPONSE DUE DATE: May 3, 2013 Region:

More information

HEALTH IT! LAW & INDUSTRY

HEALTH IT! LAW & INDUSTRY A BNA, INC. HEALTH IT! LAW & INDUSTRY Meaningful Use REPORT VOL. 2, NO. 15 APRIL 12, 2010 BNA Insights: Toward Achieving Meaningful Use: HHS Establishes Certification Criteria for Electronic Health Record

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Voice Documentation in HIPAA Compliance

Voice Documentation in HIPAA Compliance Voice Documentation in HIPAA Compliance An OAISYS White Paper Americas Headquarters OAISYS 7965 South Priest Drive, Suite 105 Tempe, AZ 85284 USA www.oaisys.com (480) 496-9040 CONTENTS 1 Introduction 2

More information

Direct Secure Messaging. Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion

Direct Secure Messaging. Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion Direct Secure Messaging Communicating in the Healthcare World Andy Nieto, Health IT Strategist, DataMotion Agenda Email and Direct in healthcare, a little history So what is Direct, really Certificates

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and

More information

Microsoft Exchange 2013 Ultimate Bootcamp Your pathway to becoming a GREAT Exchange Administrator

Microsoft Exchange 2013 Ultimate Bootcamp Your pathway to becoming a GREAT Exchange Administrator Microsoft Exchange 2013 Ultimate Bootcamp Your pathway to becoming a GREAT Exchange Administrator Introduction Microsoft Exchange with its inherent high level of security features, improved assistant,

More information

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors

Policy #: HEN-005 Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors TITLE: Access Management Policy #: Effective Date: April 4, 2012 Program: Hawai i HIE Revision Date: July 17, 2013 Approved By: Hawai i HIE Board of Directors Purpose The purpose of this policy is to describe

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use

Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?

More information

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate? HIPAA Information Who does HIPAA apply to? HIPAA applies to all Covered Entities (entities that collect, access, use and/or disclose Protected Health Data (PHI) and are subject to HIPAA regulations). What

More information

Additional services are also available according to your specific plan configuration.

Additional services are also available according to your specific plan configuration. THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. I. Service Definition SMS (Company) will provide You with Hosted Exchange and other Application Services

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10 Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between

More information

Health Record Banking Alliance White Paper

Health Record Banking Alliance White Paper Health Record Banking Alliance White Paper A Proposed National Infrastructure for HIE Using Personally Controlled Records January 4, 2013 Table of Contents Executive Summary...3 I. Overview...5 II. Architectural

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013.

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Business Associates have been part of the focus of the HIPAA regulations since 2003 when the privacy rule went

More information

Practical Guidance to Implement Meaningful Use Stage 2. Secure Health Transport for Certification and Meaningful Use

Practical Guidance to Implement Meaningful Use Stage 2. Secure Health Transport for Certification and Meaningful Use Practical Guidance to Implement Meaningful Use Stage 2 1. Introduction Association Standards and Interoperability Workgroup Meaningful Use (MU) Stage 2 introduces three transport standards for use in healthcare

More information

STANDARD ADMINISTRATIVE PROCEDURE

STANDARD ADMINISTRATIVE PROCEDURE STANDARD ADMINISTRATIVE PROCEDURE 16.99.99.M0.26 Investigation and Response to Breach of Unsecured Protected Health Information (HITECH) Approved October 27, 2014 Next scheduled review: October 27, 2019

More information

FAQ: HIPAA AND CLOUD COMPUTING (v1.0)

FAQ: HIPAA AND CLOUD COMPUTING (v1.0) FAQ: HIPAA AND CLOUD COMPUTING (v1.0) 7 August 2013 Cloud computing outsourcing core infrastructural computing functions to dedicated providers holds great promise for health care. It can result in more

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

Paladin Computers Privacy Policy Last Updated on April 26, 2006

Paladin Computers Privacy Policy Last Updated on April 26, 2006 Paladin Computers Privacy Policy Last Updated on April 26, 2006 At Paladin Computers ( Service Provider ), we respect our Users and Clients right to privacy with regards to the use of their email and our

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

- Procedures for Administrative Access

- Procedures for Administrative Access HIPAA/HITECH Act Implementation Guidance for Microsoft Office 365 from GoDaddy HIPAA 1 and the HITECH 2 Act are U.S. laws that govern the security and privacy of personally identifiable health information

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

CCMS Software Provider Business Assurance Statement Deed Poll

CCMS Software Provider Business Assurance Statement Deed Poll CCMS Software Provider Business Assurance Statement Deed Poll I, the of (Name of CCMS Software Provider s representative) (insert position/title) ( the Software Provider ), (insert legal entity name and

