Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
|
|
- Suzan Craig
- 8 years ago
- Views:
Transcription
1 Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1
2 DISCLAIMER Please review your own documentation with your attorney. This information is for reference and does not constitute rendering of legal advice. 2
3 Introduction Who are we and why are we here? Who are you and why are you here? 3
4 Protection of Information Confidentiality o Roman times more important to have a safe place to talk ore seek treatment than for the world to know what you talked about or sought treatment for Educational Records o Schools cannot share information without parental consent Medical Records o 1996 Medical records cannot be transmitted electronically without protection 4
5 FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT (FERPA) FERPA is intended to protect the privacy of educational records. No funds shall be made available to any educational agency which has a policy or practice of permitting the release of educational records without the written consent of parents Access to records by anyone other than a parent is restricted, absent parental consent, except in some circumstances (eg child is over 18). 5
6 FERPA What does it protect? Educational records, files or other documents that are directly related to a student. Examples include: Grades Class list Course schedules Financial records Disciplinary records 6
7 FERPA Who must comply? Any public or private educational institution which is the recipient of funds under any applicable program Organizations and individuals that contract, consult or are employed by an educational institution Any person employed by the agency 7
8 FERPA WHAT IS NOT COVERED BY FERPA Educational records do not include: o Access too other school employees in the same school with legitimate educational interests o Access to appropriate parties in connection with a health or safety emergency if knowledge is necessary to protect the health or safety of the student o Access to child protective serves for law enforcement as part of a child abuse report o Directory information o Oral communications o Student name o Address o Telephone number o Dates of attendance o Alumni records o University law enforcement records o Medical and mental health records 8
9 Where Do FERPA and HIPPA Intersect? When a school provides health care to students in the normal course of business, such as through its health clinic, it is also a health care provider as defined by HIPAA If a school also conducts any covered transactions electronically in connection with that health care, it is then a covered entity under HIPAA Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to Student Health Records 9
10 Health Information Portability And Accountability Act (HIPAA) 10
11 Let s Have Some Fun # efb4e2fb111 11
12 HIPAA Do You Need To Be Compliant? Are you a covered entity? Covered entity is an organization any Protected Health Information (PHI) in electronic form. There are two kind of clinicians those who are covered by HIPAA and those who think they aren t but really are. 12
13 HIPAA 13
14 HIPAA Protected Health Information (PHI) Name 5 digit ZIP codes All elements of dates for dates directly related to an individualage Telephone numbers Fax numbers Electronic mail addresses Social Security numbers Medical record numbers Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers and serial numbers, including license plate numbers Device identifiers and serial numbers Web Universal Resource Locators (URLs) Internet Protocol address numbers (IPs) Biometric identifiers, including finger and voice prints Full face photographic images and comparable images Any other unique identifying number, characteristic, or code 14
15 Privacy Rule The HIPAA Privacy Rule establishes national standards to protect individuals medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. SUMMARY OF THE PRIVACY RULE ary/index.html 15
16 Security Rule The HIPAA Security Rule establishes national standards to protect individuals electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. SUMMARY OF THE SECURITY RULE mary.html 16
17 HIPAA 3 SAFEGUARDS Physical o rative/securityrule/physsafeguards.pdf Administrative o rative/securityrule/adminsafeguards.pdf Information Technology (IT) o nding/special/healthit/ 17
18 Physical Establish reasonable and appropriate physical safeguards Who can access data and who cannot? How is that controlled? Do policies identify controls to prevent unauthorized physical access or theft? Are their policies to validate the person accessing data? How are workstation repairs handled? What happens when a computer is re-issued to another employee? eguards.pdf 18
19 Administrative Includes security measures to protect electronic protected health information and to manage the conduct of the covered entity s workforce in relation to the protection of that information Comprise over one-half of the HIPAA Security requirements How does EPHI flow through the organization and where are the risks? Do employees sign and adhere to a statement of security? Who can access what information and how are audits conducted? uards.pdf 19
20 Information Technology Privacy and Security Toolkit published by Health and Human Services Correction: the right to have their protected health information (PHI) amended Openness and Transparency: in the system Individual Choice: right to make medical decisions Collection, Use, and Disclosure Limitations Safeguarding of EPHI Accountability: measures in place to audit and report compliance 20
