HIPAA and Leadership. The Importance of Creating a More Compliance Focused Environment
|
|
- Augustus Reeves
- 8 years ago
- Views:
Transcription
1 HIPAA and Leadership The Importance of Creating a More Compliance Focused Environment 1
2 AGENDA HIPAA Basics The Importance of Leadership in RIM and IG Creating a More Compliance Focused Culture Potential Challenges That You May Encounter HIPAA and You 2
3 HIPAA Basics What does HIPAA stand for? The speed limit HIPAA and social media 3 purposes of HIPAA 1. To combat waste and fraud in health insurance 2. Improve portability/continuity of health insurance 3. Simplify administrative side of health insurance 3
4 Basics DHHS OCR NPRM CE and BA and their responsibilities BAA s Audits for 2015 Risk assessments HIPAA impacts more than just medical records 4
5 What is PHI? all geographic identifiers smaller than a state; dates directly related to an individual; phone numbers; fax numbers; social security numbers; medical record numbers; health insurance beneficiary numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifier and serial numbers; web uniform resource locators (URL s); internet protocol (IP) numbers; biometric identifiers (finger prints, retinal prints and voice prints); full face photos and any other comparable images (such as tattoos); any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data. 5
6 Leadership Leadership is largely responsible for assuring compliance! Leadership involves more that a title or job description Leadership incorporates several departments Leadership is responsible for organizational compliance Leadership is a critical component to get buy in from, in regards to any compliance matter Leadership is responsible for liability that the organization is subjected to Leadership sets the tone for the corporate culture either positive or negative 6
7 Breach Definition unauthorized acquisition, access, use, or disclosure of Protected Health Information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information Any impermissible use or disclosure of PHI is presumed to be a breach unless the CE or BA, as applicable, demonstrates that there is a low probability that the PHI has been compromised 7
8 Breaches Identity theft is the driver for most breaches Does leadership want their organization to be the subject of Tweets, shares, likes? ID theft was a $28 Billion industry in 2013 Well over 700 million records have been breached since 2005 What are the thieves after? Billing and insurance records, medical files, payment details, prescriptions, social security numbers Medical ID theft has risen 400% in the past year 8
9 Creating a Compliance Culture What is compliance? Following the rules Creating a more transparent business operating and reporting climate to support market confidence In other words, your customers, as well as the companies that work with or for you, want to know that your organization knows what it s doing! Clearly defined policies, procedures, and practices Compliance Management, in contrast, is the means by which organizations can assure compliance in accordance with the rules, regulations, laws, and other requirements to which the organization is subject. Compliance Management involves oversight, assessment, reporting, educating, and noting needs for remediation, while the element of assurance comes from reliable evidence of compliance. Or, proof 9
10 Attribute of a Culture of Compliance A positive Culture of Compliance includes strategic vision and relates to larger strategic goals. It is established by top management It is characterized by senior management example It is embedded in activities such as education It is reinforced by incentive systems It is given force through the treatment of transgressors. It is not sufficient to simply publish policies and provide them to employees. Policies must be enforced! It is integral to information systems and their use and management It is inseparable from the organization s structure, processes, and management style 10
11 Positive Culture of Compliance A positive culture: encompasses enterprise risk management addresses the risks that arise in each strategic area establishes control points for the risk elements ensures controls are well documented for internal and external purposes identifies the specific people responsible for managing each compliance element Without a commitment to compliance, even the best policies and procedures will be useless. 11
12 3 C s of Compliance Compliance has, at its basis, 3 essential and continuous elements 1. Communication 2. Confirmation 3. Correction 12
13 What Are The Signs of a Culture of Compliance? If you have to go looking for signs of compliance, then it is probably isn t there. Communication: Evident in consistent messages to personnel. Individuals know what is expected of them and provide vertical as well as horizontal communications. Confirmation: Expect processes and activities to be measured and results reported. Each position has a defined set of competencies, and performance is measured and rewarded. Monitoring and feedback are characteristics of all automated systems and procedures. Correction: Because of clear and consistent communication and confirmation, it is immediately known when a process, activity, result, or condition is outside of its acceptable parameters. Even trends and anomalous patterns are detected and information about them is directed into the measurement, reporting and response cycle. Things don t stay broken in a culture of compliance because the responsible parties are identified and held accountable. 13
14 Don t Cut Corners Avoid just the appearance of compliance Don t just go for short term profit versus long time risks Signs of this: Things are too good to be true Problems do not rise to the surface. Only good news please mentality You cannot drill down to the details that support compliance reports. The results must be honest and complete. Good intentions aren t good enough anymore. 14