More information

Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

District of Columbia Health Information Exchange Policy and Procedure Manual

District of Columbia Health Information Exchange Policy and Procedure Manual District of Columbia Health Information Exchange Policy and Procedure Manual HIPAA Privacy & Direct Privacy Policies (Version 1 November 27, 2012) Table of Contents Policy # Policy/Procedure Description

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT Please complete the following and return signed via Fax: 919-785-1205 via Mail: Aesthetic & Reconstructive Plastic Surgery, PLLC 2304 Wesvill Court Suite 360 Raleigh, NC 27607

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Course Syllabus. Implementing and Managing Microsoft Exchange Server 2003. Key Data. Audience. Prerequisites

Course Syllabus. Implementing and Managing Microsoft Exchange Server 2003. Key Data. Audience. Prerequisites Course Syllabus Key Data Product #: 1947 Course #: 2400 Number of Days: 5 Format: Instructor-Led Certification Exams: 70-284 This course helps you prepare for the following Microsoft Certified Professional

More information

Course Outline: Course 10165: Updating Your Skills from Microsoft Exchange Server 2003 or Exchange

Course Outline: Course 10165: Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Course Outline: Course 10165: Updating Your Skills from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010 Learning Method: Instructor-led Classroom Learning Duration: 5.00

More information

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ).

THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). I. Service Definition. Exchange My Mail will provide Hosted Exchange and other Application Services

More information

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 -------------- w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

EXCHANGE SERVER 2013 MESSAGING

EXCHANGE SERVER 2013 MESSAGING EXCHANGE SERVER 2013 MESSAGING WINDOWS SERVER 2012, 70-341, 70-342 Module-1: Introduction to Windows Server 2012 Overview of Windows Sever 2012 Installing Windows Server 2012 Configuring Windows Server

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

Customer Success Story. Health Unity. Health Unity and ClearDATA partner to help a large IDN achieve Meaningful Use

Customer Success Story. Health Unity. Health Unity and ClearDATA partner to help a large IDN achieve Meaningful Use Customer Success Story Health Unity Health Unity and ClearDATA partner to help a large IDN achieve Meaningful Use Page 2 of 5 Health Unity and ClearDATA Partner to Help a Large IDN Achieve Meaningful Use

More information

ehealth Vendor Workgroup: Transitions of Care March 20, 2014 12:00 PM ET

ehealth Vendor Workgroup: Transitions of Care March 20, 2014 12:00 PM ET ehealth Vendor Workgroup: Transitions of Care March 20, 2014 12:00 PM ET Topics / Agenda ToC Measure / CEHRT Review Direct: Edge Protocols Transaction counting / delivery notifications MU2 ToC Connect-A-Thon

More information

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 The City of Philadelphia is a Covered Entity as defined in the regulations

More information

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help

HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

exchange@pam email archiving at its best

exchange@pam email archiving at its best exchange@pam email archiving at its best Whitepaper exchange@pam and Microsoft Exchange Server 2007 C O N T E N T exchange@pam and Microsoft Exchange Server 2007 What s new in the latest Microsoft Exchange

More information

EDI REGISTRATION FORM Blue Cross of Idaho 3000 E Pine Ave Meridian, Id 83642 Fax 208-331-7203

EDI REGISTRATION FORM Blue Cross of Idaho 3000 E Pine Ave Meridian, Id 83642 Fax 208-331-7203 DATE: EDI REGISTRATION FORM Blue Cross of Idaho 3000 E Pine Ave Meridian, Id 83642 Fax 208-331-7203 Enrollments will be completed with 5-7 Business Days from Date Received Business Name: Provider Information:

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. The terms and conditions of this document entitled Business Associate Agreement ( Business Associate Agreement ), shall be attached to and incorporated by reference in the

More information

Astaro Mail Archiving Getting Started Guide

Astaro Mail Archiving Getting Started Guide Connect With Confidence Astaro Mail Archiving Getting Started Guide About this Getting Started Guide The Astaro Mail Archiving Service is an archiving platform in the form of a fully hosted service. E-mails

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA

AHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA AHLA B. HIPAA Compliance Audits Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA Anna C. Watterson Davis Wright Tremaine LLP Washington, DC Fraud

More information

Tackling the Information Protection Essentials of Health Information Exchange. Carol Diamond, MD, MPH Managing Director, Markle Foundation

Tackling the Information Protection Essentials of Health Information Exchange. Carol Diamond, MD, MPH Managing Director, Markle Foundation Tackling the Information Protection Essentials of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation Connecting for Health A Public Private Collaborative Convened and

More information