HIPAA PRIVACY AND EDI RULES

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "HIPAA PRIVACY AND EDI RULES"

Transcription

1 The Health and Human Services (HHS) issued final HIPAA privacy regulations on August 14, These rules govern how individually identifiable medical information must be protected. HIIPAA also requires national standards for electronic health care transactions, code standards, and national identifiers for healthcare plans, providers and clearinghouses. The intent of these standards is to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange (EDI) in health care. Finally, HIPAA requires that security standards be established for the protection of electronic health information. Final rules implementing these standards are expected to be issued later this year. Following is a brief overview of the HIPAA privacy rules and EDI rules that may impact plan sponsors, plan administrators, and health plans. WHAT SHOULD AN EMPLOYER DO? 1. Determine plans subject to the HIPAA privacy rules (see Section I-A and B, Covered Entities, on page 1). 2. Determine plans subject to the EDI rules (see Section I-A and B, Covered Entities, on page 1 and Section III, Overview of EDI Rules, on page 8). Determine whether the insurer or third party administrator (TPA) is handling the EDI transactions, including the extension request, for the health plan. Is an EDI extension necessary, and if so, has one been requested by the insurer or TPA? (see Section III-B, Compliance Date, on page 8). 3. Determine what PHI you will receive (see Section II-A, Protected Health Information, on page 2). 4. Determine your obligation with each health plan, i.e., plan sponsor or plan administrator (see Section II-D, Employer Functions, on page 2). 5. Determine your role with each type of health plan that you sponsor (see Section II-G, Employer Obligations by Employer Role/Plan Type, on page 7). 6. Determine employees involved in health plan functions and provide privacy training to these employees, if required (see Section II-E(4), Privacy Training, on page 4). 7. Determine vendors who will receive PHI (see Section II-E(3), Business Associate Agreements, on page 4). I. COVERED ENTITIES Entities covered by the HIPAA privacy and EDI rules include health care providers, health care clearinghouses, and health plans. A. TYPES OF PLANS SUBJECT TO HIPAA PRIVACY AND EDI RULES Health plans subject to the HIPAA privacy and EDI rules are individual and group health plans, including: 1. Insured and self-funded health plans, such as comprehensive medical plans, dental plans, vision plans, employee assistance plans, and flexible spending accounts (FSAs) 2. Multiple employer welfare arrangements (MEWAs) 3. Long-term care policies 4. Government plans, such as the Federal Employees Health Benefit Program, CHAMPUS, Medicare, Medicaid, and the Indian Health Service Program 5. State high-risk pools

2 B. PLANS EXEMPT FROM HIPAA PRIVACY AND EDI RULES Self-administered health plans with fewer than 50 participants are exempt from the HIPAA privacy rules. For this purpose, participant means an employee, excluding dependents. The under-50 participant plan exception would primarily apply to flexible spending accounts that are administered by the employer. It is important to note that if a plan wraps multiple components into one plan, such as disability, life, etc., those components otherwise exempt from HIPAA would become subject to HIPAA. II. OVERVIEW OF HIPAA PRIVACY RULES A. PROTECTED HEALTH INFORMATION Protected health information (PHI) includes any individually identifiable medical information maintained in any form, including oral communications, that: 1. Is created or received by a covered entity or employer; 2. Relates to an individual's physical or mental condition, the provision of health care services to such individual, or the payment for such health care services; or 3. Identifies the individual or creates a reasonable basis to believe that such information could be used to identify the individual. B. DISCLOSURE OF PHI The final regulations do provide some limited disclosure of PHI to plan sponsors for plan operation purposes. Specifically, enrollment and disenrollment information can be disclosed to the plan sponsor, even though it is PHI. Enrollment and disenrollment information includes such components as: names of participants and covered dependents, covered plan choices, and premium amounts. In addition, PHI can be disclosed to business associates or other health plans, such as insurers or HMOs, for purposes of obtaining proposals, or for otherwise placing the business. C. EMPLOYMENT RECORDS Medical information received for employment purposes, and not for health plan purposes, is not PHI. This means that medical information that an employer receives relating to pre-employment physicals, drug tests, fitness-for-duty information, medical information for FMLA purposes, etc., is not subject to the HIPAA privacy rules, though, other confidentiality requirements may govern how this information must be handled. D. EMPLOYER FUNCTIONS 1. Plan Sponsorship includes: a. Plan establishment b. Plan amendment, modification, and termination c. Enrollment and disenrollment in the plan d. Marketing the plan 2