15 Suggestions Reward the problem identifiers Reward the problem solvers Make sure employees realize that management will not accept covering up problems Allow management, auditors, and regulatory examiners to look into the facts, details, and numbers that make up compliance reporting As the management team operates the organization s daily business, it needs the confidence it can only receive from a Culture of Compliance. The organization also needs the benefits that accrue from a well conceived and executed compliance management program featuring continuous improvement. The best solution involves coordinating the diverse compliance management activities through a single management entity equipped with a solid mandate and a compliance management system that is capable of combining similar activities for efficiency and the maintenance of a comprehensive database of compliance requirements. Only in such an environment can the governance bodies be assured of effective and sustainable compliance. 15
16 Challenges You May Face? Less than 100% buy in from Leadership Team (CEO, CFO, CISO, Privacy Officer, etc) That IT is a completely separate business segment that needs addressed! People not being 100% truthful-this lends itself to increased risk, increased liability, and fines and penalties Often times, this is strictly a pride issue. Ask yourself if it is worth the risk? Short cuts, dishonesty, or inaccurate assumptions and presumptions such as we have always done it this way, or we are good because nothing has happened yet Why do they always say yet? 16
17 Challenges Policies and procedures may conflict with reality Employees may or may not buy in If they fail to buy in, what will you do if your goal is to create this new culture? Coordinating the diverse compliance management activities through a single management entity equipped with a solid mandate and system that is capable of combining efficiency and maintaining a comprehensive database of requirements 17
18 HIPAA and It s Impact on Business HIPAA now governs HR records Law firms, CPA s, insurance companies, health plans, health care clearinghouses, health care providers, shredding companies, offsite record storage companies, scanning/imaging companies, software companies, IT companies, anyone that touches or has access to your information, is now responsible for any associated risk and liability including fines and penalties If you are a CE, do you have the required updated BAA s with your business associates? Who is a BA? 18
19 Business Associates Any person or entity that will perform a covered function under HIPAA for you or your organization (either for or on behalf of) Covered functions? Create, store, maintain, transmit or transport. offsite record storage companies, scanning/imaging, document destruction, x-ray collection, software hosts or that have remote access into your database, attorneys, etc. Can they each provide proof of a formal and documented HIPAA training program to you, that is current? 19
20 *Civil Penalties* The 4 Tiers of civil penalties: (All monetary and in a calendar year) Tier A Lowest level, single violation (an oops ) Fine: not less than $100 up to $50,000 each Tier B Reasonable cause: A reason that would motivate a person of ordinary intelligence under the circumstances Fine: not less than $1,000 up to $50,000 each Tier C Willful neglect but corrected: Conscious or intentional failure to perform a duty due to negligence. Fine: not less than $10,000 up to $50,000 each Tier D Multiple violations by willful neglect not corrected Fine: not less than $50,000 up to *$1.5 million Copyright 2015 by Tom Dumez All Rights Reserved All such violations of an identical provision in a calendar year is also $1.5 million 20
21 Criminal Penalties The 3 Tiers of criminal penalties: Tier A Wrongful disclosure: knowingly uses or causes PHI to be used Fine: Up to $50,000 fine and 1 year imprisonment Tier B Wrongful disclosure under false pretenses: a reporter who fails to identify themselves as a member of the press, obtains PHI & publishes it Fine: Up to $100,000 fine and 5 years imprisonment Copyright 2015 by Tom Dumez All Rights Reserved Tier C Wrongful disclosure under false pretenses with intent to sell, or use for commercial or personal gain or malicious harm Fine: Up to $250,000 fine and 10 years imprisonment 21
22 Mitigate Risks! Make sure that someone knows and understand just what is required, of various laws that pertain to your industry Make sure that PnP are good and sound Make sure that the practices match the PnP s Make sure that you regularly evaluate all impacted systems Make sure you have a DR Plan Make sure you get proof that not only your company, but each employee, knows nd understands the risks as well as the fines and penalties! Who Pays? 22
23 QUESTIONS? 23
HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationHIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationPresented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationHIPAA Compliance Issues and Mobile App Design
HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies
More informationHIPAA Update Focus on Breach Prevention
HIPAA Update Focus on Breach Prevention Objectives By the end of this program, participants should be able to: Identify top reasons why breaches occur Review the breach definition and notification process
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationUNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14
UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14 RULES Issued August 19, 2009 Requires Covered Entities to notify individuals of a breach as well as HHS without reasonable delay or within
More informationBUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationHIPAA Compliance, Notification & Enforcement After The HITECH Act. Presenter: Radha Chanderraj, Esq.
