HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

Save this PDF as:

Size: px
Start display at page:

Download "HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10"

Transcription

1 HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10

2 CHICAGO DEPARTMENT OF PUBIC HEALTH HIPAA 100 I. Introduction: Under the Health Insurance Portability and Accountability Act (HIPAA), the City of Chicago is a hybrid entity, and has designated as its health care components the following departments: Public Health, Fire, Aging (case management division), Finance (Benefits Management Office), Law, Revenue, and the Office of Emergency Management and Communications. The Chicago Department of Public Health (CDPH) is a hybrid-covered entity as well as the local public health authority as defined under HIPAA. The CDPH has implemented a compliance plan with the federal rules and regulations applicable to the HIPAA Standards for Privacy of Individually Identifiable Health Information, Standards for Electronic Transactions, and the Security Rule. To address compliance with HIPAA, the following three sets of rules have been issued by the United States Department of Health and Human Services (DHHS): The Standards for Electronic Transactions or Transactions and Code Set (TCS) Rule establishes technical specifications for conducting electronic health care transactions using standard formats approved by the Department of Health and Human Services (DHHS). The TCS Rule applies primarily to activities related to billing processes. (Compliance date: October 16, 2003) The Privacy Rule regulates the use and/or disclosure of any individually identifiable health information maintained by health plans, health care clearinghouses, and health Care providers. (Compliance Date: April 14, 2003) The Security and Electronic Signature Standards (Security Rule) is aimed at ensuring the security and integrity of computer systems that store and transmit Protected Health Information (PHI). (Compliance date: April 20, 2005.) The material contained in this training packet should provide CDPH workforce members with a basic understanding of HIPAA rules and how they apply to CDPH. Questions regarding these materials, or other HIPAA queries should be posed to the CDPH HIPAA Compliance Officer a

3 II. HIPAA Definitions: Business associate - A person who: (a) On behalf of a health care component, but other than in the capacity of a member of the workforce of the component, performs, or assists in the performance of: (i) A function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing; or (ii) Any other function or activity regulated by HIPAA; or (b) Provides, other than in the capacity of a member of the workforce of the health care component, legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for the component where the provision of the service involves the disclosure of PHI from such component, or from another business associate of such component, to the person. CMS-Centers for Medicare and Medicaid programs Designated record set - A group of records maintained by or for a health care component that is: (a) The medical records and billing records about individuals maintained by or for a health care component; (b) (c) The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or Used, in whole or in part, by or for the covered entity to make decisions about individuals. Disclosure - The release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the information. Health care component - A component or combination of components of a hybrid designated by the hybrid entity in accordance with 45 CFR (c)(3)(iii). The health care components, as designated by the City of Chicago are as follows: Department on Aging (case management division), Department of Public Health (all programs except Epidemiology and Birth/Death Records), Department of Fire, Department of Revenue, and the Department of Law (Municipal Prosecutions, Commercial & Policy Litigation, Torts, Regulatory & Aviation Litigation and Individual Defense divisions). Health care operations - Any of the following activities of the health care component to the extent that the activities are related to covered functions: (a) Conducting quality assessment and improvement activities, including outcome evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any such studies resulting from such activities; population-based activities relating to improving health or reducing health care costs, protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment alternatives; and, related functions that do not include treatment; (b) Reviewing the competence or qualifications of health care professionals, evaluating practitioner and provider performance, health plan performance, conducting training programs in which students, trainees, or practitioners in areas of 3