3 2. Plan Administration includes: a. Plan operation activities, such as claims assistance, claims processing, plan audits, quality assurance b. Other operational functions E. HIPAA ADMINISTRATIVE REQUIREMENTS A covered entity must establish policies and procedures that are regularly followed to ensure protection of PHI. Steps to be taken include: 1. Appoint a Privacy Officer a. Designate a privacy officer responsible for developing and implementing privacy policies and procedures to ensure compliance with HIPAA. b. Designate a contact person for privacy inquiries and complaints. This person can be the privacy officer. 2. Privacy Policy Prepare a written notice of your privacy policies and procedures, i.e., a privacy policy. The privacy policy should describe the types of uses and disclosure of PHI by the covered entity. This privacy policy can be designed in a manner such that a short summary policy is followed by a more detailed explanation of the entity s privacy practices. a. Contents of Privacy Policy. Elements of a privacy policy include: 1. A required header: This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. 2. A description of the types of uses and disclosures by the covered entity for purposes of treatment, payment and health care operations. 3. A description of other purposes for which the covered entity is permitted or required to use or disclose PHI without the individual s authorization, including any use or disclosure that is prohibited or materially limited by other applicable law. 4. A statement that other uses or disclosures will be made only with the individual s written authorization. 5. A statement that the group health plan or HMO may disclose PHI to the plan sponsor, if applicable. 6. A statement of the individual s rights regarding PHI (see Rights of Individuals in Section II-F on page 6). 7. A statement that the covered entity is required to maintain the privacy of PHI and provide individuals with notice of its legal duties and privacy practices. 8. A statement that the covered entity has the right to change the terms of its privacy policy and how it will notify individuals of any change. 9. A statement that individuals may complain to the Secretary of HHS if they believe their privacy rights have been violated and include a description of how to file a complaint. 10. The name and telephone number of the person or office to contact for further information. 3

4 b. Distributing Privacy Policy 1. The privacy policy must be provided to participants upon: A. The applicability date of the HIPAA privacy rules (see Section II-I, Applicability Date, on page 7), or, if later, B. The date the individual becomes covered under the plan. 2. Every three years thereafter, the covered entity must give participants notice of the right to obtain the entity s privacy policy. 3. In addition, the privacy policy must be distributed within 60 days of any material change in the privacy policy. 4. ELECTRONIC DISTRIBUTION A. A covered entity that maintains a website that contains customer service or benefit information must post its privacy notice on its website, and make a copy of the policy available through the website. B. A privacy policy can be delivered electronically to individuals, as long as certain conditions are satisfied. 3. Business Associate Agreements Enter into business associate agreements with service providers, including third party administrators (TPAs), premium administrators, accountants, attorneys, consultants, utilization review entities and any other entity that engages in a function governed by HIPAA, or having access or using PHI. The intent of this provision is to ensure that business associates would likewise provide safeguards to PHI. The final privacy rules include sample contract language that can be used in business associate agreements. It is important for entities to carefully review this sample language to ensure its appropriateness in respect to the business associate relationship. According to the final regulations, if a written agreement exists between the health plan and the business associate prior to October 15, 2002, and if that agreement is not modified prior to April 14, 2003, the business associate agreement need not be formally entered into until the earlier of the date the agreement between the parties is modified, or, April 14, Nevertheless, both the covered entity and the business associate must comply with the spirit of the HIPAA privacy rules. This means that individually identifiable medical information must be protected. Only those with specific business reasons relating to the medical information may have access to the PHI. 4. Privacy Training Provide privacy training to all members of your workforce who would have access to PHI, including employees and non-employees. The initial training must be completed by the date on which the privacy rules become applicable to the covered entity (see applicability date, below). After that date, a covered entity would have to provide training to new members of the workforce within a reasonable time after joining the entity. In addition, when a covered entity makes a material change in its privacy policy or procedure, it 4