HIPAA Compliance, Notification & Enforcement After The HITECH Act Presenter: Radha Chanderraj, Esq. Key Dates Publication date January 25, 2013 Effective date - March 26, 2013 Compliance date - September
More informationUnderstanding HIPAA Regulations and How They Impact Your Organization!
Understanding HIPAA Regulations and How They Impact Your Organization! Presented by: HealthInfoNet & Systems Engineering! April 25 th 2013! Introductions! Todd Rogow Director of IT HealthInfoNet Adam Victor
More informationHIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals
HIPAA New Breach Notification Risk Assessment and Sanctions Policy Incident Management Policy For breaches affecting 1 3 individuals +25 individuals + 500 individuals Focus on: analysis documentation PHI
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationHIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationTriageLogic Information Security Policy
TriageLogic Information Security Policy What is HIPAA, and what information is protected by it? HIPAA, short for the United States Health Insurance Portability and Accountability Act, is a set of standards
More informationHIPAA Privacy & Breach Notification Training for System Administration Business Associates
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationAlliance for Clinical Education (ACE) Student HIPAA Training
Alliance for Clinical Education (ACE) Student HIPAA Training Health Insurance Portability and Accountability Act of 1996 October 2003 1 Objectives Understand the HIPAA Privacy rules and regulations Understand
More informationGrand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability
More informationBUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE
BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties
More informationBuilding a Culture of Compliance
Charles H. Le Grand, CHL Global Associates Sponsored by IBS America, Inc.* http:// Building a Culture of Compliance i Overview 1 What Is Compliance? 1 A Culture of Compliance 2 Attributes of a Culture
More informationSection C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT
Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationUnderstanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule
Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability
More informationIAPP Practical Privacy Series. Data Breach Hypothetical
IAPP Practical Privacy Series Data Breach Hypothetical Presented by: Jennifer L. Rathburn, Partner, Quarles & Brady LLP Frances Wiet, CPO and Assistant General Counsel, Takeda Pharmaceuticals U.S.A., Inc.
More informationInformation Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
More informationELECTRONIC HEALTH RECORDS
ELECTRONIC HEALTH RECORDS Understanding and Using Computerized Medical Records CHAPTER TEN LESSON ONE Privacy and Security of Health Records Understanding HIPAA HIPAA: acronym for Health Insurance Portability
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationHIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.
HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationHIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule
HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationHIPAA SELF STUDY TRAINING GUIDE
HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may
More informationHIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,
More informationHIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com
HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationYou Probably Don t Even Know
You Probably Don t Even Know That You Need To Comply With HIPAA In Collaboration With: About ERM About The Speaker Stephen Siegel, Esq., Of Counsel, Broad and Cassel Board Certified Health Law Over 25
More informationDonna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationHIPAA Education Level One For Volunteers & Observers
UK HealthCare HIPAA Education Page 1 September 1, 2009 HIPAA Education Level One For Volunteers & Observers ~ What does HIPAA stand for? H Health I Insurance P Portability A And Accountability A - Act
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationBusiness Associate Agreement
Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf
More informationHIPAA means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.