4 health care learn under supervision to practice or improve their skills as health care providers, and training of non-health care professionals, accreditation, certification, licensing, or credentialing activities; (c) (d) Underwriting, premium rating, and other activities relating to the creation, renewal or replacement of a contract of health insurance or health benefits, and ceding, securing or placing a contract for reinsurance of risk relating to claims for health care (including stop-loss insurance and excess of loss insurance); Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs; (f) (e) Business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating the entity, including formulary development and administration, development or improvement of methods of payment or coverage policies; and, Business management and general administrative activities of the entity. HHS - United States Department of Health and Human Services. Hybrid entity - A single legal entity: (a) That is a covered entity; (b) (c) Whose business activities include both covered and non-covered functions; and That designates health care components in accordance with 45 CFR (c)(3)(iii). Institutional Review Board (IRB) - A committee group comprised of City of Chicago personnel and community representatives with varying backgrounds and professional experience that review and approve the research protocols involving human subjects. Individually Identifiable Health Information - Information that is a subset of health information, including demographic information collected about an individual, and: (a) Is created or received by a health care provider, health plan, employer or health care clearinghouse; and, (b) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and, (i) That identifies the individual; or (ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual. Limited data set - A subset of protected health information that excludes the direct identifiers listed below. All the direct identifiers must be removed for the individual and relatives employers, or household members of the individual. (1) Names; (2) Postal address information, other than town or city, State, and zip code; (3) Telephone numbers; (4) Fax numbers; (5) Electronic mail addresses; (6) Social security number; (7) Medical record numbers; (8) Health plan beneficiary numbers; (9) Account numbers; (10) Certificate/license numbers; (11) Vehicle identifiers and serial numbers, including license plate numbers; 4

5 (12) Device identifiers and serial numbers; (13) Web Universal Resource Locators (URLs); (14) Internet Protocol (IP) address numbers; (15) Biometric identifiers, including finger and voice prints; and (16) Full face photographic images and any comparable images. Payment - The activities undertaken by (1) the health plan to obtain premiums or to determine or fulfill its responsibility for coverage and provision of benefits under the health plan; or (2) a health care component or health plan to obtain or provide reimbursement for the provision of health care. Personal representative - Any adult who has decision-making capacity and who is willing to act on behalf of a patient. A personal representative includes an individual who has authority, by law or by agreement from the individual receiving treatment, to act in the place of the individual. This includes parents, legal guardians or properly appointed agents, like those identified in a Durable Power of Attorney, or individuals designated by state law. Protected health information (PHI) - Individually identifiable health information that is (a) transmitted by electronic media; (b) maintained in any electronic medium; or (c) transmitted or maintained in any other form or medium. Protected health information excludes individually identifiable health information in employment records held by a covered entity in its role as employer. Qualified protective order - An order of a court or of an administrative tribunal or a stipulation by the parties to the litigation or administrative proceeding that: (a) Prohibits the parties from using or disclosing the PHI for any purpose other than the litigation or proceeding for which such information was requested; and (b) Requires the return to the covered entity or destruction of the PHI (including all copies made) at the end of the litigation. Records - Means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a health care component. TPO - Means treatment, payment or health care operations. Use - With respect to individually identifiable information, the sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information. 5

6 III. THE PRIVACY RULE: The increasing sophistication of information technology continues to make it easier to move patient information from one source to another. This, however, has raised serious concerns about how that information is used and /or disclosed. The Privacy Rule establishes a national standard for protecting an individual s medical records and other PHI. Moreover, the Privacy Rule is intended to give patients greater control over the use of their health information. Importantly, the Privacy Rule not only creates new patient rights with respect to PHI, it also establishes significant civil and criminal sanctions for the misuse or unauthorized disclosure of PHI. A. Protected Health Information: Protected Health Information (PHI) is individually identifiable health information Individually-Identifiable Health Information is any information that is received or created by the health provider that relates to the past, present or future physical or mental health condition of an individual, or the payment of health care services rendered to an individual, or the payment of health care services rendered to an individual, and reasonably identifies the individual. Simply put, any record or form with information that CDPH employees receive or generate, whether electronic, oral or written, that contains health information or information that might reasonably identify the individual constitutes PHI and is covered under the Privacy Rule. PHI excludes any information about employees that are held by the City in its role as an employer. For example, this would exclude individually identifiable information that is collected from an employee by the City about leave requested under the Family and Medical leave Act (FMLA). PHI covers a wide array of oral, written and electronic material. Some examples of PHI in the Chicago Department of Public Health include the following: Medical records Lab reports / requests Logs Billing Forms Referrals Consults The following, alone or in combination with each other, are examples of Patient Identifiers: Name Address Telephone number Fax number address Social Security Number Medical record number Internet Protocol (IP) address numbers Biometric identifiers, including finger and voice prints Full face photographic images Health plan beneficiary numbers Account number Certificate / license number Vehicle identifiers and serial numbers, including license plates numbers Device identifiers and serial numbers Web universal resource locators (URL s) B. Disclosure of PHI: Generally, CDPH may disclose PHI, without patient authorization, for treatment, payment or health care operations. 6