5 is required to retrain those members of the workforce whose duties are affected by the change, within a reasonable time of making the change. Training Certification. Upon completion of the training, the trainee is required to sign a statement certifying that he/she received the privacy training and would honor all of the entity s privacy policies and procedures. Each workforce member is required to sign a new statement every three years certifying that he/she would continue to honor the entity s privacy policies. Such certification is kept by the entity to document compliance with the privacy training provisions. 5. Implement Administrative, Technical and Physical Safeguards of PHI These might include firewalls to protect electronic data, locked file cabinets or other storage for paper records, shredding records that are no longer necessary, and limiting access to those who have a need to know. 6. Amend Plan Document to ensure confidentiality, and provide certification to the insurer that it agrees to certain terms and conditions in the use and disclosure of PHI including: a. Not using or disclosing PHI other than as permitted or required by the plan document, or by law. It must also ensure that any of its agents or subcontractors to whom the sponsor provides PHI will likewise agree to the same restrictions. b. Not using or disclosing PHI for employment-related actions. c. Providing an accounting of its disclosures, and report any inconsistent uses or disclosures of PHI. d. Providing individuals access to their PHI. e. Returning or destroying all PHI when no longer needed. f. Ensuring appropriate firewalls have been established for protecting PHI. 7. Individual s Right to Inspect, Review and Copy PHI. Establish a procedure that allows individuals to review and make changes to his/her PHI (see Section II-F, Rights of Individuals, on page 6). 8. Develop Policies and Authorization Forms for Obtaining Participant Authorization to Release PHI. If PHI is used for purposes of payment, treatment or health plan operations, then a written authorization to release PHI is not required. However, if PHI is used for other purposes, such as releasing information to an employer, managing other benefit plans not subject to HIPAA, such as disability plans, or for marketing or disease management activities, then a written authorization must be obtained from the individual to release such information. Contents of a Valid Authorization. Elements of a valid authorization include: a. Description of the information to be used or disclosed, and the purpose for its use or disclosure. 5

6 b. Name or other identification of the party releasing the information, as well as identifying the party requesting the information. c. Expiration date of the authorization. d. Signature of the individual and date. e. A statement regarding the individual s right to revoke the authorization. Covered entities are prohibited from conditioning payment, treatment, or enrollment and eligibility for benefits upon the individual s signing the authorization. 9. Review Current Record Retention Policies. The HIPAA record retention requirement provides that records must be kept for six years from the later of: 1) the date it was created, or 2) the date it is last affected. ERISA generally requires that records be kept six years beyond the year of creation (seven years). A good rule of thumb is that records be kept for seven years. 10. Establish a Complaint Process for individuals to make complaints concerning the covered entity s privacy policies and procedures. 11. Establish Sanctions for Violation of Privacy Policies and Procedures. A covered entity must have appropriate sanctions against members of its workforce who fail to comply with its privacy policies and procedures. 12. Establish a Mitigation Policy. A covered entity must mitigate, to the extent practicable, any harmful effect that is known to the covered entity of a use or disclosure of PHI in violation of its policies and procedures by the covered entity, or by its business associate. 13. Establish a Non-Retaliation Policy. A covered entity may not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against an individual who: a. Exercises his/her privacy rights. b. Files a complaint. c. Participates in an investigation or compliance review. d. Oppose an entity s privacy policy if he/she has a good faith belief that it is unlawful. 14. Establish a Non-Waiver of Rights Policy. A covered entity cannot require individuals to waive their right to file a complaint as a condition for treatment, payment, enrollment in a health plan, or eligibility for benefits. F. RIGHTS OF INDIVIDUALS Under the HIPAA privacy rules, individuals have the following rights relating to PHI: 1. Right to receive a copy of the entity s privacy policy. 2. Right to access, inspect, and copy an individual s PHI contained in a designated record set. A designated record set means a group of records maintained by, or for a covered entity, that is: a. The medical records and billing records about individuals maintained by a covered health care provider; 6