21 A Technology Case: WellPoint Medical (1) Beginning on October 23, 2009, until March 7, 2010, WellPoint did not adequately implement policies and procedures for authorizing access to ephi maintained in its web-based application database consistent with the applicable requirements of the Security Rule. (2) WellPoint did not perform an adequate technical evaluation in response to a software upgrade, an operational change affecting the security of ephi maintained in its web-based application database that would establish the extent to which the configuration of the software providing authentication safeguards for its web-based application met the requirements of the Security Rule. (3) Beginning on October 23, 2009, until March 7, 2010, WellPoint did not adequately implement technology to verify that a person or entity seeking access to ephi maintained in its web-based application database is the one claimed. (4) Beginning on October 23, 2009, until March 7, 2010, WellPoint impermissibly disclosed the ephi, including the names, dates of birth, addresses, Social Security Numbers, telephone numbers and health information, of approximately 612,000 individuals whose ephi was maintained in the web-based application database. Payment WellPoint agrees to pay HHS the amount of $1,700, ( Resolution Amount ) by electronic funds transfer on or before July 11, 2013, pursuant to written instructions to be provided by HHS. 21
22 HIPAA Compliance Gain general knowledge of HIPAA regulations. 75% of HIPAA compliance issues are human error/theft/data loss Visit for more information 22
23 23
24 HIPAA BUSINESS ASSOCIATES Counselors must enter into, or update, their Business Associate (BA) contracts. BA s are third party providers who receive PHI Examples of BA include contractors, subcontractors, billing services, document storage companies, cleaning/ maintenance companies business associates, etc. Visit the below for BA provisions: ing/coveredentities/contractprov.html 24
25 HIPAA NOTICE OF PRIVACY PRACTICES (NPP) This notice describes how medical information about clients may be used and disclosed and how clients can get access to this information. Effective date date you started your practice or the mandated date of compliance for an existing practice. Use and disclosure of Protected Health Information for the purposes of providing services. Providing treatment services, collecting payment and conducting healthcare operations are necessary activities for quality care. State and federal laws allow the entity to use and disclose health information for these purposes. 25
26 HIPAA NOTICE OF PRIVACY PRACTICES (NPP) TREATMENT: o Provide, manage and coordinate care o Consultants o Referral sources PAYMENT: o Verify insurance coverage o Process claims and collect fees HEALTHCARE OPERATIONS: o Review of treatment procedures o Review of business activities o Certification o Staff training o Compliance and licensing activities OTHER USE AND DISCLOSURES WITHOUT YOUR CONSENT: o Mandated reporting o Emergencies o Criminal damage o Appointment scheduling o Treatment alternatives o As required by law 26
27 HIPAA NPP CLIENT RIGHTS Right to request where we contact you Right to release medical records Right to inspect and copy medical billing records Right to add information or amend medical records Right to accounting of disclosures Right to request restrictions on uses and disclosures of healthcare information Right to complain Right to receive changes in policy 27
28 HIPAA NOTICE OF PRIVACY PRACTICES (NPP) You must give the NPP to a client before the initial session. You and the client keep the signed copies. You are required by HIPAA to provide a document that explains to potential clients how you and your practice will handle the release of confidential information. 28
29 29
30 HIPAA SAMPLE NPP Model Notices of Privacy Practices 30
31 Shasta Regional Medical Center (SRMC) A Case of NO Privacy Practices On January 6, 2012, HHS notified SRMC of its initiation of a compliance review of its facility to determine whether there was a failure to comply with the requirements of the Privacy Rule. HHS s compliance review was prompted by an article in the Los Angeles Times published on January 4, The article indicated that two of SRMC s senior leaders met with the media to discuss the medical services provided to a patient (the Affected Party) without a valid written authorization. a) From December 13 20, 2011, SRMC failed to safeguard the Affected Party s PHI from any impermissible intentional or unintentional disclosure on multiple occasions as described below. This failure was evidenced by the following facts: i) On December 13, 2011, SRMC sent a letter, through its parent company, to California Watch, responding to a story concerning Medicare fraud. The letter described the Affected Party s medical treatment and provided specifics about her lab results. SRMC did not have a written authorization from the Affected Party to disclose this information to this news outlet. ii) On December 16, 2011, two of SRMC s senior leaders met with The Record Searchlight s editor to discuss the Affected Party s medical record in detail. SRMC did not have a written authorization from the Affected Party to disclose this information to this newspaper. iii) On December 20, 2011, SRMC sent a letter to The Los Angeles Times, which contained detailed information about the treatment the Affected Party received. SRMC did not have a written authorization from the Affected Party to disclose this information to this newspaper. 31
32 A Case of NO Privacy Practices b) SRMC impermissibly used the affected party s PHI. This failure was evidenced by the following facts: i) On December 20, 2011, SRMC sent an to its entire workforce and medical staff, approximately individuals, describing, in detail, the Affected Party s medical condition, diagnosis and treatment. SRMC did not have a written authorization from the Affected Party to share this information with SRMC s entire workforce and medical staff. Payment Covered Entities agree to pay HHS the amount of Two Hundred and Seventy Five Thousand Dollars ($275,000.00) as the Resolution Amount. Covered Entities have entered into and agree to comply with the Corrective Action Plan (CAP), attached. 32
33 HIPAA Steps Toward Compliance 33
34 HIPAA Steps Toward Compliance Gain general knowledge of HIPAA regulations. Visit for more information 34
35 HIPAA Steps Toward Compliance Create a HIPAA Check List Designate a "Privacy Officer Create a general HIPAA computer file for your documentation i.e., HIPAA forms, logs, documentation of compliance activities, etc. 35