7 Examples: Treatment - No authorization is needed to refer a patient to a specialist or to discuss a patient s treatment with another health care provider. Payment - No authorization is needed to discuss PHI when obtaining payment information from a patient s health plan. Health Care Operations - No authorization is needed to disclose PHI to a CDPH employee who is conducting an audit of patient files. Other examples of permitted disclosures include if a patient requests in writing for a copy of his/her records for him/herself; if a CDPH patient authorizes CDPH to release his/her patient records to a third party, such as a family member, attorney, or other provider; or, if a legally valid subpoena is issued as determined by the CDPH attorney and the Law Department. If, as a member of the CDPH workforce, you are ever in doubt or unclear as whether to release PHI, err on the side of caution, and ask your supervisor or the CDPH HIPAA Compliance Officer for assistance. C. City of Chicago Notice of Privacy Practices: The Privacy Rule mandates that all patients shall be offered a written copy of the City s Notice of Privacy Practices. (See Addendum # 3) This notice describes to the patient how his/her medical information may be used and disclosed. In addition, the patient should sign a form acknowledging that a written copy of the Notice was offered. This completed form is to be placed in the patient s record and maintained for six years. (See Addendum # 4) The following summarizes the contents of the City of Chicago Notice of Privacy Practices.. Patients Rights Regarding Protected Health Information To request restrictions on uses and disclosures To receive confidential communication To access PHI To receive an accounting of disclosures To inspect or copy records To request an amendment of protected health information To receive the City of Chicago Notice of Privacy Practices To file complaints with the City of Chicago Privacy Officer and / or the Office of Civil Rights Other Uses and Disclosures Allowed Without Authorization Public health risks 7

8 Health oversight activities Lawsuits and similar proceedings Law enforcement Deceased patients Research Serious threats to health or safety Military National security Inmates Worker s compensation The Privacy Rule applies to all forms of patients PHI, whether electronic, written, or oral. In adhering to Privacy Rule, CDPH workforce members must always strive to protect the individual patient s health information by promoting appropriate access and use of PHI. 8

9 IV. Security Rule A. The primary objective of the HIPAA Security Rule is to protect the confidentiality, integrity, and availability of ephi (electronic protected health information). Confidentiality ensures that data or information is not made available or disclosed to unauthorized persons or processes. Integrity guarantees that data or information has not been altered or destroyed in an unauthorized manner. Availability provides that data or information is accessible and usable upon demand by an authorized person. The three standards for compliance under the HIPAA Security Rule address administrative, physical, and technical safeguards. Administrative Safeguards: Those actions, policies, an procedures that manage the selection, development, implementation, and maintenance of security measures to protect ephi and to manage the conduct of CDPH s workforce in relations to the protection of that information. Physical Safeguards: Security measures to protect CDPH s electronic information systems and related buildings and equipment from natural and environmental hazards and unauthorized intrusion. Technical Safeguards: The technology and policy and procedures for its use that protect ephi ad control access to it. B. ephi Safeguards: The Administrative, Physical, and Technical safeguards are broad categories with specific implementation requirements under each one. The City of Chicago HIPAA Policies address each Security Rule requirement related to these safeguard. CDPH has implemented its own HIPAA Security Rule policies. The following topics are primary areas of concern for CDPH systems. i. Password Usage and Management: Each user must have and use a unique User Login ID and password that identifies him/her as the user of the information system. The User Login ID is only created upon a written request to CDPH OMIS. The user is responsible for managing their account, using his/her ID and maintaining his/her password Users may not allow anyone for any reason to have access to any information system using another user s unique User Login ID and password. When technically feasible, each information system will automatically require users to change passwords at a pre-determined interval as determined by the program in consultation with OMIS, based on the criticality and sensitivity of the ephi (electronic Protected Health Information) contained within the network, system, application, and/or database. When not technically feasible to automate required password changes, the program supervisor is responsible for implementing manual procedures, with assistance from OMIS as necessary, to ensure that passwords are changed on a regular basis ii. Virus protection: The City of Chicago will install on all workstations anti-virus software to prevent transmission of malicious software. This software will be regularly updated. Portable workstations, e.g., PDAs, laptops, etc., are also 9