7 b. The enrollment, payment, claims adjudication, and case or medical management record systems maintained by a health plan; or c. Used, in whole or in part, by or for the covered entity to make decisions about individuals. 3. Right to request amendment of incomplete information in a designated record set. 4. Right to an accounting of disclosure of PHI. 5. Right to request restrictions on disclosure of PHI. 6. Right to file a complaint with HHS or health plan. G. EMPLOYER OBLIGATIONS BY EMPLOYER ROLE/PLAN TYPE TYPE OF PLAN FUNCTION INFORMATION OBLIGATIONS Fully Insured Fully Insured Selffunded All administrative requirements in Sections II-E(1)-(14) except: 1. Amending the plan document [Section II-E(6)] 2. Providing compliance certification to group health plan [Section II- E(6)]. Selffunded Plan Sponsor Only Plan Sponsor/Plan Administrator Plan Sponsor Only Plan Sponsor/Plan Administrator Receives summary health information only Receives PHI Receives summary health information only Receives PHI 1. Non-waiver of rights [Section II- E(14)] 2. Non-retaliation in administrative functions. [Section II-E(13)] Insurer accomplishes all other administrative functions described above in Sections II-E (1)-(12). 1. All administrative requirements in Sections II-E (1) (14) 2. Rights of individuals [Section II-F] 1. All administrative requirements in Sections II-E(1)-(14). 2. Rights of individuals [Section II-F] H. INTERPLAY WITH STATE PRIVACY LAWS The HIPAA privacy rules are designed to enhance the protections afforded by many existing state privacy laws. Therefore, the federal privacy rules will preempt state law to the degree of greater protection of privacy. Conversely, federal law is superseded if a state privacy law provides more stringent privacy provisions. I. APPLICABILITY DATE OF PRIVACY RULES The rules become applicable on April 14, Small plans have until April 14, 2004 to comply with the rules. A small health plan is a plan with $5 million or less in annual receipts. This is determined as follows: For an insured plan, annual receipt is determined by premiums paid in the preceding fiscal year. For a self-funded plan, this means claims paid in the preceding fiscal year. If the employer has a combined insured and self-funded plan, the employer adds premium and claims paid to determine receipts. 7

8 HIPAA PRIVACY AND EDI RULES If stop loss insurance is held by the employer and not by plan to reimburse the employer for its expenses, it would appear that the premium for the stop loss insurance would not be included in the calculation of annual receipt. III. OVERVIEW OF EDI RULES A. ESTABLISHMENT OF NATIONAL STANDARDS The EDI rules govern electronic transactions between health plans (as defined in Section I-A on page 1), providers, and health care clearinghouses. Examples of administrative and financial health care transaction standards include: 1. Health claims and equivalent encounter information 2. Enrollment and disenrollment in a health plan 3. Eligibility for a health plan 4. Health care payment and remittance advice 5. Health plan premium payments 6. Health claim status 7. Referral certification and authorization 8. Coordination of benefits A health plan that neither currently, nor in the future, intends to engage in electronic transactions, then such plan would not be subject to these rules. B. COMPLIANCE DATE All health plans (as defined in Section I-A on page 1) must comply with the EDI rules by October 16, 2002, unless: 1. The plan is a small health plan (as defined in Section II-I on page 7), or, 2. A compliance extension is filed with the Centers for Medicare & Medicaid Services (CMS) no later than October 15, The extension is a simple, non-binding questionnaire that can be filed electronically through the CMS Web site ( IV. PENALTIES FOR HIPAA PRIVACY AND EDI VIOLATIONS Health plans, providers and clearinghouses that violate the privacy or EDI standards could be subject to civil penalties of $100 per incident, up to $25,000 per person, per year, per standard. Criminal penalties, including fines and imprisonment, may also be imposed. The information contained in this document is not intended to be legal, accounting, or other professional advice, nor are these comments directed to specific situations. 8

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and

ü Ensuring the privacy and security of personally identifiable health information (the Privacy and Security Rules); and Provided by Benefits By Choice HIPAA Rules: Privacy, Security and Electronic Data Interchange The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad federal law regarding health

More information

HIPAA. HIPAA and Group Health Plans

HIPAA. HIPAA and Group Health Plans HIPAA HIPAA and Group Health Plans CareFirst BlueCross BlueShield is the business name of CareFirst of Maryland, Inc. and is an independent licensee of the Blue Cross and Blue Shield Association. Registered

More information

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc. 2013 HIPAA Privacy and Security Frequently Asked Questions for Employers Gallagher Benefit Services, Inc. Disclaimer We share this information with our clients and friends for general informational purposes

More information

HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?

HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why? Chapter I HIPAA Overview HIPAA Compliance for Employers What is it? What is it supposed to do? Why should you care? Who does it apply to? What does it cover? Patricia C. Shea, Esq. 717.231.5870 2 What

More information

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP Important Disclaimer: Practice limited to labor and employment law on behalf of management and related litigation.