36 HIPAA Steps Toward Compliance Secure records by locking and securing file cabinets and offices. Monitor who has access to them. Provide basic (need not be expensive) computer security, such as virus protection, firewalls, backup, passwords (changed regularly), encryptions, log out, access log, and who has access to records 36
37 HIPAA Steps Toward Compliance Keep answering machines, fax machines and computer screens confidential and away from unauthorized people. Post public notices regarding the Privacy Officer and the Notice of Privacy Practices in the waiting room and, when appropriate, on your website. 37
38 HIPAA Steps Toward Compliance Obtain, if relevant, from your "Business Associates" (i.e., clearinghouses, answering services) a HIPAA Business Associate contract. Train your employees or staff (if you have any) in HIPAA compliance. Document the training and retraining as necessary. Disclosures and disclosure spreadsheets 38
39 Let s Have Some Fun # efb4e2fb111 39
40 SECURITY AND PRIVACY REMINDERS 40
41 Workstation Use and Security Access of PHI without subscriber authorization must be limited to purposes permitted Do not load unauthorized software, programs, or files onto their workstations. Do not copy records onto personal devices. Monitors should be positioned such that unauthorized persons cannot view information. 41
42 Workstation Use and Security Do not share your password with anyone. This includes IT and your supervisor. Additionally, do not write your password on sticky notes or other paper and leave it around or near your computer. Lock your workstation when leaving work area for extended periods. 42
43 and Malicious Software Do not open s unless you know the sender. If you receive from an unknown sender, contact IT. Please inspect addresses carefully to ensure they are from a legitimate source. Do not open links in s without confirming with the sender the validity of the links. Do not give your work address for any personal s. 43
44 and Malicious Software Never download files from the Internet. Never install any personal software on your computer. Do not make illegal copies of any software. Notify your supervisor if you suspect your password has been compromised. 44
45 Log-ins Do not log in if your screen suddenly looks different Don t log in from a free wi-fi connection 45
46 Transmissions Any documents to be sent via fax should be sent via electronic fax, if possible. If not possible, the sender should remain at the machine until the transmission is complete to remove material from the machine. Fax machines and copiers should also be regularly checked for, and cleared of, material containing PHI. s containing PHI should be sent using the encrypted secure function. Avoid full SSN whenever possible especially if you don t have encrypted . 46
47 Transmissions Documents containing PHI must be placed in the locked shred bins. No materials containing PHI should be left on photocopiers, fax machines or exposed on any work area. Telephones, voic and answering machines are not secure. Do not discuss PHI over speakerphone and do not leave messages containing PHI on an answering machine. 47
48 Copiers Disable the hard drive and/or save feature of a copier Did you even know your copier had a hard drive?! Most of us don t! Get this in writing from your copier salesperson 48
49 Shredding Hire a shred company, if you are able, to dispose of your PHI Keep a log documenting the shred visits Keep PHI in a locked shred bin 49
50 Resources HIPAA For Dummies: A Practitioner s Guide Understanding HIPAA HIPAA FAQs Enforcement Data 50
Enrollment Updates/HIPAA
2015 BAW Conference Enrollment Updates/HIPAA Sabrina Freeman Sue Sadik Jason Simpson October enrollment Enrollment options effective January 1, 2016 Enroll in, change or cancel health coverage (can also
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationPHI- Protected Health Information
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
More informationInformation Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
More informationHIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationHIPAA Education Level One For Volunteers & Observers
UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act
More informationMCCP Online Orientation
Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationHIPAA PRIVACY AND SECURITY AWARENESS. Covering Kids and Families of Indiana April 10, 2014
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationPresented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More informationCompliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians
Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security
More informationTriageLogic Information Security Policy
TriageLogic Information Security Policy What is HIPAA, and what information is protected by it? HIPAA, short for the United States Health Insurance Portability and Accountability Act, is a set of standards
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationSCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY
SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information
More informationHIPAA Compliance. 2013 Annual Mandatory Education
HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationVENDOR / CONTRACTOR. Privacy Basics
VENDOR / CONTRACTOR Privacy Basics Introduction Premera s mission is to provide our customers with peace of mind about their healthcare. This requires that everyone who works with or for Premera (the Company
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationInformation Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA - 1996 O HITECH - 2009
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationHIPAA Awareness Training
New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental
More informationAlliance for Clinical Education (ACE) Student HIPAA Training
Alliance for Clinical Education (ACE) Student HIPAA Training Health Insurance Portability and Accountability Act of 1996 October 2003 1 Objectives Understand the HIPAA Privacy rules and regulations Understand
More informationLimited Data Set Background Information
Limited Data Set Background Information 1. A limited data set is protected health information that excludes certain identifiers but permits the use and disclosure of more identifiers than in a de-identified