10 subject to the same safeguards and protections as stationary (desktop) workstations. iii. Protected Health Information is not to be transmitted via . iv. Incident Response: In the event of an emergency where user workstations at various facilities are unable to access ephi, workstations locally connected to the servers that store ephi shall be provided. As an alternative, to the extent possible, ephi may be copied onto other media and maintained securely at other facilities. If copies are made, they should be digitally encrypted and secured so only authorized users can access the data contained on them. Finally, the City of Chicago has identified an incident response team to respond to critical system issues including, but not limited to, security issues. v. Hand Held Devices: Portable workstations, e.g., PDAs, laptops, etc., are subject to the same safeguards and protections as stationary workstations. Portable workstations shall be maintained in a safe and secure manner when transported. Personally owned computers may not be connected to the business network. Access to and/or the portal is acceptable only with prior OMIS approval. vi. Laptop Security: Only if the portable electronic device has documented, working antivirus software, will it be permitted to connect to the network. Laptops must have log-on or power-on passwords. Laptops that contain PHI, even briefly, should not be shared among programs users. Lost or stolen laptops must be reported to OMIS immediately. vii. Access Control Issues: The level of security assigned to a user of the City s and CDPH s information systems is based on the minimum necessary amount of data access required to carry out legitimate job responsibilities. Blanket access will not be provided for any user. Access categories are rolebased and defined by the importance of the applications running on the information system, the value or sensitivity of the ephi on the information system, security controls on the information system, security controls on the workstation utilized to access the information system, and the extent to which the information system is connected to other information systems. viii. Individual Accountability: The HIPAA Sanction Policy is included as part of the 'Violations and Enforcement of this Policy Section" of the City of Chicago's Information Management Policy located at df. IN addition, HIPAA rules allow for fines at the individual level for violations of the rules. ix. Desktop Security: The City of Chicago maintains an intranet page ( that contains security update information. In addition, the City sends out security reminders on a monthly basis to all users reminding them to make sure their workstations are adequately protected 10

11 V. A Word About Business Associate Agreements: All contracts, including but not limited to intergovernmental agreements, memoranda of understanding, and delegate agency agreements, with business associates related to PHI and/or ephi (electronic Protected Health Information) must include language and requirements regarding adherence to HIPAA standards and rule by the contractor. The CDPH HIPAA Officer will provide current City of Chicago HIPAA Business Associates Agreement language upon request. CDPH programs are responsible for informing the CDPH HIPAA Compliance Officer of any violations of HIPAA by contractors, including delegate agencies and subcontractors. The HIPAA Compliance Officer will work with programs, as appropriate, to ensure that contractors in question have access to HIPAA information. If violations of HIPAA are continuous or frequent, or contractors are resistant to becoming HIPAA compliant, the matter will be brought to the attention of the City of Chicago HIPAA Officers, for inquiry and recommendation. 11

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3 INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits State of Nevada for the Requirements for PEBP Health Benefits Plan Year 2016 July 1, 2015 June 30, 2016 www.pebp.state.nv.us (775) 684-7000 Or (800) 326-5496 Amendments Amendment Log Any amendments, changes

More information

HIPAA OVERVIEW ETSU 1

HIPAA OVERVIEW ETSU 1 HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health

More information

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual Updated 9/17/13 1 Overview As of April 14, 2003, the State of Connecticut Department of Social Services (DSS) is

More information

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information

More information

HIPAA Privacy Rule Policies and Procedures

HIPAA Privacy Rule Policies and Procedures County of Sacramento Health Insurance Portability and Accountability Act HIPAA Privacy Rule Policies and Procedures Issue Date: April 14, 2003 Effective Date: April 14, 2003 Revised Date: September 23,

More information

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE

BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties

More information

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.