More information

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) HUMAN RESOURCES Index No. VI-35 PROCEDURES MEMORANDUMS TO: FROM: SUBJECT: MCC Personnel Office of the President Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance

More information

HIPAA Compliance Manual

HIPAA Compliance Manual HIPAA Compliance Manual HIPAA Compliance Manual 1 This Manual is provided to assist your efforts to comply with the federal privacy and security rules mandated under HIPAA and HITECH, specifically as said

More information

APPENDIX 1: Frequently Asked Questions

APPENDIX 1: Frequently Asked Questions APPENDIX 1: Frequently Asked Questions Practice Name Q: What is the HIPAA Privacy Rule? A: The HIPAA Privacy Rule controls the use and disclosure of what is known as Protected Health Information (PHI).

More information

HIPAA Privacy Summary for Self-insured Employer Groups

HIPAA Privacy Summary for Self-insured Employer Groups I. Overview HIPAA Privacy Summary for Self-insured Employer Groups The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures of

More information

HIPAA Privacy Overview

HIPAA Privacy Overview May 21, 2003 HIPAA Privacy Overview Presented to the California State University Agenda Introduction HIPAA privacy regulations HIPAA privacy impact on CSU Next steps/action items Mercer Human Resource

More information

Alert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements

Alert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements PROSKAUER ROSE LLP Client Alert HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements The U.S. Department of Health and Human Services published

More information

HIPAA Privacy Summary for Fully-insured Employer Groups

HIPAA Privacy Summary for Fully-insured Employer Groups HIPAA Privacy Summary for Fully-insured Employer Groups I. Overview The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

Executive Memorandum No. 27

Executive Memorandum No. 27 OFFICE OF THE PRESIDENT HIPAA Compliance Policy (effective April 14, 2003) Purpose It is the purpose of this Executive Memorandum to set forth the Board of Regents and the University Administration s Policy

More information

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL What is HIPAA? Comprehensive federal legislation regarding health insurance which is comprised of four key areas:

More information

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY Purpose: The following privacy policy is adopted to ensure that the Sarasota County Government Employee Medical Benefit Plan

More information

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity

More information

HIPAA Privacy Rule Primer for the College or University Administrator

HIPAA Privacy Rule Primer for the College or University Administrator HIPAA Privacy Rule Primer for the College or University Administrator On August 14, 2002, the Department of Health and Human Services ( HHS ) issued final medical privacy regulations (the Privacy Rule

More information

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction HIPAA Privacy Regulations-General The final HIPAA Privacy regulation was released on December 20, 2000 and was effective for compliance on April

More information

The HIPAA Privacy Rule: Overview and Impact

The HIPAA Privacy Rule: Overview and Impact The HIPAA Privacy Rule: Overview and Impact DISCLAIMER: This information is provided as is without any express or implied warranty. It is provided for educational purposes only and does not constitute

More information

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) Use and Disclosure of PHI: Protected Health Information ( PHI ) may not be used or disclosed in violation of the Health Insurance

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY 1 School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

HIPAA Privacy For our Group Customers and Business Partners

HIPAA Privacy For our Group Customers and Business Partners HIPAA Privacy For our Group Customers and Business Partners AmeriHealth HMO, Inc. AmeriHealth Insurance Company of New Jersey QCC Insurance Company, d/b/a AmeriHealth Insurance Company HIPAA, The Health

More information

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES SCHOOL DISTRICT OF BLACK RIVER FALLS 523.5 Exhibit NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how

More information

Frequently Asked Questions About the Privacy Rule Under HIPAA

Frequently Asked Questions About the Privacy Rule Under HIPAA Q-1: What is HIPAA? Frequently Asked Questions About the Privacy Rule Under HIPAA A: HIPAA is the Health Insurance Portability and Accountability Act (passed by Congress in 1996). The Privacy Rule was

More information

State of Florida Employees' Group Health Insurance Privacy Notice

State of Florida Employees' Group Health Insurance Privacy Notice This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. The Health Insurance Portability and Accountability

More information

Schindler Elevator Corporation

Schindler Elevator Corporation -4539 Telephone: (973) 397-6500 Mail Address: P.O. Box 1935 Morristown, NJ 07962-1935 NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU

More information

The MC Academy The Employee Benefits and Executive Compensation Series. HIPAA PRIVACY AND SECURITY The New Final Regulations

The MC Academy The Employee Benefits and Executive Compensation Series. HIPAA PRIVACY AND SECURITY The New Final Regulations The MC Academy The Employee Benefits and Executive Compensation Series HIPAA PRIVACY AND SECURITY The New Final Regulations June 18, 2013 Overview Background Recent Changes to HIPAA Identifying Business

More information

HIPAA CHECKLISTS DEVELOPING YOUR HIPAA DOCUMENTS PRACTICAL TOOLS AND RESOURCES. MASSACHUSETTS MEDICAL SOCIETY Getting Ready for

HIPAA CHECKLISTS DEVELOPING YOUR HIPAA DOCUMENTS PRACTICAL TOOLS AND RESOURCES. MASSACHUSETTS MEDICAL SOCIETY Getting Ready for MASSACHUSETTS MEDICAL SOCIETY Getting Ready for HIPAA BASIC ELEMENTS FOR COMPLIANCE WITH THE PRIVACY REGULATIONS CHECKLISTS Assess and Begin Your HIPAA Compliance Efforts DEVELOPING YOUR HIPAA DOCUMENTS

More information

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information RUTGERS POLICY Section: 100.1.9 Section Title: HIPAA Policies Policy Name: Standards for Privacy of Individually Identifiable Health Information Formerly Book: 00-01-15-05:00 Approval Authority: RBHS Chancellor

More information

Privacy Notice. The Plan s duties with respect to health information about you

Privacy Notice. The Plan s duties with respect to health information about you Privacy Notice Please carefully review this notice. It describes how medical information about you may be used and disclosed and how you can get access to this information. The Health Insurance Portability

More information

HIPAA Privacy and Business Associate Agreement

HIPAA Privacy and Business Associate Agreement HR 2011-07 ATTACHMENT D HIPAA Privacy and Business Associate Agreement This Agreement is entered into this day of,, between [Employer] ( Employer ), acting on behalf of [Name of covered entity/plan(s)

More information

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Date: June 1, 2014 Salt Lake Community College

More information

Plan Sponsor Guide HIPAA Privacy Rule

Plan Sponsor Guide HIPAA Privacy Rule Plan Sponsor Guide HIPAA Privacy Rule Plan Sponsor s Guide to the HIPAA Privacy Rule Compliments of Aetna 00.02.108.1A (5/05) Compliments of Aetna You have likely heard a great deal about the HIPAA Privacy

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996 HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title

More information

HIPAA Employee Training Guide. Revision Date: April 11, 2015

HIPAA Employee Training Guide. Revision Date: April 11, 2015 HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

HIPAA PRIVACY POLICIES AND PROCEDURES

HIPAA PRIVACY POLICIES AND PROCEDURES HIPAA PRIVACY POLICIES AND PROCEDURES FOR MOTT COMMUNITY COLLEGE NOVEMBER 18, 2004 PREPARED BY: KUSHNER & COMPANY 2427 WEST CENTRE AVENUE PORTAGE, MICHIGAN 49024 (269) 342-1700 WWW.KUSHNERCO.COM EMPLOYEE

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS 1. HIPAA Privacy Policies & Procedures Overview (Policy & Procedure) 2. HIPAA Privacy Officer (Policy & Procedure) 3. Notice of Privacy

More information

RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania 19007 (215) 785-3400 (215) 785-3401 (Fax) childproviderlaw.

RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania 19007 (215) 785-3400 (215) 785-3401 (Fax) childproviderlaw. RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania 19007 (215) 785-3400 (215) 785-3401 (Fax) childproviderlaw.com HIPAA The Health Insurance Portability and Accountability Act

More information

HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS

HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS HIPAA INFORMATION FOR METLIFE GROUP DENTAL and/or VISION INSURANCE CUSTOMERS Dear Group Dental and/or Vision Customer : This letter relates to privacy requirements contained in federal regulations under

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

January 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules

January 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules Employer Sponsored Group Health Plans and the HIPAA Privacy Rules Employers must be prepared for their obligations under the HIPAA Privacy Rules January 2003 Bob Radecki KnowHIPAA.com HIPAA-COBRA-FMLA