HIPAA Data Use Agreement 1 Revision Date: This Data Use Agreement (the Agreement ) is entered into by and between Yale University ( Covered Entity ) and ( Data User ), collectively, the Parties, and shall
More informationWhat is Covered by HIPAA at VCU?
What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationA How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1
A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register
More informationData Security Considerations for Research
Data Security Considerations for Research Institutional Review Board Annual Education May 8, 2012 1 PRIVACY vs. SECURITY What s the Difference?: PRIVACY Refers to WHAT is protected Health information about
More informationInformation Privacy and Security Program Title:
1 Page: 1 of 5 I. PURPOSE: 1 The purpose of this standard is to identify and define the standards for implementing contracting provisions related to those individuals and organizations identified as Business
More informationLimited Data Set Background Information
Limited Data Set Background Information 1. A limited data set is protected health information that excludes certain identifiers but permits the use and disclosure of more identifiers than in a de-identified
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationPrivacy Compliance Health Occupations Students
Privacy Compliance Health Occupations Students Health Occupations Students The information in this power point is the same information provided to new SCHS caregivers at their orientation. We cannot stress
More informationFIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS
FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA Privacy Summary for Self-insured Employer Groups
I. Overview HIPAA Privacy Summary for Self-insured Employer Groups The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures of
More informationOCR/HHS HIPAA/HITECH Audit Preparation
OCR/HHS HIPAA/HITECH Audit Preparation 1 Who are we EHR 2.0 Mission: To assist healthcare organizations develop and implement practices to secure IT systems and comply with HIPAA/HITECH regulations. Education
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationHIPAA Privacy Summary for Fully-insured Employer Groups
HIPAA Privacy Summary for Fully-insured Employer Groups I. Overview The Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulate the uses and disclosures
More informationHIPAA Orientation. Health Insurance Portability and Accountability Act
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationName of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:
PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF
More informationACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
More informationCompliance Training for Medicare Programs Version 1.0 2/22/2013
Compliance Training for Medicare Programs Version 1.0 2/22/2013 Independence Blue Cross is an independent licensee of the Blue Cross and Blue Shield Association. 1 The Compliance Program Setting standards
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationUNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):
UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,
More informationHIPAA The Law Explained. Click here to view the HIPAA information.
HIPAA The Law Explained Click here to view the HIPAA information. HIPAA - Provisions 5 Major Provisions/Titles Title 1 Title 2 Title 3 Title 4 Title 5 More Information on Administrative Simplification
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationMeeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel
Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered
More informationwhat your business needs to do about the new HIPAA rules
what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or
More informationHIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
More informationBusiness Associate Agreement Involving the Access to Protected Health Information
School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationPRIVACY REGULATIONS FOR BEHAVIORAL HEALTH PROVIDERS WHAT YOU NEED TO KNOW
PRIVACY REGULATIONS FOR BEHAVIORAL HEALTH PROVIDERS WHAT YOU NEED TO KNOW September 10, 2013 AGENDA The Changing Privacy Climate Overlapping Laws & Regulations Health Insurance Portability & Accountability
More informationWhite Paper #6. Privacy and Security
The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America
More informationCompliance Program and HIPAA Training For First Tier, Downstream and Related Entities
Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationHIPAA Training Study Guide July 2015 June 2016
Contents HIPAA Overview... 2 Who must comply?... 2 Privacy Standard... 3 Protected Health Information (PHI)... 3 Minimum Necessary Rule... 4 Requests for PHI... 5 Acceptable PHI Releases... 5 Special Circumstances...
More informationOn July 14 the U.S. Department of Health and Human Services published a Notice of
Casting a Vastly Expanded Regulatory Net: Implications of the New Definition of Business Associates under HITECH By Amy K. Fehn, Wachler & Associates, P.C. and John R. Christiansen, Christiansen IT Law
More information