More information

PEPPERDINE UNIVERSITY HIPAA Policies Procedures and Forms Manual

PEPPERDINE UNIVERSITY HIPAA Policies Procedures and Forms Manual PEPPERDINE UNIVERSITY HIPAA Policies Procedures and Forms Manual 1 Table of Contents I. INTRODUCTION... 4 A. GENERAL POLICY... 4 B. SCOPE... 4 II. DEFINITIONS... 5 III. GENERAL POLICIES AND PROCEDURES...

More information

TriageLogic Information Security Policy

TriageLogic Information Security Policy TriageLogic Information Security Policy What is HIPAA, and what information is protected by it? HIPAA, short for the United States Health Insurance Portability and Accountability Act, is a set of standards

More information

HIPAA Compliance for Students

HIPAA Compliance for Students HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits

More information

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by

More information

University of Cincinnati Limited HIPAA Glossary

University of Cincinnati Limited HIPAA Glossary University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

C.T. Hellmuth & Associates, Inc.

C.T. Hellmuth & Associates, Inc. Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

UNIVERSITY HOSPITAL POLICY

UNIVERSITY HOSPITAL POLICY SUBJECT: COMPLIANCE AND PRIVACY UNIVERSITY HOSPITAL POLICY TITLE: CODING: 831-200-958 ADOPTED: July 1, 2013 DISCLOSURES OF PERSONALLY IDENTIFIABLE HEALTH INFORMATION TO BUSINESS ASSOCIATES AMENDED/ REVIEWED:

More information

Statement of Policy. Reason for Policy

Statement of Policy. Reason for Policy Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions

More information

HIPAA 101: Privacy and Security Basics

HIPAA 101: Privacy and Security Basics HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually

More information

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity

More information

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS 1. HIPAA Privacy Policies & Procedures Overview (Policy & Procedure) 2. HIPAA Privacy Officer (Policy & Procedure) 3. Notice of Privacy

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA Privacy & Breach Notification Training for System Administration Business Associates

HIPAA Privacy & Breach Notification Training for System Administration Business Associates HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,

More information

Hybrid Entities Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Hybrid Entities Health Insurance Portability and Accountability Act of 1996 (HIPAA) Hybrid Entities Health Insurance Portability and Accountability Act of 1996 (HIPAA) 160.102 APPLICABILITY U.S. Department of Health and Human Services Office of the Secretary THE PRIVACY RULE Related Excerpts

More information

Information Privacy and Security Program Title:

Information Privacy and Security Program Title: 1 Page: 1 of 5 I. PURPOSE: 1 The purpose of this standard is to identify and define the standards for implementing contracting provisions related to those individuals and organizations identified as Business

More information

HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA

HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA HENRY COUNTY POLICIES AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 HIPAA 1 Amended January 23, 2014 This HIPAA compliance manual was prepared for the

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices Notice of Privacy Practices Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA Orientation. Health Insurance Portability and Accountability Act HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the

More information

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,

More information

Plan Sponsor s Guide to the HIPAA Security Rule

Plan Sponsor s Guide to the HIPAA Security Rule Plan Sponsor s Guide to the HIPAA Security Rule Compliments of Aetna 00.02.117.1 (8/04) The HIPAA Security Rule We live in a world with ever increasing Internet and e-mail access, networking capabilities,

More information

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

PHI- Protected Health Information

PHI- Protected Health Information HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson

More information

HIPAA Policies and Procedures

HIPAA Policies and Procedures HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

HIPAA Compliance Manual

HIPAA Compliance Manual HIPAA Compliance Manual HIPAA Compliance Manual 1 This Manual is provided to assist your efforts to comply with the federal privacy and security rules mandated under HIPAA and HITECH, specifically as said

More information

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Standards. and. Privacy Policies and Procedures. for. Birkam Health Center

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Standards. and. Privacy Policies and Procedures. for. Birkam Health Center Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Standards and Privacy Policies and Procedures for Birkam Health Center Ferris State University Table of Contents Introduction...