More informationHealth Insurance Portability and Accountability Act (HIPAA) Overview
Health Insurance Portability and Accountability Act (HIPAA) Overview Agency, Contract and Temporary Staff Orientation Initiated: 5/04, Reviewed: 7/10, Revised: 10/10 Prepared by SHS Administration & Samaritan
More informationDepartment of Health and Human Services Policy ADMN 004, Attachment A
WASHINGTON COUNTY Department of Health and Human Services Policy ADMN 004, Attachment A HHS Confidentiality Agreement Including HIPAA (Health Information Portability and Accessibility Act of 1996) OREGON
More informationHIPAA Privacy & Security Training for Clinicians
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
More informationTable of Contents INTRODUCTION AND PURPOSE 1
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 ( HIPAA ) COMPLIANCE PROGRAM Adopted December 2008: Revised February 2009, May, 2012, and August 2013 Table of Contents INTRODUCTION AND PURPOSE
More informationHFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationHIPAA Training: Ensuring Privacy for our Patients
HIPAA Training: Ensuring Privacy for our Patients The purpose of the HIPAA Privacy Rule is to prevent inappropriate use and disclosure of individual health information, most commonly referred to as protected
More informationBUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationAnnual Compliance Training. HITECH/HIPAA Refresher
Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationHIPAA and You The Basics
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
More informationState of Connecticut Department of Social Services HIPAA Policies and Procedures Manual
State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual Updated 9/17/13 1 Overview As of April 14, 2003, the State of Connecticut Department of Social Services (DSS) is
More informationSection C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT
Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationHIPAA Training for Staff and Volunteers
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
More informationGaston County HIPAA Manual
Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationHIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE
Important: Conducting an assessment of your health plan(s) is the first step to determining HIPAA compliance. You will need to conduct a separate assessment for each of your health plans. (Please be aware
More informationHEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
More informationHIPAA COMPLIANCE. What is HIPAA?
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
More informationHIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc hipaa@unityhealthcare.org 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
More informationSecuring the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer
Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health
More information[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :
[Insert Name and Address of Data Recipient] Re: Data Use Agreement Dear : The federal Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (collectively referred
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationHIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHealth Insurance Portability and Accountability Act HIPAA Privacy Standards
Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More information8.03 Health Insurance Portability and Accountability Act (HIPAA)
Human Resource/Miscellaneous Page 1 of 5 8.03 Health Insurance Portability and Accountability Act (HIPAA) Policy: It is the policy of Licking/Knox Goodwill Industries, Inc., to maintain the privacy of
More information4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Limited Data Sets and Data Use Agreements 10200 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel
More informationHIPAA Privacy & Security Rules
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationHIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationBUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE
BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationInformation Security and Privacy. WHAT are the Guidelines? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT are the Guidelines? HOW is it to be done? WHY is it done? 1 WHAT are the guidelines O Be in compliance of Federal/State Laws O Federal: O HIPAA 1996 2 3 WHAT are the
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationHealthcare Compliance Solutions
Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human
More informationHIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? 6/28/2012
DIRECTIONS HIPAA Privacy/Security Personal Privacy Catholic Charities On-line Training July 2012 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationHealth Information Privacy Refresher Training. March 2013
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationHIPAA Security. 1 Security 101 for Covered Entities. Security Topics
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationHIPAA SECURITY AWARENESS
April, 2005 HIPAA SECURITY AWARENESS Department of Mental Health, Mental Retardation, and Substance Abuse Services What is HIPAA? HIPAA means Health Insurance Portability and Accountability Act It is a
More informationIRB, HIPAA, and Clinical Research
IRB, HIPAA, and Clinical Research A presentation by CHS Privacy and Security Offices UAB Institutional Review Board UAB Health System UAB/UABHS HIPAA Operations Team 1 Getting Started HIPAA 2 3 A Quick
More informationBRIDGEVALLEY COMMUNITY & TECHNICAL COLLEGE OPERATING POLICY
BRIDGEVALLEY COMMUNITY & TECHNICAL COLLEGE OPERATING POLICY Effective Date Subject Number Page April 1, 2014 PROTECTING PERSONALLY IDENTIFIABLE INFORMATION (PII) B-OP-17-14 1 of 7 Supersedes/Supplements:
More informationREPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.
REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationHealth Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) Transactions Standards 1. Health claims 2. Health claim attachments 3. Healthcare payment and remittance advice 4.
More informationHIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More information