More information

Health Insurance Portability and Accountability Act. Policies and Procedures Compliance Manual. Human Resources. Ferris State University

Health Insurance Portability and Accountability Act. Policies and Procedures Compliance Manual. Human Resources. Ferris State University Health Insurance Portability and Accountability Act Policies and Procedures Compliance Manual Human Resources Ferris State University Introduction to Ferris State University s HIPAA Privacy Policies and

More information

HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA NOTICE OF PRIVACY PRACTICES HIPAA NOTICE OF PRIVACY PRACTICES Human Resources Department 16000 N. Civic Center Plaza Surprise, AZ 85374 Ph: 623-222-3532 // Fax: 623-222-3501 TTY: 623-222-1002 Purpose of This Notice This Notice describes

More information

HIPAA - - Basic Concepts and Implementation Roadmap

HIPAA - - Basic Concepts and Implementation Roadmap HIPAA - - Basic Concepts and Implementation Roadmap Prepared by: David Weiner dweiner@seyfarth.com Fredric Singerman fsingerman@dc.seyfarth.com Today s Agenda n Introduction of HIPAA Privacy and Electronic

More information

IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY

IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY IMPACT to EMPLOYER / PLAN SPONSOR of HIPAA PRIVACY As the Plan Sponsor/Employer you must contend with yet another federal requirement on your group health plans: the "Health Insurance Portability and Accountability

More information

The privacy rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) have been

The privacy rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) have been As Appeared in Benefits Law Journal Vol. 17, No. 1, Spring 2004 HIPAA Privacy Compliance: It s Time to Take It Seriously By Russell E. Greenblatt and Jeffrey J. Bakker, Katten Muchin Zavis Rosenman 2004

More information

Effective April 14, 2003

Effective April 14, 2003 Effective April 14, 2003 THE BOEING COMPANY GROUP HEALTH PLANS NOTICE OF PRIVACY PRACTICES This notice describes how health plan medical information about you may be used and disclosed and how you can

More information

HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4

HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS. Exhibit B Notice of Privacy Practices pages B-1 to B-4 HIPAA PRIVACY POLICY FOR OPTICAL LABS TABLE OF CONTENTS HIPAA Privacy Policy pages 2 to 12 Exhibit A HIPAA Privacy Regulations pages A-1 to A-89 Exhibit B Notice of Privacy Practices pages B-1 to B-4 Exhibit

More information

The California State University

The California State University The California State University HR 2004-22 PRIVACY NOTICE This notice describes how medical information about you may be used and disclosed and how you can access this information. Please review it carefully.

More information

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule. Introduction This course is on the federal HIPPA rule. HIPAA is the Health Insurance Portability and Accountability Act. It is the federal rule that sets standards for the protection of health information.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

GCD. Client Memorandum. What Every Employer Needs to Know About the HIPAA Privacy Rules. Gardner Carton & Douglas HR Law: Employee Benefits

GCD. Client Memorandum. What Every Employer Needs to Know About the HIPAA Privacy Rules. Gardner Carton & Douglas HR Law: Employee Benefits GCD Gardner Carton & Douglas HR Law: Employee Benefits Client Memorandum August 2002 What Every Employer Needs to Know About the HIPAA Privacy Rules By Timothy J. Stanton, Kathleen S. Scheidt, and Sarah

More information

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010

City of Pittsburgh Operating Policies. Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 City of Pittsburgh Operating Policies Policy: HIPAA Privacy Policies Original Date: 1/2005 and Procedures Revised Date: 3/22/2010 PURPOSE: To establish internal policies and procedures to ensure compliance

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

CHAPTER 7 BUSINESS ASSOCIATES

CHAPTER 7 BUSINESS ASSOCIATES CHAPTER 7 BUSINESS ASSOCIATES I. GENERAL RULE DMH may disclose Protected Health Information (PHI) to a Business Associate or allow it to create or receive PHI on DMH's behalf only if DMH obtains satisfactory

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

SUMMARY OF HIPAA PRIVACY RULES

SUMMARY OF HIPAA PRIVACY RULES SUMMARY OF HIPAA PRIVACY RULES I. Introduction The privacy rules regulate the use and disclosure of protected health information (PHI) by defining who is authorized to access PHI created or maintained

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

HIPAA FOR HUMAN RESOURCE EXECUTIVES. Stuart Miller, Esq. Gerry Hinkley, Esq. Davis Wright Tremaine LLP