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE

More information

HIPAA Privacy Manual

HIPAA Privacy Manual California State University HIPAA Privacy Manual Revised February 17, 2010 As prepared by Mercer Human Resource Consulting 2010 California State University The HIPAA Privacy Manual was drafted for the

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS HIPAA Policy, Protection, and Pitfalls Overview HIPAA Privacy Basics What s covered by HIPAA privacy rules, and what isn t? Interlude on the Hands-Off Group Health Plan When does this exception apply,

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HIPAA DENTAL HYGIENE PRIVACY AND SECURITY POLICIES AND PROCEDURES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HIPAA DENTAL HYGIENE PRIVACY AND SECURITY POLICIES AND PROCEDURES 1 2015 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HIPAA DENTAL HYGIENE PRIVACY AND SECURITY POLICIES AND PROCEDURES 2 FERRIS STATE UNIVERSITY DENTAL HYGIENE HIPAA POLICIES AND PROCEDURES TABLE

More information

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Date: June 1, 2014 Salt Lake Community College

More information

CBIA Service Corporation Privacy and Security Notice

CBIA Service Corporation Privacy and Security Notice July 1, 2012 CBIA Service Corporation Privacy and Security Notice THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities

Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities Compliance Program and HIPAA Training For First Tier, Downstream and Related Entities 09/2011 Training Goals In this training you will gain an understanding of: Our Compliance Program elements Pertinent

More information

Limited Data Set Background Information

Limited Data Set Background Information Limited Data Set Background Information 1. A limited data set is protected health information that excludes certain identifiers but permits the use and disclosure of more identifiers than in a de-identified

More information

Health Insurance Portability and Accountability Act. Policies and Procedures Compliance Manual. Human Resources. Ferris State University

Health Insurance Portability and Accountability Act. Policies and Procedures Compliance Manual. Human Resources. Ferris State University Health Insurance Portability and Accountability Act Policies and Procedures Compliance Manual Human Resources Ferris State University Introduction to Ferris State University s HIPAA Privacy Policies and

More information

HIPAA Privacy For our Group Customers and Business Partners

HIPAA Privacy For our Group Customers and Business Partners HIPAA Privacy For our Group Customers and Business Partners AmeriHealth HMO, Inc. AmeriHealth Insurance Company of New Jersey QCC Insurance Company, d/b/a AmeriHealth Insurance Company HIPAA, The Health

More information

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES

HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):

More information

CancerLinQ Data Quality Management Policies

CancerLinQ Data Quality Management Policies CancerLinQ Data Quality Management Policies I. Introduction CancerLinQ is committed to conquering cancer through appropriate, secure and ethical usage of health information entrusted to the CancerLinQ

More information

HIPAA Privacy & Security Training for Clinicians

HIPAA Privacy & Security Training for Clinicians HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

HIPAA PRIVACY POLICIES AND PROCEDURES

HIPAA PRIVACY POLICIES AND PROCEDURES HIPAA PRIVACY POLICIES AND PROCEDURES FOR MOTT COMMUNITY COLLEGE NOVEMBER 18, 2004 PREPARED BY: KUSHNER & COMPANY 2427 WEST CENTRE AVENUE PORTAGE, MICHIGAN 49024 (269) 342-1700 WWW.KUSHNERCO.COM EMPLOYEE

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

G REATER H OUSTON H EALTHCONNECT. HIPAA/HITECH Privacy Compliance Manual

G REATER H OUSTON H EALTHCONNECT. HIPAA/HITECH Privacy Compliance Manual G REATER H OUSTON H EALTHCONNECT HIPAA/HITECH Privacy Compliance Manual Adopted by the Board of Directors on December 14, 2011and amended on September 12, 2012 and February 27, 2013 TABLE OF CONTENTS Page

More information

4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.

4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set. IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Limited Data Sets and Data Use Agreements 10200 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf

More information

A Privacy and Information Security Guide for UCLA Workforce. HIPAA and California Privacy Laws

A Privacy and Information Security Guide for UCLA Workforce. HIPAA and California Privacy Laws A Privacy and Information Security Guide for UCLA Workforce HIPAA and California Privacy Laws A Privacy and Information Security Guide for UCLA Workforce HIPAA and California Privacy Laws Table of Contents

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available

More information

Use or Disclosure of PHI

Use or Disclosure of PHI BRICKLAYERS AND ALLIED CRAFTWORKERS LOCAL 1 OF PA/DE HEALTH AND WELFARE FUND NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION (Effective September 23, 2013) THIS NOTICE DESCRIBES HOW MEDICAL

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

PRIVACY IMPLEMENTATION HANDBOOK PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE

PRIVACY IMPLEMENTATION HANDBOOK PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE PRIVACY IMPLEMENTATION HANDBOOK PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE Revised September 2013 TABLE OF CONTENTS 1.0 OVERVIEW... 6 1.1 Purpose of Handbook... 7 2.0 DEFINITIONS... 7 3.0 PRIVACY OFFICIALS...

More information

SDC-League Health Fund

SDC-League Health Fund SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: health@sdcweb.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION

More information

VENDOR / CONTRACTOR. Privacy Basics

VENDOR / CONTRACTOR. Privacy Basics VENDOR / CONTRACTOR Privacy Basics Introduction Premera s mission is to provide our customers with peace of mind about their healthcare. This requires that everyone who works with or for Premera (the Company

More information

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners The HIPAA Security Rule Primer A Guide For Mental Health Practitioners Distributed by NASW Printer-friendly PDF 2006 APAPO 1 Contents Click on any title below to jump to that page. 1 What is HIPAA? 3 2

More information

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY Purpose: The following privacy policy is adopted to ensure that the Sarasota County Government Employee Medical Benefit Plan

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

District of Columbia Health Information Exchange Policy and Procedure Manual

District of Columbia Health Information Exchange Policy and Procedure Manual District of Columbia Health Information Exchange Policy and Procedure Manual HIPAA Privacy & Direct Privacy Policies (Version 1 November 27, 2012) Table of Contents Policy # Policy/Procedure Description

More information

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA) Sí necesita ayuda para traducir esta información, por favor comuníquese con el departamento de Servicios a miembros de Highmark Delaware al número al réves de su tarjeta de identificación de Highmark Delaware.

More information

Schindler Elevator Corporation

Schindler Elevator Corporation -4539 Telephone: (973) 397-6500 Mail Address: P.O. Box 1935 Morristown, NJ 07962-1935 NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU

More information

[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :

[Insert Name and Address of Data Recipient] Data Use Agreement. Dear : [Insert Name and Address of Data Recipient] Re: Data Use Agreement Dear : The federal Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (collectively referred

More information

What is Covered by HIPAA at VCU?

What is Covered by HIPAA at VCU? What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,

More information

University of Mississippi Medical Center Office of Integrity and Compliance

University of Mississippi Medical Center Office of Integrity and Compliance Office of Integrity and Effective Date: 2005 By: Committee 1.0 PURPOSE The purpose of this policy is to guide (UMMC) employees, who are involved with research, in obtaining an authorization for the use

More information

HIPAA BREACH RESPONSE POLICY

HIPAA BREACH RESPONSE POLICY http://dhmh.maryland.gov/sitepages/op02.aspx (OIG) DHMH POLICY 01.03.07 Effective Date: July 22, 2014 I. EXECUTIVE SUMMARY The Department of Health and Mental Hygiene (DHMH) is committed to protecting

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

HIPAA In The Workplace. What Every Employee Should Know and Remember

HIPAA In The Workplace. What Every Employee Should Know and Remember HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,

More information

Category: Patient Information Number: 4.003.3. Use and Disclosure of Protected Health Information

Category: Patient Information Number: 4.003.3. Use and Disclosure of Protected Health Information Applies: All Staff and Clients/Caregivers Page: 1 of 11 Purpose: To ensure that all THS Staff and Caregivers understand the permissible and required uses and disclosure of protected health information.

More information

Virginia Commonwealth University Information Security Standard

Virginia Commonwealth University Information Security Standard Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,

More information

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996 HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title

More information