HIPAA FOR HUMAN RESOURCE EXECUTIVES. Stuart Miller, Esq. Gerry Hinkley, Esq. Davis Wright Tremaine LLP HIPAA FOR HUMAN RESOURCE EXECUTIVES Stuart Miller, Esq. Gerry Hinkley, Esq. Davis Wright Tremaine LLP 1 COVERED ENTITY ANALYSIS Determine if employer is a Covered Entity (health care provider, health plan

More information

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices Notice of Privacy Practices Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project HIPAA Compliance And Participation in the National Oncologic Pet Registry Project Your facility has indicated its willingness to participate in the National Oncologic PET Registry Project (NOPR) sponsored

More information

BROWN RUDNICK BERLACK ISRAELS LLP. Group Health Plan Compliance with HIPAA and ERISA: NAVIGATING THE LEGAL AND

BROWN RUDNICK BERLACK ISRAELS LLP. Group Health Plan Compliance with HIPAA and ERISA: NAVIGATING THE LEGAL AND B R B I BROWN RUDNICK BERLACK ISRAELS LLP Group Health Plan Compliance with HIPAA and ERISA: NAVIGATING THE LEGAL AND ADMINISTRATIVE MAZE Q&A 2003 QUESTION AND ANSWER RESOURCE GUIDE Group Health Plan Compliance

More information

Entities Covered by the HIPAA Privacy Rule

Entities Covered by the HIPAA Privacy Rule Entities Covered by the HIPAA Privacy Rule Who Is A Covered Entity? HIPAA standards apply only to: Health care providers who transmit any health information electronically in connection with certain transactions

More information

Connecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement

Connecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement Connecticut Pipe Trades Health Fund Privacy Notice 2013 Restatement Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL 60446-1679 cpo@cbservices.org 800-807-0100

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL 60446-1679 cpo@cbservices.org 800-807-0100 Summary of Notice of Privacy Practices for Christian Brothers Prescription Drug Program Christian Brothers Services is the program sponsor of the Christian Brothers Prescription Drug Program (the Program

More information

HIPAA Privacy Compliance Manual

HIPAA Privacy Compliance Manual HIPAA Privacy Compliance Manual AgriPlan BizPlan COBRAToday DirectPay FlexSystem MAPP PHiEd 1 Purpose of this Manual This publication provides authoritative and accurate information regarding requirements

More information

The Plan s duties with respect to health information about you

The Plan s duties with respect to health information about you Privacy Notice This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. The Health Insurance Portability

More information

Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES

Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

HIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE

HIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE Important: Conducting an assessment of your health plan(s) is the first step to determining HIPAA compliance. You will need to conduct a separate assessment for each of your health plans. (Please be aware

More information

HIPAA Compliance Review

HIPAA Compliance Review HIPAA Compliance Review For HR and IT Presented by: Linda Railton, PHR HR Consultant Leavitt Group linda.railton@leavitt.com Discussion Points HIPAA Final Rule (effective March 26, 2013) Overview of HIPAA

More information

ELECTRONIC HEALTH RECORDS

ELECTRONIC HEALTH RECORDS ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,

More information

HIPAA Privacy Notice

HIPAA Privacy Notice HIPAA Privacy Notice This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This notice describes

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) dated as of the signature below, (the Effective Date ), is entered into by and between the signing organization

More information

HIPAA Policies and Procedures

HIPAA Policies and Procedures HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Health Insurance Portability and Accountability Act Privacy Policy

Health Insurance Portability and Accountability Act Privacy Policy COUNTY OF LEE - PERSONNEL POLICY Last Published Date: 07-01-2006 Health Insurance Portability and Accountability Act Privacy Policy Number: E-2 Revision: 0 Effective Date: 03-01-2010 Pages: 6 1.0 Policy

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

C.T. Hellmuth & Associates, Inc.

C.T. Hellmuth & Associates, Inc. Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.

More information

SDC-League Health Fund

SDC-League Health Fund SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: health@sdcweb.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION

More information

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred

More information

Covered Entity Charts

Covered Entity Charts Covered Entity Charts Guidance on how to determine whether an organization or individual is a covered entity under the Administrative Simplification provisions of HIPAA 2 Background: The Administrative

More information

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of

More information

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,

More information